WHEREAS, the City of Portland has built a legacy of privacy protections through prior Council actions, including Resolution 37437 (adopted June 19, 2019) establishing Privacy and Information Protection Principles; Ordinances 190113 and 190114 (adopted September 9, 2020) prohibiting the use of face recognition technologies by City bureaus and in public accommodations; and Resolution 37608 (adopted February 1, 2023) establishing a Citywide Surveillance Technology Inventory and privacy review processes; and
WHEREAS, the City of Portland has a core value of transparency to support accountability and democracy and has adopted the Open Data Resolution 36735 (adopted 2009) and established an Open Data Policy (Ordinance 188356, adopted May 2017), which, alongside the work of the Data Governance Planning and Analysis Team, led to the Citywide Data Governance Committee coordinated by BPS; and
WHEREAS, since these policies were adopted, new generations of surveillance technologies, artificial intelligence (AI)-enabled camera networks, automated license plate reader (ALPR) systems connected to nationwide sharing platforms and interconnected "smart city" sensors embedded in traffic systems and public spaces, have expanded the scope and precision of government and commercial monitoring. These systems generate continuous streams of data, often analyzed in real time, and combine disparate data, from geolocation and license plate scans to facial recognition, enabling the creation of detailed patterns of movement, association, and identity across entire communities; and
WHEREAS, data brokers play a central role in this evolving surveillance ecosystem by aggregating and selling personal information from multiple sources, including public records and state and local data streams. Data brokers increasingly provide services to federal law enforcement agencies and other entities seeking to circumvent local privacy and Sanctuary safeguards, allowing sensitive data originally collected for municipal purposes to be repurposed for unrelated enforcement or profiling activities; and
WHEREAS, federal law enforcement agencies exploit brokered datasets and access state and national information sharing systems, creating indirect pathways to City originating data that bypass local oversight and frustrate the intent of Portland's privacy principles and Sanctuary policy; and
WHEREAS, sensitive data most at risk, including but not limited to categories defined by the Oregon Consumer Privacy Act, personally identifiable information, biometric identifiers, and geolocation or utility data, upon aggregation or deanonymization, enable comprehensive surveillance of individuals and households well beyond the original context of collection; and
WHEREAS, such risks fall disproportionately on marginalized communities, including Black, Indigenous, and other people of color; immigrants; unhoused Portlanders; people living with mental health conditions; and individuals engaged in protest or civic activity, exacerbating inequities and eroding public trust in government; and
WHEREAS, enterprise data governance enables organizations to make decisions about data and hold those that work with data accountable to data and privacy policies, including ordinances, resolutions, and City values; and
WHEREAS, effective data governance requires knowledge and experience with business needs and strategy, data collection and analysis, data management, data culture change management; and
WHEREAS, to address these emerging threats and close gaps in current protections, Council seeks to enable data minimization, strengthen contractual controls, improve data security and advance data governance maturity, while enhancing public transparency and community oversight to prevent the misuse of City originating data and reaffirm Portland's Sanctuary and privacy commitments.
NOW, THEREFORE, BE IT RESOLVED the City Council directs the City Administrator to establish a City Data and Privacy Office as shown in Exhibit A.
BE IT FURTHER RESOLVED, this Resolution is binding City policy.
Exhibits and Attachments
Impact Statement
Purpose of Proposed Legislation and Background Information
Rapid advances in AI and surveillance tools have transformed ordinary data (transit records, utility data, traffic cameras, geolocation data, purchase records) into inputs for advanced behavioral and pattern-of-life analysis. Across the country, federal agencies and private contractors use multi-source datasets to identify, track, and monitor a wide range of communities and individuals, including but not limited to immigrants. As these tools become more sophisticated and more widely used, the City must adopt a unified, city-wide approach to data governance and privacy to ensure that Portland's systems are not repurposed for broad, population-level surveillance or targeted monitoring of vulnerable groups.
The purpose of this resolution, in conjunction with the accompanying ordinance, is to direct the creation of the City Data and Privacy Office, located in the City Operations service area, and to establish the role of Chief Data Officer (CDO). This office will be tasked with improving privacy protections, stewarding data assets, and minimizing risks from data brokers, uncontrolled sharing of sensitive personal information, and secondary data use, including Large Language Models (LLMs) for the use and development of artificial intelligence, and assessing other privacy and data governance issues as outlined in this resolution.
Establishing this office will create for a more centralized authority on data governance and privacy in the city, allowing for a more unified approach to data and privacy protection. Upon establishment, data governance work will be consolidated within the City Data and Privacy Office, with the Office functioning as the City authority. The City Data and Privacy Office will continue to collaborate with the Office of Equity and Human Rights to ensure appropriate consideration of equity impacts and will work closely with the Bureau of Technology Services to ensure data governance needs guide information technology decisions and information technology planning supports long-term stewardship of City data assets.
Financial and Budgetary Impacts
This legislation does not require changes to current FTE or budgets and does not result in new financial obligations. Instead, staff are directed to establish a Data and Privacy Office and create a transition plan, detailing what staff is necessary for the office. After functions and staffing are identified, a plan for resourcing both data governance and privacy work will be produced to be taken up in the budget.
Economic and Real Estate Development Impacts
Not applicable
Community Impacts and Community Involvement
Not applicable
100% Renewable Goal
Not applicable
Economic and Real Estate Development Analysis
Analysis provided by Prosper Portland
An Economic and Real Estate Development Impact Analysis was not submitted for this proposed action. Pursuant to City Council Resolution 37664, Prosper Portland staff has reviewed the action and agree that it does not require an Economic and Real Estate Development Impact Analysis.
Document History
Document number: 2025-481
President's referral: Community and Public Safety Committee