Impact Management | October 6, 2017

How privacy can keep up with the explosion of data

The team at


Smart cities of the 21st century are going to collect enormous amounts of information about their residents.

Crossing city records like tax payments, property records and utility bills with data from traffic sensors, smart meters, surveillance cameras and other connected devices can improve services and inform policy.

Our urban lives will be ever more tracked, quantified and analyzed as 200 billion devices come online by 2020. The “open data” movement will make more and more of that information widely available online.

The city of Seattle — home of data behemoths like Amazon and Microsoft — wants to be a model for how to be smart and still protect citizens’ privacy. Seattle is trying to avoid the situation New York’s taxi agency got into a couple of years ago when it released hundreds of millions of taxi trip records, only to find out that it had not adequately anonymized the data.

A reporter from Gawker linked the database to identify celebrity cab rides. Last year, Seattle adopted a resolution to make all civic data “open by preference,” rather than “open by default,” CityLab reports. The policy applies to databases from any city agency — the police department, housing and transit authorities, the city’s disability services and others.

“This means we can be open [with data] once we mitigate for privacy risks, release of personally identifying information, and other kinds of harm,” said David Doyle of Seattle Information Technology. Figuring out how to mitigate such risks isn’t straightforward.

By itself, one bit of data might not pose a risk to someone’s privacy but could when combined with data from other sources. A “de-identification” expert suggests no more than six to eight indirect identifies should be included in any database, and even those should ensure that multiple people fit any given profile.

Seattle plans to check in on itself with an annual data risk assessment — which will be made public.