Skip to main content

Opinion: Reflecting on data privacy at state and county levels

With National Data Privacy Day coming up on Jan. 28, I’ve been thinking about all the in-roads we’ve made over the years on privacy and consumer protection in both Santa Clara County and our state.

As our world becomes more and more technologically advanced, we have to keep pace in protecting and securing our data and privacy. And as our lives become increasingly intertwined with digital platforms, safeguarding our personal information is no longer just a matter of choice; it’s necessary to preserve our fundamental rights. This quickly became apparent to me when I served in the California State Legislature.

As chair of the Legislature’s Select Committee on Privacy, I introduced first-in-the-nation legislation on data privacy/electronic identity theft. Assembly Bill 700 (and its twin, Senate Bill 1386) made California the first state to mandate data breach notification, requiring businesses and state agencies to inform consumers when a security breach compromises their personal information. While novel at the time, all 50 states have since adopted similar laws. Thanks to laws like these, hundreds of millions of Americans have been notified that their personal information was exposed, giving them the notice and opportunity they need to protect themselves. It also prompted countless organizations large and small to make cybersecurity a business priority.

Then, in the state Senate, I pushed further, authoring SB 24, which enhanced consumer privacy protection when sensitive data is lost or stolen. Signed into law in 2011, it established standard information that all businesses must provide to consumers about a breach. It also required data holders to send an electronic copy of the notification to the Attorney General. This additional notification gives law enforcement the ability to see the big picture, better understand the patterns and practices of identity theft statewide and then take steps to protect the public.

For these and other efforts, I was named an “industry pioneer” in information security in 2009 by cybersecurity professionals and named one of Scientific American magazine’s “50 Leaders in Technology.”

I was determined to continue working on improving privacy at the county level. In 2016, I championed a local law that governs the acquisition and use of surveillance technology by county officials, including the sheriff and district attorney.
Previously, regulation at various levels of government that sought to provide oversight and transparency into government surveillance was drafted to focus on one specific technology at a time. Our county ordinance was the first of its kind at any level of government to provide “future-proof” oversight and transparency for all surveillance technologies acquired by the county, regardless of the specific type of technology used. Santa Clara County’s surveillance law was unanimously adopted in 2017 and has since been emulated in many other jurisdictions.

By requiring privacy impact reports, use policies and annual reporting on the technology in question, the law not only improves transparency and accountability for the use of taxpayer funds, it also ensures that our county carefully weighs the costs and benefits before acquiring and/or deploying any particular technology or system. These checks and balances demonstrate that it is possible to simultaneously protect the privacy, civil liberties and due process rights of our residents while ensuring that law enforcement has the tools they need to keep us safe.

More broadly, our county necessarily collects sensitive and personal information, including health, financial, voting and criminal records. To step up our efforts on data security and privacy protection throughout the county, I pushed for the creation of our county’s Privacy Office. One of the only departments of its kind at the local government level, our Privacy Office works to ensure that county protocols and processes adhere to best practices, oversees the application of the surveillance technology law and serves as a center of expertise for our Board of Supervisors and other county departments on rapidly changing technologies. Additionally, the Privacy Office collaborates with the Information Security Office to protect sensitive data held by the county from both external and internal threats.

And finally, it’s become increasingly evident that a safe, free and trustworthy election cannot be taken for granted. Prior to the 2018 elections, I led comprehensive efforts to bolster election security measures. In the following year, I organized our county’s first election security conference to raise awareness, foster the sharing of best practices and upgrade our own election security.

We’re still having these conversations at the county, most recently about location and vehicle data privacy. Many of us have cars or devices that make our cars smart vehicles, but with what impact on our privacy? What’s happening with that data, and how can you protect your data? That was the subject of the county’s recent annual data privacy event. A video recording of this year’s event will soon be available at

Remaining vigilant on data security measures and privacy protection is not optional; it’s an obligation that we owe to the people we represent. We’ll stay on it!

Tagged in: