The URL can be used to link to this page

Home My WebLink AboutWS 2026-05-04 Item 3A - Agreement - 3rd Party Data Privacy & Security Assessment / Flock Safety Master Service AgreementCity of Tukwila 3rd Party Data Privacy and Security Assessment Flock Contract Update & Recommendation May 4, 2026 City Council Work Session The City of opportunity, the community of choice. 2 Briefing Overview Joel Bush, Chief Information Officer Kari Sand, City Attorney Interim Police Chief Eric Lund Mayor Tom McLeod • Third Party Risk Assessment, Recommendations & Roadmap Overview • Flock Safety Master Service Agreement Update Status • Administration ALPR Recommendations 3 3rd Party Risk Assessments Overview Joel Bush, Chief Technology Officer • Mayor directed risk assessment of vendors/contractors regarding data privacy and security • 5 Recommendations by TIS • Roadmap to strengthen governance, reduce vendor risk and establish more consistent standards 4 3rd Party Risk Assessment Recommendations Technology and Innovation Services 4 The City of opportunity, the community of choice. 5 Change Management Policy Criminal Justice Information System (CJIS) CJIS provides secure, standardized information to law enforcement via a central repository for criminal records, fingerprints, and identification data. Recommendation #1: Bolster administrative controls • Clear authorization and approval processes • Random integrity audits to ensure policy compliance • Review and test changes to ensure accuracy • Supports Washington State Patrol triennial audit to ensure compliance with FBI CJIS standards 5 6 Technology & Innovation Services (TIS) Tools Recommendation #2: Standardize Terms and Conditions Expand Use of TIS Contract Templates • Consistent security controls • Privacy requirements • Vendor accountability 7 Business System Owner (BSO) A staff member who is responsible for the entire lifecycle of an information system (e.g. permit system; recreation registration, payroll processing, etc.), including procurement, operation, maintenance, support and replacement. Recommendation #3: BSO Duties and Responsibilities • Authorize user access and review role -changes Establish BSO Roles, • Conduct system reviews and audits Responsibilities & • Comply with information security requirements Expectations • Ensure security controls and training • Support users and facilitate troubleshooting • Develop and implement BSO training 7 8 Third Party Risk Management Technologies that are not exclusively operated or controlled by the City of Tukwila or that involve significant participation of a nongovernmental entity (e.g. vendor, service provider, developer). Recommendation #4: Develop & Implement Vendor Security Assessments Formalize City-wide approach • Conduct comprehensive security assessment prior to procurement and upon renewal/re-licensing • Apply risk tiering to ensure the level of review aligns with the solutions risk profile 8 9 Unify Privacy and Data Policies and Procedures Privacy and Data Governance Data privacy is a set of principles governing how personal data is collected, used and shared. Data governance is the overall framework of policies and processes that defines how the City of Tukwila manages, secures and maintains the quality of all its data. Recommendation #5: City and Public Safety Privacy and Data Policies • Define how the City collects, uses, discloses, retains and shares data, focusing on legal compliance, equity, security, and individual rights. • Clarify expectations for vendors access, use, management and protection of City information. 9 10 Recommendation Implementation Roadmap 2 4 5 Recommendation CJIS Change Management Policy Technology & Innovation Services Contract Templates Business System Owner (BSO) Responsibilities 3rd Party Risk Management Program Privacy & Data Governance Policies 2026 Timeline Q2 Q2-4Q4 Q3 -> Q4 Q3->Q4 Q3-Q4 Owners PD & TIS TIS & Legal Departments & TIS TIS TIS, HR, & PD 11 Flock Safety Master Services Agreement Update City Attorney I.J. The City of opportunity, the community of choice. 12 Flock Safety MSA - Concessions • Clarify use of data (limited to permitted uses under SB Flock Safety Master 6002) Service Agreement • Allow for reporting functions as required by SB 6002 Status Update • Restrictions related to sharing settings • Clarify and tighten data ownership and control • Specifying disclosure process and limit to court order or subpoena • Added a termination provision (but still have to pay outstanding fees) • Added breach notification and reimbursement requirements for City costs incurred related to breach Kari Sand, City Attorney 777710,07101,' ▪ 1,077777k7Or'7;0ve, 13 ALPR Recommendation Mayor Tom McLeod Eric Lund, Interim Police Chief Maintain use of Flock safety cameras • Use of technology as a cost-effective and innovative way to deter and solve crime • ALPR technology captures objective evidence without compromising individual privacy • Tukwila does NOT provide Flock data to federal immigration enforcement agencies • ALPR data is used only for local investigative public safety purposes • Data helps locate wanted criminals, stolen vehicles and/or license plates, and missing or at -risk individuals • Tukwila will comply with SB 6002, best -practice safeguards, revised Flock contract, revised data security policies 13 14 Next Steps • Continued interpretation & implementation of SB 6002 • Committee review of updated Flock Safety MSA • Staff training 15 Additional Resources ALPR & Data Privacy/Security Review • htt!+ s://wwwstukwilawa.gov/departments/mayors-office/about-automated-license-plate- readers-alpr®in®tukwil / Tukwila Police ALPR Transparency Portal • https://transparency.flocksafety.com/tukwila-wa-pd Tukwila Police Training & Policies • https:/ w w.tul< ila a. ov de art ents olio ainin and 16 The City of opportunity, the community of choice. 17