Skip to main content

County of Santa Clara’s new chief privacy officer advances privacy excellence

FOR IMMEDIATE RELEASE                        

SAN JOSE – Underscoring his commitment to privacy protection and data security for the County’s 1.9 million residents, Santa Clara County Supervisor Joe Simitian introduced the County’s first Chief Privacy Officer, Mike Shapiro, at Thursday’s Finance and Government Operations Committee (FGOC) meeting.

“As more and more of our information is stored electronically and online, we have to be especially vigilant in protecting our privacy,” says Simitian, FGOC Chairman and leader of the push for the County to establish the nation’s first Privacy Center of Excellence, and integrate “privacy-by-design” principles into every level of County operations.

“Creating the position of Chief Privacy Officer was the logical next step,” Simitian notes. “Santa Clara County, as a government, collects sensitive and personal information, including health, financial, voting, and criminal records. With Mike Shapiro on board, I’m hopeful that we can become a national leader – in not only protecting that information from outside assault, but in handling it appropriately within the County.”

Shapiro comes to the County with wide-ranging experience working with government agencies and major corporations on privacy management and training, strategic program development, and data breach preparedness. His background as privacy professional and a U.S. Army Reserve veteran will be beneficial in leading the County’s privacy effort.

“I’m ready to use my skills to create an enterprise privacy program in support of constituent and employee privacy alike,” he says. “This is a tremendous opportunity to help the County build a robust program, and build it in the right way.”

In his first Information Security and Privacy Program Report to the FGOC, Shapiro, along with County’s Chief Information Security Officer Justin Dietrich, outlined ongoing efforts to improve privacy-related aspects of the County’s surveillance ordinance amendments, whistleblower confidentiality requirements, patient protections, and data sharing policies.

Earlier this year, at Simitian’s urging, the County committed itself to becoming a Privacy Center of Excellence. “I’m determined to up our game on data security and privacy protection,” said Simitian. “Like every other organization, we know we’re at risk. We’re making progress, but we can and should do more.”

Looking to the future, developing the foundation for a Privacy Center of Excellence is “the essential balance between the need to protect personal information with the benefits of information sharing, and advancing a culture of privacy,” Shapiro says.

 “We’re in Silicon Valley, and in our unique region, we have the ability to work with academia and the tech industry on the most urgent privacy threats and solutions,” Shapiro said. “Not only are we looking to establish best practices and foster privacy protection throughout the County, but also to serve as an example beyond Santa Clara County,” he added.

Santa Clara County is one of the few counties in the country to have a dedicated chief privacy officer. “Some states don’t even have one yet,” says Shapiro, who was hired in late September. “It shows the County’s strong commitment to privacy, and I’m excited to be a part of it.”

Simitian has been an ardent advocate for privacy protections since the beginning of his 12 years in the California legislature, sponsoring more than a dozen successful privacy-related pieces of legislation which became law. He also served as chair of the Select Committee on Privacy in both the California State Assembly and the California State Senate.

As a State Legislator, he introduced what would become the country’s first data breach disclosure law (AB700): if hackers steal a company’s data, the firm has to notify affected consumers. Since then, 48 states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have adopted similar legislation.

Subsequent Simitian legislation (AB68), required the increasing number of web site operators – like Google (Facebook didn’t yet exist) – that collect personal information online to clearly post a privacy policy – and honor it.

As Supervisor, in 2016, Simitian led the County to become the first in the country to implement more transparent rules for surveillance technology, including fake cellphone towers, computer hacks, license plate readers, and GPS trackers that can be used by law enforcement to track civilians.

Simitian’s continuing efforts to safeguard privacy come in the midst of global and nationwide data breaches, and hacking scandals affecting millions, as well as Congressional and state level battles over increasingly sophisticated electronic surveillance methods.

“It doesn’t happen overnight. There is a steady drip of erosion of the right to privacy. If we wait to care about privacy only after it’s gone, it’s probably too late,” says Simitian. “I firmly believe we can both protect the public, and respect the public’s privacy rights. In fact, I believe we’re obligated to do both.”