MetroLab

Resources Library for the Model Data Governance Policy & Practice Guide

06.20.23 | 17 min read

This is a section of the Model Data Governance Policy & Practice Guide for Cities and Counties. Learn more about the report and find the other sections here.

This library of Data Governance resources has been compiled in conjunction with the Task Force initiative, and contains links to a wide range of policies, practice tools, and associated background readings. Both the Guide and the Resources Library are meant to be “living” instruments accessible on the MetroLab Network website that can be updated, expanded, and refined over time.

Privacy Principles

The City of Seattle Privacy Principles | Seattle, Washington – 02/23/2015

Six privacy principles adopted by the city of Seattle regarding data collection.

Privacy Principles – Resolution No. 88701 | Oakland, California – 03/03/2020

The city council of Oakland established a resolution NO. 88701 that states seven privacy principles to protect the privacy of all Oakland residents, visitors, and the public. 

Data Privacy and Information Protection Principles for the City of Portland | Portland, Oregon – 06/19/2019

Data Privacy and Information Protection Principles was adopted by the city of Portland in order to protect private and sensitive data managed by the city or those working on behalf of the city.

Data Privacy Principles | Kansas City, Missouri 

Kansas City created data privacy principles in order to be a more transparent and accountable government while protecting the privacy of their citizens.

Data Privacy Principles | ​​Minneapolis, Minnesota

The city council of Minneapolis adopted a data privacy principles resolution to incorporate shared values regarding data governance.

Data Privacy Principles | Hillsboro, Oregon 

The city of Hillsboro adopted five data privacy principles in order to improve their data governance.

Privacy Principles | ​​Mesa, Arizona

The city of Mesa adopted six privacy principles in order to protect the privacy of public information.

Public Data Principles | Boston, Massachusetts

The city of Boston adopted six public data principles to guide their data collection process and management infrastructure.

Link: https://www.boston.gov/departments/new-urban-mechanics/building-public-data-principles 

Privacy Principles | Arlington, Virginia 

The city of Arlington created privacy principles in order to improve and guide their data governance.

Privacy Principles | Syracuse, NY 

The city of Syracuse built a section of privacy principles as part of their data privacy policy guide. 

Privacy Principles | San José, California – 12/08/2020

The city of San José passed a digital privacy policy in which they included their privacy principles. 

Privacy Principles for Mobility Data 

These privacy principles are designed to guide the management of data in the mobility ecosystem. 

Data Privacy Plan | Columbus, Ohio – 02/08/2019 

The city of Columbus drafted a data privacy plan that provides an overarching framework for the ways in which Smart Columbus will protect the security of personal information that it collects and uses, and the privacy of the individuals to whom this information pertains. 

Privacy Impact Assessments 

Seattle Privacy Impact Assessment

This assessment conducts a review of how data is being collected and managed while determining different privacy risks. 

Privacy Impact Assessment Policies Help Cities Use and Share Data Responsibly with their Communities by Future of Privacy Forum 

This is a model dedicated for the government and communities working with personal data collected from smart city solutions. 

Data Management 

Data Management Strategy Overview | Dallas, Texas 

The city of Dallas created a Data management strategy in order to improve their data governance practices. 

Texas Data Management Framework Fast Start Learning Guide | State of Texas Office of Chief Data Officer 

This guide provides a summary of the DAMA DMBOK with a remark on practical principles and application for government. 

San Francisco Data Management Policy, Section 1.0 01/17/19

San Francisco created a Data Management Policy. 

Fostering Civic Trust: A Policy Guide for Municipal Leaders by USIgnite 

This guide shows municipal leaders how to make informed decisions by explaining an ecosystem of civic trust: equity, data governance, privacy, cybersecurity, community engagement and equity. 

US Ignite’s Fostering Civic Trust Guide (pg. 21-26)

This guide, created by USIgnite, provided a policy guide for municipal leaders; however, section 1.3 highlights the key consideration for data sharing specifically. 

The Data Assembly – Responsible Data Re-Use Framework 

The GovLab and Henry Luce Foundation created this data assembly report in order to highlight the importance of re-use data especially after the covid-19 pandemic. 

Responsible Data Stewardship from Open Data Institute (OPI) – London 

This guide illustrates how to implement responsible data stewardship, and it highlights several principles to consider. 

Mobility Data State of Practice from Open Mobility Foundation  

This document compiles several data resources for cities to use as examples such as privacy principles, open data policies, data sharing, and so on. 

Beeck Center Data Labs Playbook by Georgetown University

This is a Data Labs Playbook that serves as a guide for public servants who are interested in launching a data-informed project in their state.  

Data Management by NYC – Guidelines for Internet of Things 

This is an example of how NYC manages, collects, and processes data

Defining a Data Intermediary from Civic Switchboard Guide

These are three strategies to identify a data intermediary

Dataset Inventory | San Francisco, California 

This is an example of a dataset inventory provided by the city of San Francisco. 

San José Digital Privacy and AI Manual 05/16/2023

This manual aims to guide the city of San José on matters of digital privacy and artificial intelligence. 

TOOL: What Works Cities (WWC) 

WWC has a certification program that cities can take in order to become more data driven. 

TOOL: Resource Library from the city of San Francisco 

The city of San Francisco has been working closely with data; therefore, they created this resource library that includes their data resources such as data toolkits and open data metrics

Open Data Policies

Open Data Policy and Technical Standards Manual for the City and County of Honolulu | Honolulu, Hawaii 06/2022

This is a manual regarding open data policy created by the city of Honolulu in order to improve their open data practices. 

Open Data Policy | Boulder, Colorado 

This open data policy was established to provide transparent and secure open data in Boulder county. 

Open and Protected Data Policy | Boston, Massachusetts

The city of Boston created an open and protected data policy in order to improve their data governance. 

Executive Order 02-2013: Establishment of Open Data Policy and Portal for Public Information | South Bend, Indiana 

South Bend established an executive order NO. 2-2013 that will describe open data policy and portal for public information. 

Seattle Open Data Policy 02/01/2016

This Open Data Policy defines the principles governing City of Seattle Open Data and describes the expectations for department participation and governance of the Seattle open data program. 

City of Charlotte Open Data Policy | Charlotte, North Carolina 01/01/2015 

The city of Charlotte adopted an open data policy

Open Data Policy Section 2-2130 | Kansas City, Missouri 10/22/2015

The city council of Kansas City passed an ordinance NO. 150865 that states an open data policy in order to promote openness and transparency while protecting the privacy of their citizens. 

Open Data Executive Order | Louisville, Kentucky 10/15/2013

The city of Louisville passed an executive order that established their open data policy in order to improve their data governance. 

Seattle Open Data Program

Seattle has an open data program, in which they also include several open data resources. 

Open Data Standard Operating Procedure (SOP) Manual | City of Aurora, Illinois Revised 12/02/2022

This is a manual created by the city of Aurora that focuses on open data in order to improve their data practices. 

TOOL: US City Open Data Census 

This site illustrates an overview of the degree of openness of specific key dataset in cities across the United States.

TOOL: Open Data from New York City 

New York City has a website that provides different resources to find or request open data

TOOL: Mapping Data Ecosystem from the Open Data Institute (OPI) London 

This guide provides a tool for documenting and mapping the data ecosystem. 

TOOL: City of Aurora Open Data Portal

This is an open data portal that allows the public to access open data of the city of Aurora. 

Data Governance Policies

Protected Data Privacy Policy Executive Order NO. 143 | City of Denver, Colorado 02/16/2018 

The mayor, Michael B. Hancock, passed an executive order NO. 143 that established a protected data privacy policy for the city and county of Denver. 

Establish Privacy and Information Protection Principles for how the City collects, uses, manages, and disposes of data and information presentation –  Resolution NO. 37437 | Portland, Oregon 06/19/2019 

The city of Portland passed a resolution NO. 37437, which established privacy and information protection principles that the city will follow when gathering data. 

District of Columbia Data Policy – Mayor’s Order 2017-115 | Washington DC – 04/27/2017 & Amended 06/18/2018

This is a mayor’s order that provides a comprehensive data policy for the District of Columbia government. 

Personal Data Collection and Protection Ordinance | City of Chicago, Illinois 

The city of Chicago passed an ordinance that regulates how operators collect sensitive customer personal information through the Internet about individual consumers in the city of Chicago. 

Data Collection Policy | South Bend, Indiana

The city of South Bend has incorporated a data collection policy that states how they collect, manage, and publish data. 

Resolution – 20111208074 | Austin, Texas – 12/08/2011

The city of Austin passed a resolution NO. 20111208074

Data Privacy Guidelines 01/2021 | Long Beach, California

Long Beach created a data privacy guideline that incorporates data privacy principles and guidelines when working with data. 

Seattle Privacy Program 

Seattle has implemented a privacy program.

Using MDS under GDPR 

This guide is specifically for European nations since it is related to the General Data Protection Regulation, which is European Union regulation; however, it can be an interesting reading for cities.

Data Quality Standards and Review Process | New York City, New York 

NYC Open Data Team and Office of Technology and Innovation created a guide with data quality standards for Open Data Coordinators and Data owners to follow. 

Privacy Policy for Smart.Columbus.gov | Columbus, Ohio 

The city of Columbus created this privacy policy that will be applied when the city or its partners are collecting personal information. 

California Consumer Privacy Act (CCPA) 2018 

This act allows consumers to have more control over their personal information when businesses are collecting that information. 

NYC Guidelines for the Internet of Things (IoT) Privacy + Transparency 

This website illustrates how the city of IoT provides privacy and transparency to their residents. 

Data Sharing Agreements

Data Sharing MOU (Memorandum of Understanding) template

This template, made by Arlington County, illustrates a MOU between university partners, and data classification guidelines as well

Data Labs: Roadmap to Recovery Example Data Sharing Agreements (or MOUs/MOAs)

This is a collection of examples and articles about Data Sharing MOUs from Beeck Center (at Georgetown University).

Enterprise Memorandum of Understanding by the state of Connecticut  

This is an example E-MOU presented between several parties such as the State Board of Education, Office of Early Childhood, and so on, and Connecticut Office of Policy and Management, and Connecticut Department of Labor. 

Memorandum of Understanding by the state of Kentucky

This is an example between different state agencies to audit/evaluate education programs and to authorize the release and use of confidential data. 

SBA Disaster Data Sharing MOU and Instructions 

This document, provided by the U.S. Small Business Administration, drafts an example for local and state governments who are entering into a MOU with the Office of Capital Accessd in order to prevent duplication of benefits. 

 NCDHSS Data Sharing Guidebook

This guide, created by the North Carolina Department of Health and Human Services, provides clear processes for data sharing and integration.

State of Connecticut Data Sharing Playbook 

This is an example of an operationalization focused playbook that includes data sharing that includes templates and walkthroughs. 

Assessing risk when sharing data: a guide from the Open Data Institute (OPI) | London 

This guide provides the early steps organizations need to take when sharing data in order to reduce and manage the risks. 

Platform Urbanism Data Sharing (PUDS) Policy Hub and its Best Practices Recommendations 

This is a two-part resource providing relevant recommendations and supporting materials regarding Data Sharing linked to policies from several jurisdictions. 

Data Labs 

Data Labs presented a series of case studies for data owners, especially those working with PII (Personal Identifiable Information) on how to improve their data practices. 

Beatriz Botero Arcila, The Case for Local Data Sharing Ordinances, 30 Wm. & Mary Bill Rts. 1015 (2022) 

This is an academic article that describes the current relationship between the Fourth Amendment and privacy laws when sharing data. 

Megan Marini, Troy Simpson, and Priyanka Jain, A Rhode Trip: Lessons for the Future of Mobility From the Little Roady Autonomous Microstransit Pilot (2022)

This article talks about the Little Roady pilot project and the challenges of data sharing limitations. 

TOOL: What Works Cities (WWC)  

WWC has a certification program that cities can take in order to become more data driven. 

TOOL: Data Collaboratives Explorer from GOVLAB

GOVLAB provides data collaboration between public and private partnerships across the globe, so they can create public value. 

TOOL: Contractors for Data Collaboration (C4DC)

C4DC aims to improve understanding of the legal conditions that can enable effective data collaboration.

Cybersecurity

Integrating Cybersecurity and Enterprise Risk Management (ERM) NISTIR 8266 (National Institute of Standards and Technology US Department of Commerce) 

This is a publication by NISTIR that highlights the importance of cybersecurity risk in all enterprises because of the frequency and increase of cyberattacks. 

The NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management

This tool provides better privacy practices that will support organizations to protect individuals’ privacy.

Framework for Improving Critical Infrastructure Cybersecurity by NIST 

This website provides several standards, and a cybersecurity framework. 

ISO/IEC 27001 Information security management systems 

These are standards for information security management systems (ISMS) for companies of all sizes. 

ISO/IEC 27002 Information Security, cybersecurity, and privacy protection Information security controls

This is a document that provides organizations with generic information on security controls. 

Standards for Security Categorization of Federal Information and Information System FIPS 199

This document is provided by NITS, and it states a standard for categorizing federal information and information systems. 

Citywide Cybersecurity Policy | San Francisco, California 

San Francisco created a citywide cybersecurity policy in order to support, maintain, and secure data systems.

Information Security Policy | Chicago, Illinois 

This policy states the role for data security, requirements for protecting sensitive data, and mission critical systems, and protects the city’s systems and data

Cybersecurity Best Practices for Smart Cities 

This guidance was created by different countries’ cybersecurity agencies in order to integrate information and communication technologies, community wide data, and operational technology. 

PCI (Payment Card Industry) Privacy Security Council 

This is a global forum dedicated to protect account data security by developing standards and resources in the payment card industry. 

Security from NYC Internet of Things 

This is an example of how the aspect of security regarding data is handled in NYC. 

San Francisco City-wide IT focused Disaster Preparedness, Response, Recovery, and Resilience Policy 

San Francisco developed a DPR3 that will ensure the delivery of public services during, and after a disaster.

Data Classifications

Data Classification Standard | San Francisco, California

The city of San Francisco created a data classification standard that requires departments inside the city government to categorize and label data per classification levels. 

Data Policy Dataset Classification | Washington DC, District of Columbia

Washington, DC created a data policy that also provides dataset classification that other cities can utilize. 

Data Security: Policies and Regulations Impacting Research Data from University of North Carolina 

This provides a definition for sensitive data, and level of sensitive information followed by University of North Carolina. 

Operationalization

Appointment of Chief Data Officer Resolution NO. 2019-30869 | Miami, Florida 06/26/2019 

This is an example of a resolution issued by the mayor and city of Miami to appoint a data chief officer and its responsibilities. 

Eight Strategies for Chief Data Officers to create and demonstrate value by Harvard Business Review 

This article illustrates different strategies that Chief Data Officers can implement to strengthen their value. 

DatSF Guidebook: Data Coordinators Edition

This guide is directly to Data Coordinators in the city and county of San Francisco to provide guidance in their new role. 

The Chief Data Officer in Government 

This is a playbook created by Deloitte Center for Government Insights that provides roles and responsibilities for a government Chief Data Officer (p. 3-4). 

Checklist: The city of Asheville, NC Technology Procurement Checklist 

This is an example of questions that the city of Asheville asked when purchasing technology. 

TOOL: Data Ethics Maturity Model: Benchmarking your approach to data ethics from the Open Data Institute (OPI) |  London 

This tool allows organizations that work with data to benchmark their maturity in relation with data ethics. 

Community Engagement and Resident Feedback

CUTGroup Chicago Engaged their community (pg. 1)

This is the completed guide that explains the CUTGroup in detail. 

Chicago Tech Collaborative CUTGroup

It shows the latest projects CUTGroup Chicago has been working on. 

CUTGruops Detroit

It is a tester pool that brings Detroit residents to evaluate civic websites and apps, and it also provides several data literacy training sessions.

CUTGroups Seattle 

This article describes the creation of Civic User Testing Group in the city of Seattle.

The Spectrum of Community Engagement Ownership 

This guide was provided by the Facilitating Power and it draws a pathway for local democracies to strengthen and transform.

An opportunity for community leaders 

This article presented by SmartCity PDX, in which states two innovative ways for engaging community leaders. 

Community Leads Request for Smart City PDX Program 

This is an example provided by the city of Portland regarding a position as community leads in order to close the gap between technology and marginalized communities. 

Link: 

https://static1.squarespace.com/static/5967c18bff7c50a0244ff42c/t/611adc797143ff4af062e56e/1629150329289/Community+Leads+Request+for+Qualifications+Due+Sept+7+2021+at+5pm.pdf 

Participatory Data Stewardship 

This is a report provided by Ada Lovelace Institute that provides a framework for involving people in use of data. 

City Leader Guide on Civic Engagement from Bloomerang Harvard 

This guide provides analytic tools for city leaders to engage residents in public problem-solving, and facilitating innovative practices. 

OECD Innovative Citizen Participation and New Democratic Institutions: Catching the Deliberative Wave

This is an informative resource that provides several models of deliberative processes

IAP2 Spectrum of Public Participation

This is an example of how to collect public participation.

Seattle Community Technology Board 

The city of Seattle created a community technology board, which provides recommendations to the Mayor and City Council regarding information and communications technology as well as effective electronic civic engagement.

TOOL: KC Digital Drive, Code for KC and Missouri Western University launch Kansas City’s First Civic UX testing group 

Civic UX Testing group is a tool created by KC Digital drive with the goal to build technology applications to help resolve social and civic issues.

Chicago Tech Collaborative’s Civic Design & User Testing initiative (“CUTGroup”)

CUTGroup is a civic engagement program that provides a space to Chicago residents to contribute to emerging technology while providing feedback to public, privacy and social sector partners. 

Additional Background Readings

Legal Technology Laboratory 

The Legal Technology Laboratory is a community of practice platform designed to promote collaborations by innovators at intersections of law, technology, education, and entrepreneurship and empower multidisciplinary teams to address social, civic, and economic development challenges with technology-assisted solutions and data-driven policy development.

General Services Administration, Rules and Policies Protecting PII Privacy Act (11/15/2018) 

The U.S. General Services and Administration drafted a set of rules and behaviors to follow when handling personally identifiable information. 

NYC Internet of Things 

NYC Internet of Things along with other 35 cities help government and their partners to responsibly deploy connected devices and IoT (Internet of Things) technologies

​​Cf. REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL 

On 27 April 2016. On the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation-“GDPR”) – Paragraph 32. This is a regulation established by the European Parliament that states the importance of protecting one’s personal data.

Algorithmic bias detention and mitigation: Best Practices and policies to reduce consumer harms

This article was published by the Brookings in 2019, it describes the current mass-scale digitization of data and the consequences of it in different sectors such as in economics, transportations, retail, and other areas. 

Bias Mitigation in Data Sets 

This article describes the different ways bias can happen in datasets, and it was published by SOCARXIV, an open archive of social science.

Michael Juerens, Social Media Risks Create an Expanded Role for Internal Audit from The Wall Street Journal (08/06/2013)

The Wall Street Journal published an article describing the different threats that social media can create; therefore, it is crucial to create internal audits. 

Beatriz Botero Arcila, Sharing Data in the Sharing Economy: Policy Recommendations for Local Governments. 9 Indiana J. Law and Society Equity 1 (2021)

Indiana Journal of Law and Social Equality published this academic article that provides policy recommendations when daring data in the sharing economy.

The City needs to make realistic commitments to voters and ensure they are delivered

This is an example of an audit made to the city of Portland regarding accountability for voter-approved taxes. 

Data Labs 

Data Labs presented a series of case studies for data owners, especially those working with PII (Personal Identifiable Information) on how to improve their data practices. 

Privacy Guide For Cities & Public Agencies from Open Mobility Foundation 03/17/2023

This guide was developed by the Open Mobility Foundation and the Privacy, Security, and Transparency Committee to orient cities as technologies transform cities’ transportation networks

Mozilla’s framework notes for data commons governance 

This article provides a framework when applying Ostrom’s principles to data commons governance. 

The softer side for data governance: a playbook for non-technical users from the Open Data Institute (OPI) | London 

This playbook is directly to non-technical users leaders in the healthcare field who work with data on their daily basis.  

Sovereign immunity in the age of continuous cyber warfare 07/15/2015 

This article describes the importance of sovereign immunity, and its implication against cyber attacks. 

Distinguishing Between Governmental and Property Functions (Chapter 2 of Local Government Immunity to Lawsuits in North Carolina (2018) 

This chapter talks about the origin of the distinction in immunity cases and its relationship with the judiciary’s role. 

Sean Andrés Rapela, The Ugly Truth Cyber Security Insurance & Governmental Data Breaches, 21 J. High Tech. L. 242 (2021) 

This academic article states the increased number of cyberattacks while also proposing a cyber relief program. 

Rebekah Luna, Stranger Danger!: How Hackers Break Into School Databases to Steal Student Data, and What Legislatures Should Do About It, 54 Tex. Tech L. Re. 381 (2022) 

This academic article refers to schools as easy targets for cyber attacks due to the lack of legislation in this matter. 

How to know you are a “data intermediary” under the Data Governance Act from the International Association of Privacy Professionals (IAPP) 

This is an article that describes the roles of data intermediary while following the Data Governance Act

FOIA (Freedom of Information Act) 

This is the central website for FOIA that cities can check for any new regulations. 

European Union’s General Data Protection Regulation (GDPR)

This is a resource that will help organizations and individuals when working with the General Data Protection of the European Union. 

Privacy Definition & Legal Meaning in the online version of Black’s Law Dictionary (2ND Ed.)

This website provides a legal definition of privacy, and divides it into four categories. 

Cities Partner on Model Policy for Handling Municipal Data

This article was published by Government Technology in 2020, and it provides some insight regarding the early stages of the Data Governance Policy