New York Adds Chief Privacy Officer


New York City has created a new role – Chief Privacy Officer. Mayor Bill de Blasio announced yesterday that Laura Negrón will fill the role. Negrón was previously General Counsel and Chief Privacy Officer for the Mayor’s Office of Operations. Negrón will continue to report directly to Acting Director of the Mayor’s Office of Operations Emily W. Newman. The size of the expanding privacy team is yet to be determined.

Negrón created NYC’s Citywide Data Integration legal framework, which established a citywide governance structure and the data security protocols required when agencies exchange data on New Yorkers.

The creation of the role is an interesting one given New York City’s widespread use of surveillance technology as part of its law enforcement and public safety efforts. In a statement on the creation of the office, Mayor de Blasio noted that the city is now in control of more personal data than ever before and wants to be proactive about protecting that data from outside adversaries.

“With decades of experience and a fierce passion for privacy law, Laura’s a perfect fit to spearhead our privacy efforts and ensure we’re always making smart data-driven decisions aimed at improving the lives of New Yorkers,” Mayor de Blasio said.

The CPO role was created last year. In the role, the CPO will require that identifiable information be anonymized when necessary and will require the privacy officer of each agency to issue guidance on the Law’s requirements to its employees and certain of its contractors, and subcontractors.

Cities across the US are looking at how to deal with privacy issues as they collect more and more personal data on residents and visitors. An increasing number of data breaches is also putting pressure on municipal leaders to come up with solutions. In March, the city of Atlanta faced a significant ransomware attack that took many systems offline for several days. North Carolina, Baltimore and San Francisco have also had recent high profile cyberattacks. Those attacks have typically been handled through city technology offices in coordination with vendor partners, but it is likely that more cities will explore bringing on a CPO to codify data protection and incident response plans.