Resources Library for the Model Data Governance Policy & Practice Guide
This library of Data Governance resources has been compiled in conjunction with the Task Force initiative, and contains links to a wide range of policies, practice tools, and associated background readings. Both the Guide and the Resources Library are meant to be “living” instruments accessible on the MetroLab Network website that can be updated, expanded, and refined over time.
Privacy Principles
The City of Seattle Privacy Principles | Seattle, Washington – 02/23/2015
Six privacy principles adopted by the city of Seattle regarding data collection.
Privacy Principles – Resolution No. 88701 | Oakland, California – 03/03/2020
The city council of Oakland established a resolution NO. 88701 that states seven privacy principles to protect the privacy of all Oakland residents, visitors, and the public.
Data Privacy and Information Protection Principles for the City of Portland | Portland, Oregon – 06/19/2019
Data Privacy and Information Protection Principles was adopted by the city of Portland in order to protect private and sensitive data managed by the city or those working on behalf of the city.
Data Privacy Principles | Kansas City, Missouri
Kansas City created data privacy principles in order to be a more transparent and accountable government while protecting the privacy of their citizens.
Data Privacy Principles | Minneapolis, Minnesota
The city council of Minneapolis adopted a data privacy principles resolution to incorporate shared values regarding data governance.
Data Privacy Principles | Hillsboro, Oregon
The city of Hillsboro adopted five data privacy principles in order to improve their data governance.
Privacy Principles | Mesa, Arizona
The city of Mesa adopted six privacy principles in order to protect the privacy of public information.
Public Data Principles | Boston, Massachusetts
The city of Boston adopted six public data principles to guide their data collection process and management infrastructure.
Link: https://www.boston.gov/departments/new-urban-mechanics/building-public-data-principles
Privacy Principles | Arlington, Virginia
The city of Arlington created privacy principles in order to improve and guide their data governance.
Privacy Principles | Syracuse, NY
The city of Syracuse built a section of privacy principles as part of their data privacy policy guide.
Privacy Principles | San José, California – 12/08/2020
The city of San José passed a digital privacy policy in which they included their privacy principles.
Privacy Principles for Mobility Data
These privacy principles are designed to guide the management of data in the mobility ecosystem.
Data Privacy Plan | Columbus, Ohio – 02/08/2019
The city of Columbus drafted a data privacy plan that provides an overarching framework for the ways in which Smart Columbus will protect the security of personal information that it collects and uses, and the privacy of the individuals to whom this information pertains.
Privacy Impact Assessments
Seattle Privacy Impact Assessment
This assessment conducts a review of how data is being collected and managed while determining different privacy risks.
Privacy Impact Assessment Policies Help Cities Use and Share Data Responsibly with their Communities by Future of Privacy Forum
This is a model dedicated for the government and communities working with personal data collected from smart city solutions.
Data Management
Data Management Strategy Overview | Dallas, Texas
The city of Dallas created a Data management strategy in order to improve their data governance practices.
Texas Data Management Framework Fast Start Learning Guide | State of Texas – Office of Chief Data Officer
This guide provides a summary of the DAMA DMBOK with a remark on practical principles and application for government.
San Francisco Data Management Policy, Section 1.0 – 01/17/19
San Francisco created a Data Management Policy.
Fostering Civic Trust: A Policy Guide for Municipal Leaders by USIgnite
This guide shows municipal leaders how to make informed decisions by explaining an ecosystem of civic trust: equity, data governance, privacy, cybersecurity, community engagement and equity.
US Ignite’s Fostering Civic Trust Guide (pg. 21-26)
This guide, created by USIgnite, provided a policy guide for municipal leaders; however, section 1.3 highlights the key consideration for data sharing specifically.
The Data Assembly – Responsible Data Re-Use Framework
The GovLab and Henry Luce Foundation created this data assembly report in order to highlight the importance of re-use data especially after the covid-19 pandemic.
Responsible Data Stewardship from Open Data Institute (OPI) – London
This guide illustrates how to implement responsible data stewardship, and it highlights several principles to consider.
Mobility Data State of Practice from Open Mobility Foundation
This document compiles several data resources for cities to use as examples such as privacy principles, open data policies, data sharing, and so on.
Beeck Center Data Labs Playbook by Georgetown University
This is a Data Labs Playbook that serves as a guide for public servants who are interested in launching a data-informed project in their state.
Data Management by NYC – Guidelines for Internet of Things
This is an example of how NYC manages, collects, and processes data.
Defining a Data Intermediary from Civic Switchboard Guide
These are three strategies to identify a data intermediary.
Dataset Inventory | San Francisco, California
This is an example of a dataset inventory provided by the city of San Francisco.
San José Digital Privacy and AI Manual – 05/16/2023
This manual aims to guide the city of San José on matters of digital privacy and artificial intelligence.
TOOL: What Works Cities (WWC)
WWC has a certification program that cities can take in order to become more data driven.
TOOL: Resource Library from the city of San Francisco
The city of San Francisco has been working closely with data; therefore, they created this resource library that includes their data resources such as data toolkits and open data metrics.
Open Data Policies
Open Data Policy and Technical Standards Manual for the City and County of Honolulu | Honolulu, Hawaii – 06/2022
This is a manual regarding open data policy created by the city of Honolulu in order to improve their open data practices.
Open Data Policy | Boulder, Colorado
This open data policy was established to provide transparent and secure open data in Boulder county.
Open and Protected Data Policy | Boston, Massachusetts
The city of Boston created an open and protected data policy in order to improve their data governance.
Executive Order – 02-2013: Establishment of Open Data Policy and Portal for Public Information | South Bend, Indiana
South Bend established an executive order NO. 2-2013 that will describe open data policy and portal for public information.
Seattle Open Data Policy – 02/01/2016
This Open Data Policy defines the principles governing City of Seattle Open Data and describes the expectations for department participation and governance of the Seattle open data program.
City of Charlotte Open Data Policy | Charlotte, North Carolina – 01/01/2015
The city of Charlotte adopted an open data policy.
Open Data Policy – Section 2-2130 | Kansas City, Missouri – 10/22/2015
The city council of Kansas City passed an ordinance NO. 150865 that states an open data policy in order to promote openness and transparency while protecting the privacy of their citizens.
Open Data – Executive Order | Louisville, Kentucky – 10/15/2013
The city of Louisville passed an executive order that established their open data policy in order to improve their data governance.
Seattle Open Data Program
Seattle has an open data program, in which they also include several open data resources.
Open Data Standard Operating Procedure (SOP) Manual | City of Aurora, Illinois – Revised 12/02/2022
This is a manual created by the city of Aurora that focuses on open data in order to improve their data practices.
TOOL: US City Open Data Census
This site illustrates an overview of the degree of openness of specific key dataset in cities across the United States.
TOOL: Open Data from New York City
New York City has a website that provides different resources to find or request open data.
TOOL: Mapping Data Ecosystem from the Open Data Institute (OPI) – London
This guide provides a tool for documenting and mapping the data ecosystem.
TOOL: City of Aurora Open Data Portal
This is an open data portal that allows the public to access open data of the city of Aurora.
Data Governance Policies
Protected Data Privacy Policy – Executive Order NO. 143 | City of Denver, Colorado – 02/16/2018
The mayor, Michael B. Hancock, passed an executive order NO. 143 that established a protected data privacy policy for the city and county of Denver.
Establish Privacy and Information Protection Principles for how the City collects, uses, manages, and disposes of data and information presentation – Resolution NO. 37437 | Portland, Oregon – 06/19/2019
The city of Portland passed a resolution NO. 37437, which established privacy and information protection principles that the city will follow when gathering data.
District of Columbia Data Policy – Mayor’s Order 2017-115 | Washington DC – 04/27/2017 & Amended 06/18/2018
This is a mayor’s order that provides a comprehensive data policy for the District of Columbia government.
Personal Data Collection and Protection Ordinance | City of Chicago, Illinois
The city of Chicago passed an ordinance that regulates how operators collect sensitive customer personal information through the Internet about individual consumers in the city of Chicago.
Data Collection Policy | South Bend, Indiana
The city of South Bend has incorporated a data collection policy that states how they collect, manage, and publish data.
Resolution – 20111208074 | Austin, Texas – 12/08/2011
The city of Austin passed a resolution NO. 20111208074.
Data Privacy Guidelines – 01/2021 | Long Beach, California
Long Beach created a data privacy guideline that incorporates data privacy principles and guidelines when working with data.
Seattle Privacy Program
Seattle has implemented a privacy program.
Using MDS under GDPR
This guide is specifically for European nations since it is related to the General Data Protection Regulation, which is European Union regulation; however, it can be an interesting reading for cities.
Data Quality Standards and Review Process | New York City, New York
NYC Open Data Team and Office of Technology and Innovation created a guide with data quality standards for Open Data Coordinators and Data owners to follow.
Privacy Policy for Smart.Columbus.gov | Columbus, Ohio
The city of Columbus created this privacy policy that will be applied when the city or its partners are collecting personal information.
California Consumer Privacy Act (CCPA) – 2018
This act allows consumers to have more control over their personal information when businesses are collecting that information.
NYC Guidelines for the Internet of Things (IoT) – Privacy + Transparency
This website illustrates how the city of IoT provides privacy and transparency to their residents.
Data Sharing Agreements
Data Sharing MOU (Memorandum of Understanding) template
This template, made by Arlington County, illustrates a MOU between university partners, and data classification guidelines as well.
Data Labs: Roadmap to Recovery Example Data Sharing Agreements (or MOUs/MOAs)
This is a collection of examples and articles about Data Sharing MOUs from Beeck Center (at Georgetown University).
Enterprise Memorandum of Understanding by the state of Connecticut
This is an example E-MOU presented between several parties such as the State Board of Education, Office of Early Childhood, and so on, and Connecticut Office of Policy and Management, and Connecticut Department of Labor.
Memorandum of Understanding by the state of Kentucky
This is an example between different state agencies to audit/evaluate education programs and to authorize the release and use of confidential data.
SBA Disaster Data Sharing MOU and Instructions
This document, provided by the U.S. Small Business Administration, drafts an example for local and state governments who are entering into a MOU with the Office of Capital Accessd in order to prevent duplication of benefits.
NCDHSS Data Sharing Guidebook
This guide, created by the North Carolina Department of Health and Human Services, provides clear processes for data sharing and integration.
State of Connecticut Data Sharing Playbook
This is an example of an operationalization focused playbook that includes data sharing that includes templates and walkthroughs.
Assessing risk when sharing data: a guide from the Open Data Institute (OPI) | London
This guide provides the early steps organizations need to take when sharing data in order to reduce and manage the risks.
Platform Urbanism Data Sharing (PUDS) Policy Hub and its Best Practices Recommendations
This is a two-part resource providing relevant recommendations and supporting materials regarding Data Sharing linked to policies from several jurisdictions.
Data Labs
Data Labs presented a series of case studies for data owners, especially those working with PII (Personal Identifiable Information) on how to improve their data practices.
Beatriz Botero Arcila, The Case for Local Data Sharing Ordinances, 30 Wm. & Mary Bill Rts. 1015 (2022)
This is an academic article that describes the current relationship between the Fourth Amendment and privacy laws when sharing data.
Megan Marini, Troy Simpson, and Priyanka Jain, A Rhode Trip: Lessons for the Future of Mobility From the Little Roady Autonomous Microstransit Pilot (2022)
This article talks about the Little Roady pilot project and the challenges of data sharing limitations.
TOOL: What Works Cities (WWC)
WWC has a certification program that cities can take in order to become more data driven.
TOOL: Data Collaboratives Explorer from GOVLAB
GOVLAB provides data collaboration between public and private partnerships across the globe, so they can create public value.
TOOL: Contractors for Data Collaboration (C4DC)
C4DC aims to improve understanding of the legal conditions that can enable effective data collaboration.
Cybersecurity
Integrating Cybersecurity and Enterprise Risk Management (ERM) – NISTIR 8266 (National Institute of Standards and Technology – US Department of Commerce)
This is a publication by NISTIR that highlights the importance of cybersecurity risk in all enterprises because of the frequency and increase of cyberattacks.
The NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management
This tool provides better privacy practices that will support organizations to protect individuals’ privacy.
Framework for Improving Critical Infrastructure Cybersecurity by NIST
This website provides several standards, and a cybersecurity framework.
ISO/IEC 27001 – Information security management systems
These are standards for information security management systems (ISMS) for companies of all sizes.
ISO/IEC 27002 – Information Security, cybersecurity, and privacy protection – Information security controls
This is a document that provides organizations with generic information on security controls.
Standards for Security Categorization of Federal Information and Information System – FIPS 199
This document is provided by NITS, and it states a standard for categorizing federal information and information systems.
Citywide Cybersecurity Policy | San Francisco, California
San Francisco created a citywide cybersecurity policy in order to support, maintain, and secure data systems.
Information Security Policy | Chicago, Illinois
This policy states the role for data security, requirements for protecting sensitive data, and mission critical systems, and protects the city’s systems and data
Cybersecurity Best Practices for Smart Cities
This guidance was created by different countries’ cybersecurity agencies in order to integrate information and communication technologies, community wide data, and operational technology.
PCI (Payment Card Industry) – Privacy Security Council
This is a global forum dedicated to protect account data security by developing standards and resources in the payment card industry.
Security from NYC – Internet of Things
This is an example of how the aspect of security regarding data is handled in NYC.
San Francisco City-wide IT focused – Disaster Preparedness, Response, Recovery, and Resilience Policy
San Francisco developed a DPR3 that will ensure the delivery of public services during, and after a disaster.
Data Classifications
Data Classification Standard | San Francisco, California
The city of San Francisco created a data classification standard that requires departments inside the city government to categorize and label data per classification levels.
Data Policy – Dataset Classification | Washington DC, District of Columbia
Washington, DC created a data policy that also provides dataset classification that other cities can utilize.
Data Security: Policies and Regulations Impacting Research Data from University of North Carolina
This provides a definition for sensitive data, and level of sensitive information followed by University of North Carolina.
Operationalization
Appointment of Chief Data Officer – Resolution NO. 2019-30869 | Miami, Florida – 06/26/2019
This is an example of a resolution issued by the mayor and city of Miami to appoint a data chief officer and its responsibilities.
Eight Strategies for Chief Data Officers to create and demonstrate value by Harvard Business Review
This article illustrates different strategies that Chief Data Officers can implement to strengthen their value.
DatSF Guidebook: Data Coordinators Edition
This guide is directly to Data Coordinators in the city and county of San Francisco to provide guidance in their new role.
The Chief Data Officer in Government
This is a playbook created by Deloitte Center for Government Insights that provides roles and responsibilities for a government Chief Data Officer (p. 3-4).
Checklist: The city of Asheville, NC Technology Procurement Checklist
This is an example of questions that the city of Asheville asked when purchasing technology.
TOOL: Data Ethics Maturity Model: Benchmarking your approach to data ethics from the Open Data Institute (OPI) | London
This tool allows organizations that work with data to benchmark their maturity in relation with data ethics.
Community Engagement and Resident Feedback
CUTGroup Chicago – Engaged their community (pg. 1)
This is the completed guide that explains the CUTGroup in detail.
Chicago Tech Collaborative CUTGroup
It shows the latest projects CUTGroup Chicago has been working on.
CUTGruops Detroit
It is a tester pool that brings Detroit residents to evaluate civic websites and apps, and it also provides several data literacy training sessions.
CUTGroups Seattle
This article describes the creation of Civic User Testing Group in the city of Seattle.
The Spectrum of Community Engagement Ownership
This guide was provided by the Facilitating Power and it draws a pathway for local democracies to strengthen and transform.
An opportunity for community leaders
This article presented by SmartCity PDX, in which states two innovative ways for engaging community leaders.
Community Leads Request for Smart City PDX Program
This is an example provided by the city of Portland regarding a position as community leads in order to close the gap between technology and marginalized communities.
Link:
Participatory Data Stewardship
This is a report provided by Ada Lovelace Institute that provides a framework for involving people in use of data.
City Leader Guide on Civic Engagement from Bloomerang Harvard
This guide provides analytic tools for city leaders to engage residents in public problem-solving, and facilitating innovative practices.
OECD Innovative Citizen Participation and New Democratic Institutions: Catching the Deliberative Wave
This is an informative resource that provides several models of deliberative processes.
IAP2 Spectrum of Public Participation
This is an example of how to collect public participation.
Seattle Community Technology Board
The city of Seattle created a community technology board, which provides recommendations to the Mayor and City Council regarding information and communications technology as well as effective electronic civic engagement.
TOOL: KC Digital Drive, Code for KC and Missouri Western University launch Kansas City’s First Civic UX testing group
Civic UX Testing group is a tool created by KC Digital drive with the goal to build technology applications to help resolve social and civic issues.
Chicago Tech Collaborative’s Civic Design & User Testing initiative (“CUTGroup”)
CUTGroup is a civic engagement program that provides a space to Chicago residents to contribute to emerging technology while providing feedback to public, privacy and social sector partners.
Additional Background Readings
Legal Technology Laboratory
The Legal Technology Laboratory is a community of practice platform designed to promote collaborations by innovators at intersections of law, technology, education, and entrepreneurship and empower multidisciplinary teams to address social, civic, and economic development challenges with technology-assisted solutions and data-driven policy development.
General Services Administration, Rules and Policies – Protecting PII – Privacy Act (11/15/2018)
The U.S. General Services and Administration drafted a set of rules and behaviors to follow when handling personally identifiable information.
NYC Internet of Things
NYC Internet of Things along with other 35 cities help government and their partners to responsibly deploy connected devices and IoT (Internet of Things) technologies
Cf. REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
On 27 April 2016. On the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation-“GDPR”) – Paragraph 32. This is a regulation established by the European Parliament that states the importance of protecting one’s personal data.
Algorithmic bias detention and mitigation: Best Practices and policies to reduce consumer harms
This article was published by the Brookings in 2019, it describes the current mass-scale digitization of data and the consequences of it in different sectors such as in economics, transportations, retail, and other areas.
Bias Mitigation in Data Sets
This article describes the different ways bias can happen in datasets, and it was published by SOCARXIV, an open archive of social science.
Michael Juerens, Social Media Risks Create an Expanded Role for Internal Audit from The Wall Street Journal (08/06/2013)
The Wall Street Journal published an article describing the different threats that social media can create; therefore, it is crucial to create internal audits.
Beatriz Botero Arcila, Sharing Data in the Sharing Economy: Policy Recommendations for Local Governments. 9 Indiana J. Law and Society Equity 1 (2021)
Indiana Journal of Law and Social Equality published this academic article that provides policy recommendations when daring data in the sharing economy.
The City needs to make realistic commitments to voters and ensure they are delivered
This is an example of an audit made to the city of Portland regarding accountability for voter-approved taxes.
Data Labs
Data Labs presented a series of case studies for data owners, especially those working with PII (Personal Identifiable Information) on how to improve their data practices.
Privacy Guide For Cities & Public Agencies from Open Mobility Foundation – 03/17/2023
This guide was developed by the Open Mobility Foundation and the Privacy, Security, and Transparency Committee to orient cities as technologies transform cities’ transportation networks.
Mozilla’s framework notes for data commons governance
This article provides a framework when applying Ostrom’s principles to data commons governance.
The softer side for data governance: a playbook for non-technical users from the Open Data Institute (OPI) | London
This playbook is directly to non-technical users leaders in the healthcare field who work with data on their daily basis.
Sovereign immunity in the age of continuous cyber warfare – 07/15/2015
This article describes the importance of sovereign immunity, and its implication against cyber attacks.
Distinguishing Between Governmental and Property Functions (Chapter 2 of Local Government Immunity to Lawsuits in North Carolina (2018)
This chapter talks about the origin of the distinction in immunity cases and its relationship with the judiciary’s role.
Sean Andrés Rapela, The Ugly Truth Cyber Security Insurance & Governmental Data Breaches, 21 J. High Tech. L. 242 (2021)
This academic article states the increased number of cyberattacks while also proposing a cyber relief program.
Rebekah Luna, Stranger Danger!: How Hackers Break Into School Databases to Steal Student Data, and What Legislatures Should Do About It, 54 Tex. Tech L. Re. 381 (2022)
This academic article refers to schools as easy targets for cyber attacks due to the lack of legislation in this matter.
How to know you are a “data intermediary” under the Data Governance Act from the International Association of Privacy Professionals (IAPP)
This is an article that describes the roles of data intermediary while following the Data Governance Act
FOIA (Freedom of Information Act)
This is the central website for FOIA that cities can check for any new regulations.
European Union’s General Data Protection Regulation (GDPR)
This is a resource that will help organizations and individuals when working with the General Data Protection of the European Union.
Privacy Definition & Legal Meaning in the online version of Black’s Law Dictionary (2ND Ed.)
This website provides a legal definition of privacy, and divides it into four categories.
Cities Partner on Model Policy for Handling Municipal Data
This article was published by Government Technology in 2020, and it provides some insight regarding the early stages of the Data Governance Policy.
Doing public good with Data requires that the Data is of sufficient quality/integrity, is properly accessible, and is stored safely.
While cities, counties and states use many rules and regulations, a common first step is to establish privacy principles, often by way of resolution passed by the Jurisdiction’s governing body.
A core set of definitions reflecting municipal uses of Data will be vital to standardizing practices across departments and jurisdictions.
While protecting data from outside threats is a major concern in a Jurisdiction’s Data Governance, just as important is standardizing internal departmental procedures to safeguard data throughout its lifecycle.