City IoT deployments must protect and respect the privacy of residents and visitors. The City is committed to being open and transparent about the “who, what, where, when, why and how” of data collection, transmission, processing and use.


2.1: IoT systems (e.g. how data is collected, analyzed and used) should be designed with the use case in mind (e.g. predicting demand for trash pick-up based on data on trash volume, weather and events) to maximize the benefits that can be derived data collection (e.g. routing garbage trucks more efficiently). Where useful, relevant business and historical data from the City or its partners should be made available and utilized by applications.

2.2: The desired measurement from any IoT system (e.g. pedestrian counts) should be collected and categorized as efficiently as possible, using as few steps and/or manipulations as necessary.

2.3: IoT data should be collected and stored according to open standards, contain relevant contextual metadata, be exposed through open, standards-based application program interfaces (APIs), and be provided with software development kits (SDKs) where applicable so it can be easily shared or combined with other data sets.

2.4: IoT data should be archived in a federated way and made accessible throughout the City through a central portal (e.g. the City’s open data portal) or a catalogue of documented open APIs unless restricted by existing laws or regulations and/or doing so would compromise privacy or public safety. Data from other systems not operated by the City, such as from a private sector partner or from crowdsourcing, that could provide public benefit can also be provided in this form with the source documented accordingly.

2.5: The City recognizes the use of distinct and sometimes conflicting non-proprietary international, national, or industry standards for data and technology interfaces. In cases where standards conflict, the one that most closely aligns to the use case will be selected.

2.6: Each IoT device data set (e.g. temperature) should be validated and verified (e.g. through redundancy in data collection and/or historical data) and the resulting master copy clearly labeled before it is used, aggregated and/or released. Data should be versioned so that any updated data can be distinguished from the original and/or master copy. The retention and disposal policies for the master copy should be explicitly defined.

2.7: IoT data should be both audited and continuously monitored for accuracy and validity. This process should be automated where possible.

2.8: All data sets (e.g. 311 service requests) should be checked for geographic, social or system-driven bias (e.g. geographic differences in civic engagement) and other quality problems. Any biasing factors should be recorded and provided with the data set and corrected where possible.

Related Resources

Back to all guidelines


These guidelines are designed to continually evolve and improve over time — we welcome and appreciate all feedback. We also invite cities to join the effort by committing to our guiding principles for the responsible and equitable deployment of smart city technologies. Contact us to learn more.

Contact us