This project examines compliance with privacy and data protection laws, as well as well-balanced policies, within the context of “Smart Cities”. Currently tailored to Kansas City, Missouri, the project has been focusing on: (i) the types of data being collected, how it is being collected and secured, and how it is being analyzed and used by the city or third parties; (ii) understanding of the data flows and contractual relationships among local government and various vendors and associated rights and responsibilities, and considering such matters in the context of municipal authority; (iii) benchmarking against policies and practices in other cities in the U.S. and abroad; (iv) developing a multi-faceted draft “Model Data Handling Policy” for public-private Smart Cities initiatives with appropriate oversight mechanisms, with a view to vetting that draft across the MetroLab Network set of ‘best practice policies’ for all aspect of such data handling; and (v) designing an “AI-assisted toolbox” (“Data Handling Compliance Toolkit”) using rule-based and machine-based learning to support compliance with the Model Data Handling Policy .
This project address several complexities implicated by the use of sensors and other data gathering, securing, and dissemination apparatus and processes, with focus on “people first” outcomes. The teams work includes examining data security, risks of aggregation/re-identification of seemingly “anonymous” data, risk mitigation strategies, issues of sovereign immunity and cyber-insurance, and appropriate governance systems for Smart Cities data handling initiatives. We seek to, in the course of developing a Model Data Handling Policy, create, among other things, benchmark use cases upon which approaches to vulnerability analysis can be examined. A combination of original work and reference to emerging standards work will be employed for the completed models. Innovation in this area is needed regarding the bridging of the intersection between technologists’ understanding of data management challenges for security on one hand, and administrative behaviors of those responsible for privacy and identity protection, data integrity, and responsible data usage, implicated by the content of data sets which originate in IoT installations on the other. The creation of use cases for elements of the Data Handling Compliance Toolkit will facilitate the creation of technologies designed to assure that deploying and using Smart Cities technology to make municipal government more effective and contribute positively to the development of innovation-facilitating entrepreneurial ecosystems doesn’t lose sight of the civic responsibility to pursue “people first” objectives and actions.
As of the end of October 2017, this LTL project team is (i) revising a preliminary draft of the Model Data Handling Policy created in the interdisciplinary Law, Technology & Public Policy course at UMKC to reflect recent research conducted by student interns, and team analysis thereof, particularly with regard to issues of authority and responsibility, and benchmarking to relevant aspects of policies and practices in selected cities; and (ii) engaging in early-stage prototyping for use cases for the development of Data Handling Compliance Toolkit.