Members

Alaric Degrafinried – Chair, Purchaser and Director, Office of Contract Administration

Steve Flaherty – Principal Auditor, Controller’s Office

Jason Lally – Data Services Manager, DataSF

Brian Roberts – Policy Analyst, Department of Technology

Todd Rydstrom – Deputy Controller, Controller’s Office

Nnena Ukuku – Public Member

Matthias Jaime – Director, Committee on Information Technology

 

1. Call to Order by Chair

 

Mr. Alaric Degrafinried called the meeting to order at 9:03 am.
 

2. Roll call 

Alaric Degrafinried

Steve Flaherty

Jason Lally

Brian Roberts

Todd Rydstrom

Matthias Jaime

 

COIT Staff

Emma Fernandez

 

3.  Approval of Minutes

    

The minutes of November 22, 2019 were approved without changes.

 

4. Department Update: Amendment to Section 19B Acquisition of Surveillance Technology Ordinance

 

Ms. Emma Fernandez provided a summary on the Amendment to Section 19B passed in December, including facial recognition, ordinance enforcement, and implementing standards. Ms. Fernandez reviewed the 25 technologies submitted by departments that were determined to fall under existing ordinance exemptions by the City Administrator.

 

5. Action: Proposed Additional Exemptions to Section 19B Acquisition of Surveillance Technology Ordinance

 

Mr. Matthias Jaime presented technologies that do not fall under an existing exemption in the ordinance, but that COIT staff recommend sharing with the Board of Supervisors for consideration for a new exemption. These technologies fall into two categories: opt-in communication, and network services.

 

After member discussion, the Board unanimously voted to share these recommendations with the City Administrator.

 

6. Continued Discussion of Potential Surveillance Technology Exemptions

 

Mr. Matthias Jaime presented technologies that may be outside the scope of the Ordinance. These technologies fall into three categories: marketing analytics & automation, social media monitoring, and telematics.

 

After member discussion, the Board decided to hear more information about these technologies at the next meeting.

 

7. Action: Proposed Ordinance Amendments

 

Ms. Fernandez presented COIT staff recommendations of clarifying amendments to the ordinance.

 

After member discussion, the Board unanimously voted to share these recommendations with the City Administrator.

 

8. Action: San Francisco Public Library RFID

 

Members reviewed the San Francisco Public Library’s Surveillance Technology Policy for radio-frequency identification with Shellie Cocking from SFPL.

 

Ms. Cocking highlighted that SFPL uses RFID technology specifically for inventory control. It tracks books, DVDs, and other collection items based on a 14-digit barcode on the front cover of the item, not on bibliographic information. Ms. Cocking noted that this technology is a passive RFID technology, which only displays a signal if a power source is brought to it. The tag is encrypted and only a reader with that technology could decrypt the information. This is in contrast to an active tag, where information could be read at a wider range. In response to a question from Mr. Todd Rydstrom, Ms. Cocking highlighted the benefits to employees of the technology, including reducing worker strain and injury, preventing worker’s compensation needs, and enabling blind employees to use the technology.

 

Members noted that some of the language in the Surveillance Technology Policy contained references to “PII” even though this technology does not collect any PII. Members suggested the following edits to the Surveillance Technology Policy:

• Page 1: Remove the last paragraph beginning “Further, processing of personal data…”
• Page 4: Edit the “Notification” language from “No personally identifiable information (PII) is collected or tracked, so the Library does not post a notice.” to “No personally identifiable information (PII) is collected or tracked through this technology, so the Library does not post a notice.”
• Page 6: Remove the third paragraph under “Data Sharing” beginning “Department shall ensure all PII and restricted data…”
• Page 6: Replace the first paragraph under “Data Retention” with the following: “While the department does not collect PII through this technology, it adheres to the following data retention period and justification for the data it does collect.”

 

After member questions, members unanimously approved the SFPL Surveillance Technology Policy with the specified edits.

 

9. Public Comment

 

Eli Hill provided public comment.

 

10. Adjournment

 

The meeting adjourned at 10:28 am.