Smart Cities Challenge Final Proposal
Chapter 7 – Data and privacy
March 5, 2019
Chapter 7 – Data and privacy
Winners will leverage data for projects that use connected technologies and in turn, harvest the data that they generate to, among other things, achieve efficiencies, inform decision-making, and improve the performance and application of the technologies themselves. Winners will also, to the extent possible, make data available publicly, build analytics in-house, and avoid being locked in with specific vendors in a way that hinders them and other communities from leveraging the data. At the same time, winners will need to secure highly sensitive data, defend against security breaches, and protect personal information and privacy. This chapter serves as a demonstration of your commitment to responsibly managing data through its lifecycle with security and privacy considerations addressed.
Appendix 3 (page 26) provides detailed guidance on data and privacy considerations.
Provide a data management plan for the implementation phase, including:
- Preliminary Privacy Impact Assessment (PIA) or Preliminary Rationale Analysis (PRA) with evidence that relevant privacy authorities were consulted and their guidance was considered in its development
- The ways in which the data management plan complies with Personal Information Protection and Electronic Documents Act (PIPEDA) and other relevant municipal, provincial/territorial, or federal privacy regimes
- Types and methods of data collection, generation, analysis, storage, and transmission, and plans for re-use, re-distribution, derivative production, archiving, and preservation that reflects the entire data lifecycle in project design
- Efforts made to integrate security and privacy considerations into project design, particularly those that were raised by users, residents, and other stakeholders
- Efforts made to adhere to the following principles:
- Governance: strong governance frameworks and meaningful resident engagement throughout the lifecycle of projects
- Ownership and control: avoidance of private-sector ownership and control of publicly- sourced data and community-owned and controlled data approaches
- Consent: respect for meaningful consent in data collection, use, and disclosure
- Data minimization and de-identification: pursuit of less privacy-invasive alternatives wherever possible and de-identification of all personal information at the earliest opportunity and mitigation of potential for re-identification
- Accessibility: accessible, interoperable, and open data approaches to drive community-based solutions
- Security: secure storage and transmission of data and assurance of effective cybersecurity
- Open and big data strategies, including the ways in which they facilitate transferability and replicability of technologies and projects
- Identification of risks and development of appropriate mitigation strategies
- Other details, as required
- Plan is detailed, complete, high quality, and well-suited to achievement of outcomes
- Plan supports the implementation of projects
- Open and big data strategies are employed to the extent possible and facilitate transferability and replicability of technologies and projects
- Risk strategy is thorough and adequately addresses key risks
Chapter 7 – Data and privacy
Privacy is of the utmost importance to our leadership, project team and community as a whole. Given that this project entails a blended learning environment of both online and real-world opportunities this project will result in the generation of new data from users creating accounts on the Open edX platform. As such, it is critical that this project be developed and implemented with significant consideration given to privacy and data security. The following chapter outlines our data management plan.
Preliminary Privacy Impact Assessment (PIA)
Given that this project involves the collection of some personal data, it is necessary to complete a Privacy Impact Assessment (PIA). In preparing this proposal, the project team has completed a preliminary privacy impact assessment through reliance on applicable regulations and our internal governance strategy and through incorporating feedback from the Office of the Privacy Commissioner of Canada. The PIA is submitted under separate cover.
The Preliminary PIA covers all proposed activities under the SMART Cities project, including how data will be sourced and accessed through the Open edX platform. Considerations have also been made for: Data Storage, Data Access, Data Retention and Data Disposal required throughout the lifespan of this project. The project team will continue to assess the project’s privacy risks and impact to determine if there is a need to update the privacy analysis and/or the PIA report. This ongoing assessment is an essential part of identifying and mitigating new issues and changes impacting privacy that may arise during the implementation phases.
This Chapter of the Smart Cities Challenge includes much of the information included in the preliminary PIA, as well as additional details as specified.
Compliance with Applicable regulations.
The following table outlines the result of our compliance analysis:
Data Management process
This section outlines the types and methods of data collection, generation, analysis, storage, and preservation that reflects the entire data lifecycle in project design. The Data to be collected during this project is associated with the inputs and outputs, as described in our performance measurement strategy presented in Chapter 2.
Step 1: Gain informed Consent
In order to ensure participants (and their legal guardians) make an informed decision when providing their consent to participate in the Open edX platform, a privacy seminar will be held at the community centre prior to program roll out. During this seminar, the project team will review the project and the content of this Privacy Impact Assessment to ensure participants (and their guardians) are knowledgeable of the inherent risks of participating in a partially-online learning platform. This seminar will overview what information will be collected and why, who will have access to this information once an account has been created and what agreements are in place (at that time) with all 3rd party providers. This seminar will also allow community members to voice their privacy concerns with respect to participating in an online environment. The project team will also present the policies and procedures developed thus far to mitigate any identified privacy risks and how any data breaches will be managed, as described within this document and further iterations of the PIA.
Should students, or their legal guardians, opt-out of the online-augmented (i.e., blended-learning) program, they will be given alternative means of participating in the K-12 curriculum at the brick and mortar school. It is important to note the participation in this Open edX platform is 100% voluntary and if not adopted will not diminish the learning of non-participates. Participants and their guardians will be provided a consent form outlining the privacy concerns and risks, for review and signature prior to enrolling in the Open edX platform.
It should be noted that as outlined in the PIA, in an effort to mitigate risks, the project team will work with Technology/Software providers, including Open edX to enter into a contractual agreement which will ensure personal information is handled in a privacy-compliant manner, and restricts the third party’s use of personal information for proposes outside the project scope. In all cases the user will be advised about any third party’s privacy policies/statements when directed to a third-party site for additional links or resources, as part of informed consent process.
Step 2: Personal Information Data Collection
Users of the Open edX platform will be required to provide the following types of personal information. This information will then be use by teaching Staff to offer better service to participants.
- Account creation and login information, including user name and password *
- Location information – anytime the student interacts with Open edX platform, location data is generated **
- Patterns of behaviour (which educational video were watched and for how long)
* Students will not be asked to provide their address, date of birth or other identifying information for the purposes of setting up an account with Open edX. The intent of collecting a user name and password is only to allow a student to create an account and login to the Open edX platform and to enable teachers to track a student’s progress.
** Due to the very nature of the internet anytime a person connects, the media that is being delivered to that person is tracked using a particular ‘IP address.’ Location data is then deduced from that IP address. There is no reasonable (or perhaps possible) way to interact with the internet without generating location data. Total location privacy is not possible within the current organization of the internet since IP addressing is a foundational part of the internet. As such we can only attempt to maximize our privacy online – while accepting that our location will always be exposed.
Step 3: Data Analysis
Information to be collected will include the name/user name of the student and the amount of time a student spends watching a video, as well as any participation in any traditional activities as tracked through the meetup forum functionality. Similarly, should students identify participation in traditional activities through the meetup forum functionality of Open edX, this will generate location data.
No additional information will be provided regarding the student’s performance in other school programs. Again, this is a voluntary blended-learning environment (online and/or brick-and-mortar, but not online only) and therefore the intent is to not replace what is currently being done at the school level. All collection of student data will be limited to what is needed for educational purposes.
Teaching staff are the only project resources who will have access to the student specific data. No other project team member will have access to individual student specific information. No information will be made public. Teachers require access to student specific data as it is needed ensure a student has completed the required curriculum. Behaviour data is also required to make teachers aware of how long a student struggled with a particular math problem, or how many times the student rewatched a video, and which sections of the video were rewatched, for example. This is one of the main benefits of using a blended-learning approach as this “behavioural pattern” data is what helps our teachers teach more effectively.
Teachers will not provide information about a student to Open edX nor to Appsembler. The flow of information is from student to Open edX to teacher, which is then provided back to the student in the form of a report card and to the project team in the form of aggregated summary data for performance measurement tracking only. In other words. Teachers will summarize the data and submit to the project team for performance monitoring and process improvements.
With respect to information collected by 3rd parties, this will all be as per the contractual agreement. All terms of these agreements and risks to privacy resulting form 3rd party platforms and software will be communicated to users (and guardians) as part of the informed consent process.
Step 4: Store and Dispose of Data
Minimal student data will be stored on Open edX platform, over the course of their school. Data stored by teachers (i.e. in the form of records and report cards) is governed by their existing policies and procedures. With respect to input data such as the videos, stories, overdubbing, etc. that will be created for the language immersion education and STEM bilingual courses portion of the project. This data will be stored on the Open edX platform as well as in a redundant hard-copy format (i.e., transcripts, tapes, etc.) to ensure data is not lost. There are no additional privacy concerns associated with storing physical copies of the educational materials. All information identified is absolutely necessary for implementing the project, participating in the project and/or for monitoring the success of the project. Student data stored on the Open edX platform will be expunged following a student’s graduation.
There are no plans for and transmission, and plans for re-use, re-distribution, derivative production, archiving, student personal data. All other data, including videos, are to be made publicly available.
Open and Big Data Strategies
Only once this framework is expanded to different communities with different objectives will the use of big data be necessary to track the different uses and functions of this curriculum. At this point, open data will be used to report progress, engagement, best practices, etc. This information will not pertain to specific individuals, but specific user bases as whole. For example, data may summarize user rates, and immersion progress of a specific community, but not specific students of that community.
Privacy Risks and Mitigating Strategies
Risks and Mitigation Strategies are discussed throughout this chapter (and others). Three key risks are summarized in the table below: