zlacker

[return to "The Police Data Accessibility Project"]
1. primit+Xg[view] [source] 2020-06-02 00:03:40
>>cpasca+(OP)
I submitted a FOIA request last year for all parking citations issued in San Francisco. The data was truly extraordinary and showed clearly how simple street sweeping citations could lead to a car being towed, auctioned, and the owner (whose name/license plate is publicly listed if they overpaid or paid a citation twice [1]) losing their business and eventually moving elsewhere. I decided against publishing my research out of fear of encroaching on the privacy of those involved.

One story that comes to mind is the license plate HPPYPPS, a plumber whose company Happy Pipes provided service around SF. He was subject to numerous citations on the order of $1k a month. When his van was towed, he likely did not have the funds to retrieve it, and it was subsequently auctioned. He now does business under the same name, but in Utah. It is interesting to think of how much tax revenue the city actually lost by fining a small business out of existence, which was likely much greater than the total punitive fines levied against him.

In the process of looking up companies that owned vehicles, S1 filings, and high-end cars that seem to accrue tens of thousands of dollars of fines every year, I grew exhausted and demoralized by the project and it has sat on my back burner for a year now. If anyone is interested in taking this up while respecting the privacy of those involved, let me know how to contact you and I'll share my data.

1. https://www.sfmta.com/sites/default/files/reports-and-docume...

◧◩
2. runawa+hk[view] [source] 2020-06-02 00:33:25
>>primit+Xg
Is there any protocol to have masked data similar to healthcare data?
◧◩◪
3. primit+Nl[view] [source] 2020-06-02 00:45:08
>>runawa+hk
I am actually the cofounder of a healthcare company that works with sensitive patient data (vitals, symptom reports, messaging between patients and doctors, lab results, etc). In the process I have found that even HIPAA is not a protocol, it is a largely unspecific set of guidelines for how patient data should be stored and transmitted. If we were to publish a dataset with anonymized patient information (e.g. the Framingham Heart Study) we could probably do so without any legal ramifications - there isn't much in HIPAA that explicitly prohibits or denies using data that has been stripped of PII. However we would never do such a thing since pretty much everyone in our industry is extremely risk-averse.

The only relevant guideline I found on parking citation data was that it is unlawful to look someone else up by their license plate. However, it is entirely possible for someone to do so without detection. My primary concerns, however, were ethical concerns - there were many people for whom you could determine their place of residence, place of work, and financial situation by their license plate's inclusion in these data sets.

◧◩◪◨
4. junon+wz1[view] [source] 2020-06-02 13:12:12
>>primit+Nl
> In the process I have found that even HIPAA is not a protocol, it is a largely unspecific set of guidelines for how patient data should be stored and transmitted.

Former HIPAA security officer here; to be abundandly clear, there _are_ very specific guidelines for which information must be anonymized.

I don't think you were saying the alternative, just sounded a little like "anything goes" which is definitely not the case.

As for your point about guidelines, that's entirely true - last time I read the section about encryption, it just specified "state of the art encryption" which is... a poor way to specify that.

[go to top]