Information Privacy and Protection
Maintaining privacy and protection of confidential information is essential to preserving the City's high level of public trust. Information is defined as any data or record collected, obtained and/or maintained by the City of Phoenix.
Types of Confidential information
Personal Identifying Information (PII)
Refers to any information that identifies and describes an individual, including but not limited to, the individual's first name and last name, or initial and last name combined with:
- private information- examples include residence or mailing address, telephone number, protected health information, date of birth, mother's maiden name, etc.; or
- government-issued identifiers or information - examples include Social Security Number, driver's license or non-operating identification number, citizenship status or alien identification number, tax identification number, etc.; or
- financial account information - examples include credit card or debit card numbers, savings or checking account numbers, any other security entitlement account number, retirement account number, account passwords or access codes, etc.
Restricted City Information (RCI)
Refers to information for which unauthorized access, modification, or loss could have a negative affect on the City or the public. Examples include sensitive public infrastructure and/or utility information, all information exempt from public disclosure under state or federal public records laws, customer databases, employee personnel records and information, selected procurement information, licensed proprietary or copyrighted information, and security information.
Federal/State Privacy Regulations and Industry Standards
The City must comply with various Federal and State privacy regulations:
- Arizona Revised Statute §44-7501 - Breach notification
- Arizona Revised Statute §44-7601 - Information disposal
- Arizona Revised Statutes §41-4172 - Privacy security measures
- Identity Theft - Red Flags Rules
Criminal Justice Information Services (CJIS) Security Policy
Provides state, local, and federal law enforcement and criminal justice agencies with access to critical, personal information such as fingerprint records, criminal histories, and sex offender registrations, protecting both the public and public safety officers.
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
Protects the confidentiality and security of healthcare information.
Payment Card Industry - Data Security Standards (PCI-DSS)
PCI security for merchants and payment card processors specifies the framework for a secure payments environment.
Generally Accepted Privacy Principles (GAPP)
Published by the American Institute of Certified Public Accountants and Chartered Accountants of Canada. This set of principles provides an ethical framework for developing appropriate City policies, standards and practices regarding the public's personal information.
City Privacy Regulations and Standards
To meet the Federal/State regulatory requirements and standards, the City established the following privacy policies through administrative regulations (A.R.s) and City IT Standards:
- A.R. 1.84 – Information Security Management
- A.R. 1.90 – Information Privacy and Protection
- A.R. 1.91 – Information Privacy and Protection Supplement – Data Shared With Third Parties
- A.R. 1.95 - Privacy Program
- IT Standard b1.4 – Information Management Plan
- IT Standard b1.7 - Information Privacy Program
- IT Standard b1.8 – Privacy Breach Response Plan
A.R. 1.95 establishes a Privacy Program for the City of Phoenix. This policy and its supporting standards define and articulate the City of Phoenix's privacy principles.
The City of Phoenix Privacy Program is aligned with the City's Visions and Values by focusing on results, promoting integrity, making Phoenix better, and safeguarding the public trust.