In my expert opinion, the first step for the local government to take should be suspend the implementation of the new policy for at least 90 days. This allows the public the time to review what the policy is asking of them as well as being able to have their voice heard of whether they want it or not. A policy that asks for so much personal information should not just be implemented without having a conversation with the public first anyways. “An effective enterprise risk management program promotes a common understanding for recognizing and describing potential risks that can impact an agency’s mission and the delivery of services to the public.” (Mulvaney, 2017).
The local government does not have to go too far out of their way to convince the public that this “invasion of privacy” is in their best interest. All that they must do is have a discussion with the public and tell them what is happening. If the local government would have had a town meeting and informed the public ahead of time so that transparency was there, the public probably would not have happened in the first place.
Therefore, the second step for the local government to take is to put on their website what has happened and how they plan to fix it. This will give the public time to do their research and find out for themselves if this is the best option for them. “The policy-making process takes account of the impact on and/or meets the needs of all people directly or indirectly affected by the policy” (Bullock, Mountford, & Stanley, 2001).
The last step is to hold a town hall meeting to put all the information out to the public again. This will let everyone that has shown up, that has not looked on the local government’s website, to be brought up to speed.
It is important as government officials that you take your time implementing laws and policies. When it has to do with as much personal information that you are seeking, you have to be especially careful. To expect the public to give up so much personal information without kickback, is asking too much. Take a step back and give the public all the information, so they can make the right decision of whether to give up so much personal information or not. Maintaining a relationship with the public is important, as it is usually the local government, not federal, that deals with incident response activities in the case of a breach. (Homeland Security, 2016).