Request for Input on Citywide Privacy Protection Policies

The Chief Privacy Officer is seeking input from stakeholders on how the City can best serve the public's privacy interests while continuing to advance the programs and services that aid New Yorkers every day. While this form will remain on this website for comments on an ongoing basis, comments received by January 4, 2019 will be considered by the CPO in developing the City's new privacy policies and protocols.*


The City of New York employs hundreds of thousands of public servants who administer a broad range of programs and services and interact with the public in many ways that may involve the use of personally identifying information. To advance best practices in protecting the privacy of such information, the City Council enacted Local Laws 245 and 247 (together known as the "Identifying Information Law") in December 2017, effective June 15, 2018, which established new requirements concerning the collection, retention and disclosure of identifying information by City agencies. In March 2018, the Mayor appointed the City's first Chief Privacy Officer (CPO) and established the Mayor's Office of Information Privacy, which serves as a centralized, citywide resource in privacy protection.

The Identifying Information Law requires the CPO to issue new citywide policies and protocols on or about early 2019 that will further support City agencies' privacy protection practices. This mandate presents an opportunity for the City to continue to develop a unified and consistent framework to further support agencies in protecting the privacy and security of individuals' personally identifying information in a manner that is consistent with applicable laws and regulations.

The Identifying Information Law currently applies to City agencies and their contractors and subcontractors for "human services" -meaning, social services provided to third parties. The CPO can also determine that City contracts and subcontracts for other types of services are subject to the requirements of this Law.
Do you think any additional types of City contracts and subcontracts for services should be covered by the Identifying Information Law?
The CPO's new policies and procedures will specifically address the below issues, per the mandates of the Identifying Information Law.
  • Anonymizing identifying information as appropriate to the purpose or mission of an agency;
  • Requiring agency privacy officers to develop a plan for compliance with the Identifying Information Law, and also to disseminate guidance to employees, contractors, and subcontractors on collecting, retaining, and disclosing identifying information;
  • Requiring written agreements, in certain circumstances, for disclosing identifying information to third parties, and describing the type of disclosures to third parties that will require additional review by the agency privacy officer;
  • Establishing standard contract provisions relating to the protection of identifying information; and
  • Establishing a mechanism for accepting and investigating complaints for violations of the Identifying Information Law, and describing when notification to individuals should be required of an agency, contractor, or subcontractor in such circumstances.

*While all comments and recommendations provided here will be considered, there is no guarantee that any particular recommendation will be incorporated into the final privacy policies and protocols adopted by the CPO. The comments you provide through this form will be transmitted directly to the CPO's inbox. They may be compiled with other comments received and posted to the Mayor's Office of Information web page, except your name and contact information, if provided, will NOT be published to this site, but may be shared with other City agencies and officials for purposes related to the Identifying Information Law and citywide privacy protection best practices.

Please check "I'm not a robot" below to verify you are a person.