Privacy Concerns

.Protecting Privacy

The University Consortium for Geographic Information Science (GIS&T)'s Body of Knowledge repository includes a section on location privacy. The authors indicate that, "unlike other types of personal information, much about someone’s identity may be inferred from location, a type of personally identifiable information that is highly dynamic." While location tracking can be pivotal in disaster response, data producers and users must protect personally identifiable information.

A brief overview of U.S. legal protections for personal location privacy is provided in the article, Contemporary Issues in the Practice of GIS: Personal Locational Privacy.

Personally Identifiable Information

ArcGIS offers the following examples of PII:

"Items commonly considered personal data utilized with location services include name, surname, username, email, IP address, location, and even the advertising identifier of the user's phone.
"Fine-grained location" information for analytics is commonly defined as any area less than one square mile, including any spatial (latitude-longitude) data.
Collecting geolocation information for location tracking with a Global Positioning System (GPS) receiver (fine-grained location information) could qualify as PII, as it can lead to reasonable inference of the individual."

Illustration of a person displaying icons with various types of PII.

An infographic in Esri's ArcGIS location privacy document demonstrates various kinds of personal data (Page 3)

The International Association of Privacy Professionals produced a PII risk level matrix to help you identify high and low-risk types of PII.

Privacy Best Practices.

The European Union's General Data Protection Regulation and the California Consumer Privacy Act guide the contents of ArcGIS's 54-page white paper on best practices for promoting location privacy. The document is intended to guide IT managers, GIS administrators, and privacy and security personnel through various deployment scenarios and answers frequently asked questions about privacy considerations when implementing the ArcGIS platform.

Subjects covered include background on privacy and compliance, architecture, corporate controls, and user privacy controls.

Data Use Agreement (DUA) Templates

Data use and sharing agreements can expedite the process of sharing information during a disaster. FEMA suggests parties that are regularly involved in disaster recovery projects and activities establish formal data-sharing agreements in writing. The US Geological Survey (USGS) indicates a DUA governing geospatial data should include:

Authority: the power under which data sharing is defined.
Access provisions:
- Who has rights to access the data
- Who has rights to change or modify the data
- How the data will be accessed
Confidentiality and disclaimers
- Disclaimer covering the accuracy of the data
- Description of data and metadata
- A statement covering release of data to a third party

FEMA and USGS have several DUA examples and templates

The agency provides downloadable example agreements, including a Data Use License Agreement and a data transfer agreement.

For comprehensive guidance on recommended contents of an agreement for use of data during a disaster, including sample agreements, see Appendix G to FEMA's Practitioners Guide to Unified Federal Review.

Google Sites

Report abuse