personal medical data (metamorworks/

Utah shares hard lessons on privacy, bias

Last year, it was revealed that the CEO of Banjo, the company Utah’s state government had hired to deliver public safety analytics for several agencies, had previous associations with KKK groups and participated in a drive-by terrorist attack on a synagogue. Shortly after that revelation, the Banjo CEO resigned, the contracts were cancelled and Utah State Auditor John Dougall formed a commission to review the contracts and the application for privacy violations and potential algorithmic bias.

Banjo, a Utah-based surveillance analytics company, scrapes public data from billions of social media accounts, as well as data from government traffic and surveillance cameras, 911 calls, audio sensors, location data for state-owned vehicles and other sources. It uses artificial intelligence to analyze the data streams and detect anomalies, giving public safety agencies near real-time information on incidents like car crashes, medical emergencies, shootings, fires and dangerous road conditions. Banjo secured several Utah government contracts with support from Attorney General Sean Reyes, according to the Salt Lake Tribune.

Utah’s Commission on Protecting Privacy and Preventing Discrimination was formed in June 2020. It was composed of technical, public policy, business and public safety experts and charged with reviewing Banjo’s contract with Utah and identifying “actions that governmental entities should take to ensure their software systems protect Utahns’ privacy and prevent discrimination against them,” Dougall said.

On Feb. 1, the commission released key recommendations to help state and local governmental entities make thoughtful decisions about emerging technologies, such as artificial intelligence or machine learning, that collect personally identifiable information or other sensitive data and could impact the privacy of Utah residents or lead to discrimination, the State Auditor’s Office said in its announcement.

The 12 software application procurement principles are briefly described in one document, with a companion document providing questions agencies should ask when applying the principles for evaluating software that may impact privacy or cause discrimination.

The 12 principles recommend that agencies:

  1. Limit sharing of sensitive data.
  2. Minimize sensitive data collection and accumulation.
  3. Validate technology claims with a capability review.
  4. Rely on objective, repeatable metrics.
  5. Assess the vendors’ threat models.
  6. Perform in-depth review of artificial intelligence and machine learning software.
  7. Verify the vendors’ privacy compliance.
  8. Review the steps vendors take to mitigate discrimination.
  9. Determine the vendors’ privacy and non-discrimination procedures for ongoing validation.
  10. Require vendors to obtain consent of individuals contained within training datasets.
  11. Vet key vendor personnel.
  12. Evaluate vendor corporate management and vendor solvency.

As the commission began its work, “it became clear that the availability of some clear, thoughtful principles aimed at these emerging technologies would be a powerful resource for Utah’s government agencies,” Dougall said.

“I expect that the report that we have produced will provide very effective guidance for state agencies,” said Suresh Venkatasubramanian, a professor at the University of Utah’s School of Computing. “[It]  places Utah at the forefront of efforts around transparency, privacy protection and bias reduction, especially when using new AI-based technologies.”

About the Author

Susan Miller is executive editor at GCN.

Over a career spent in tech media, Miller has worked in editorial, print production and online, starting on the copy desk at IDG’s ComputerWorld, moving to print production for Federal Computer Week and later helping launch websites and email newsletter delivery for FCW. After a turn at Virginia’s Center for Innovative Technology, where she worked to promote technology-based economic development, she rejoined what was to become 1105 Media in 2004, eventually managing content and production for all the company's government-focused websites. Miller shifted back to editorial in 2012, when she began working with GCN.

Miller has a BA and MA from West Chester University and did Ph.D. work in English at the University of Delaware.

Connect with Susan at [email protected] or @sjaymiller.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected