City of Pittsburgh - File #: 2017-1346

• File #: 2017-1346
• Version: 1
• Type: Resolution
• Status: Passed Finally
• File created: 3/24/2017
• In control: Committee on Finance and Law
• On agenda: 3/28/2017
• Final action: 4/10/2017
• Enactment date: 4/10/2017
• Enactment #: 192
• Effective date: 4/24/2017
• Title: Resolution authorizing the City Controller to perform an audit of Department policies that pertain to the acquisition, retention, and destruction of personally identifiable information.
• Sponsors: Corey O'Connor
• Indexes: MISCELLANEOUS

Date	Ver.	Action By	Action	Result
4/24/2017	1	Mayor	Signed by the Mayor
4/10/2017	1	City Council	Passed Finally	Pass
4/5/2017	1	Standing Committee	Affirmatively Recommended	Pass
3/28/2017	1	City Council	Read and referred

Title

Resolution authorizing the City Controller to perform an audit of Department policies that pertain to the acquisition, retention, and destruction of personally identifiable information.

Body

WHEREAS, Personally identifiable information (PII) is generally defined as any data that can be used to distinguish a specific individual or be linked to a specific individual, including, but not limited to: name, address, Social Security Number, date and place of birth, family member names, or biometric records; and

WHEREAS, many City of Pittsburgh Departments and related Authorities, especially those that provide public-facing services, collect and store PII in various ways; and

WHEREAS, while it is likely that individual offices, departments, and bureaus maintain internal policies and standards for sensitive information, there are no comprehensive City-wide standards in place to govern the storage, maintenance, recovery, and disposal of PII; and

WHEREAS, through its efforts and obligations to provide services to Pittsburgh residents, the City of Pittsburgh is obliged to ensure that residents’ PII is protected and managed appropriately; and

WHEREAS, per Article 4, Chapter 404: “Powers and Duties,” Section (c) of the City’s Home Rule Charter, the Pittsburgh City Controller has the power “to conduct performance audits of all agencies, trusts, council and units of government whenever the Controller decides it is necessary or is directed to conduct such an audit either by the Mayor or by Council, but in any event no less than once every four years;” and

WHEREAS, a robust audit of all City activities related to PII can better identify methods to improve PII practices.

Be it resolved by the Council of the City of Pittsburgh as follows:

Section 1. Definition.

A.                     Personally Identifiable Information: Any information about an individual maintained by the City of Pittsburgh, its Departments, or related Authorities, including, but not limited to:

a.                     Any information that can be used to distinguish or trace an individual’s identity, such as name, address, contact information, Social Security Number, date and place of birth, family member names, or biometric records; and

b.                     Any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.

Section 2. Audit.

A.                     The City Controller is hereby authorized to perform an audit of the Department data policies. The audit shall review the policies that are currently in place to safeguard sensitive information and identify any deficiencies in policies that could.