QUESTION
What specific security measures are in place to protect user data and security on site and on the 311 app?
1:19:49
·
4 min
The deputy commissioner explains that strict privacy policies are in place to protect user data and build trust with New Yorkers.
- 311 customer information is largely anonymous, with no requirement to provide names or contact details for general inquiries.
- For service requests requiring location details like an apartment, only necessary contact information is collected and transmitted to the relevant agency - 311 does not retain this data.
- The privacy policy is regularly updated based on evolving best practices, with guidance from the city's chief privacy officer and chief information security officer.
- User privacy allows New Yorkers to contact 311 without fear, fostering a relationship of trust and confidence.
Jennifer Gutiérrez
1:19:49
I'm gonna ask a few more questions.
1:19:54
I wanna dig in a little bit into privacy and data and would love for you to share if there are any specific security measures in place to protect user data and security.
1:20:08
Both on site or on the app.
Joe Morrisroe
1:20:09
Great.
1:20:10
Thank you.
1:20:10
I appreciate that question because it gives us an opportunity to talk about a very important topic.
1:20:15
I'll speak at a high level and a general level at first, but I'll also say I have very good colleagues.
1:20:21
I work with an OTI who including the the city's chief privacy officer and our CSO, our chief information security officer, who would both be, you know, oversee the areas that drive our policies and our adherence to those policies.
1:20:35
So ultimately, I would defer to them on anything that's specific or related to the policy.
1:20:40
But from a 311 perspective, writ large, we have privacy measures.
1:20:45
We have privacy policy.
1:20:46
It's available to customers.
1:20:48
It's applies no matter which process you're using, which channel you're using, phone, online, social, etcetera.
1:20:56
And it is something that is very important to us.
1:21:00
The ability for 311 to work for New Yorkers is largely based on a compact between customers and 311.
1:21:10
And we really make sure we are looking out for the customer's interests for the customer's need.
1:21:18
Privacy goes a long way with that.
1:21:20
Alright?
1:21:20
It builds trust.
1:21:21
Gives the customer confidence.
1:21:23
It allows the customer to call.
1:21:25
It removes potentially the customer barrier to call.
1:21:28
The customer's afraid of their status of their situation of anything.
1:21:33
We really have stressed over the years and and engaged with city council on a number of times.
1:21:38
On the things that we offer to do that.
1:21:40
For example, 301 is largely anonymous for the public.
1:21:44
We don't need your name.
1:21:45
We don't need your contact information.
1:21:47
For general information.
1:21:49
We often don't need your name for our service request and don't necessarily need to take your name for our service request.
1:21:55
That's something we've really pushed and and promoted over the years, and and it gets to the broader issue of privacy, but also the broader issue of this compact.
1:22:02
In this trust with the public.
Jennifer Gutiérrez
1:22:04
I'm sorry to interrupt you, but I just I just wanna push back a little bit.
1:22:07
If you could just make the distinction between what 311 is asked for in the agency in that service request.
1:22:15
So I know for a fact, DOH asks for information, and they actually, in many ways, need it to be able to access.
1:22:21
So if you can just make that distinction.
Joe Morrisroe
1:22:22
Certainly.
1:22:23
Yes.
1:22:23
So when you're doing a sir so for general information, what we call information provided, which is about 70% of all the contacts to 311.
1:22:31
There's no service requested, there's no complaint, and there's no need maybe 1 or 2 exceptions, whether it's an application or a form, but there's generally no need for customer information.
1:22:42
For a service request, 311, again, does the intake.
1:22:46
If an agency needs contact information in order to fulfill on the request, such as a a specific location like an apartment, then that would be something we would do in the intake process, and that's what gets sent.
Jennifer Gutiérrez
1:22:58
And do you all just 311 keep that information?
Joe Morrisroe
1:23:02
No.
1:23:02
That information is transmitted through the service request, and then it goes to
Jennifer Gutiérrez
1:23:05
the agency.
1:23:06
Okay.
Joe Morrisroe
1:23:07
And then for other ones, customers can choose to give their contact information.
1:23:10
But the majority of service request types do not require the the who in order for it to be fulfilled.
Jennifer Gutiérrez
1:23:17
And how often does the privacy policy get updated?
Joe Morrisroe
1:23:22
Oh, I would I'm gonna be nonspecific, but I'll say on a very regular basis, I think we've updated it fairly recently.
1:23:31
Various levels of changes sometimes could be minor changes, some kind can be substantive updates.
1:23:36
But it's something that's a living document.
Jennifer Gutiérrez
1:23:39
Okay.
1:23:39
And are there any factors that lead to a change in terms?
1:23:44
Of use of agreement?
Joe Morrisroe
1:23:46
I think a lot of it becomes it comes from the learning and the growth in the area of privacy.
1:23:51
As I mentioned, OTI has a privacy officer within OTI, but also serves in the in the for the city capacity.
1:23:58
A good colleague, and we we consult with him and his team to make sure we have the most current information.
Jennifer Gutiérrez
1:24:05
Okay.
1:24:05
Thank you.
1:24:06
I would just wanna still dig into pre privacy and data.
1:24:12
We can we've learned that according to Apple and Google App Stores, policies revealing an app's data practices.
