[Brian Hofer comments]

Transparency

1. Audits. The policy must have a description of the intended protocols for independent
audit and oversight to ensure compliance. The protocol shall: 1) list the methods for
storing recorded information, including how the data is to be secured, segregated, labeled
or indexed. Such methods must allow for independent third-party auditors to readily
search and locate specific data that is collected and determine with certainty that data was
properly deleted, consistent with applicable law; 2) list how the data may be accessed,
including who will be responsible for authorizing access; 3) create a users log to track
viewing, accessing, sharing, analyzing, or use of any data captured or collected, including
the date, time, the individuals involved, the data involved, the reason(s) for viewing,
accessing, sharing, analyzing, or using the data, and the authority for doing the act
performed (e.g. warrant, reasonable suspicion); 4) list a description of the individuals
who have authority to obtain copies of the records and how the existence and location of
copies will be tracked; 5) describe how and when independent third-party compliance
audits will be conducted.

The results of the audit(s) shall be given to the Privacy Officer for incorporation into the
annual information report (see Metrics).




Metrics

The Privacy Officer shall present an annual information report to the City Council at a public
meeting. The Privacy Officer shall issue a report describing the implementation of the
provisions of this policy and compliance therewith. The report shall also answer the following
questions and describe any corrective action taken or needed:

1. Purpose Specification. Did the data acquired directly advance the specified purpose?
2. Data Minimization. Was data obtained that did not directly advance the specified
purpose?
3. Data Retention. Was data retained for a lengthier period of time than allowed?
4. Data Safeguards. Was data improperly accessed or used?
5. Public Access. Were public demands for records complied with?
6. Cost Justification. Are the initial costs and any ongoing costs on budget? Have the costs
resulted in increased public safety, law enforcement efficiency, or other favorable
justification?
7. Dispute Resolution. Have citizen complaints been filed, and if so, what was the nature of
the complaints, and were they resolved?