Chicago Sensor Procurement and Privacy Rules

Chicago, Illinois requires that city agencies and contractors follow procurement and privacy practices when acquiring and operating sensors that collect data about public spaces and people. This guide explains which municipal instruments and departments typically control procurement, privacy assessments, procurement disclosures, and compliance pathways for sensor systems used by or on behalf of the City of Chicago.

Scope & Applicability

The rules that affect sensor procurement include Chicago municipal procurement procedures, procurement contract terms, and any local data or surveillance technology policies that apply to city departments and vendors. Procurement and contract clauses can require privacy impact assessments, data retention limits, and approved uses. For governing text and municipal ordinance references, consult the City of Chicago code and department policy pages.^[1]

Procurement Requirements

Procurement of sensors for municipal use requires coordination with the Department of Procurement Services (DPS) and technical review by the Department of Innovation and Technology or other sponsoring department. Typical procurement controls include technical specifications, contract clauses for data handling, required certifications, and vendor responsibility for compliance.

• Contract terms: include data ownership, retention limits, and permitted uses.
• Privacy assessments: require a privacy impact assessment or equivalent documentation before award.
• Budget and fees: ensure procurement packages list acquisition, installation, and ongoing data management costs.
• Department coordination: involve DPS and the sponsoring department early for approvals.^[2]

Penalties & Enforcement

Enforcement of procurement and privacy obligations may arise from contract remedies, administrative enforcement by the contracting department, or civil action. Specific monetary fines or statutory penalties for sensor procurement/privacy violations are typically spelled out in contract remedies or relevant code sections; if a precise fine amount or statutory penalty is required, it must be confirmed in the controlling contract or code provision.

• Monetary fines: not specified on the cited page; check contract clauses or code sections for exact amounts.^[1]
• Escalation: remedies often include cure periods, contract termination, and cost recovery; specific escalation schedules are not specified on the cited page.^[1]
• Non-monetary sanctions: orders to cease use, contract suspension or termination, data deletion orders, and injunctive court relief are typical enforcement outcomes (details depend on contract or ordinance).
• Enforcer and complaints: enforcing authority is usually the contracting department with support from Department of Law or oversight offices; procurement questions and complaints are handled through DPS and the sponsoring department.^[2]
• Appeals and review: administrative protest and contract appeal procedures through DPS or the City Clerk apply; specific time limits should be verified in the procurement solicitation or code for the applicable appeal window.

Applications & Forms

Requirements for applications, forms, or permits vary by project and department. Some procurements require a privacy impact assessment or a department-specific approval form; however, a consolidated public form for sensor procurement or privacy approval is not specified on the cited department pages.^[3]

Common Violations

• Operating sensors without required contract terms or privacy review.
• Failing to document data retention and access controls.
• Sharing data outside permitted uses set in the contract or policy.
• Missing procurement disclosures or unauthorized vendor subcontracting.

FAQ

Who enforces sensor procurement and privacy rules?

The sponsoring department and the Department of Procurement Services enforce procurement clauses; privacy issues may involve the Department of Innovation and Technology and the City’s legal offices.

Are there standard privacy impact assessment forms?

Some departments require privacy assessments, but a single citywide public form is not specified on the cited pages; check the sponsoring department and DPS for requirements.^[3]

Can sensors be used on a trial basis?

Trials require clear scope, approved contract terms, and documented data handling; consult DPS and the sponsoring department before deployment.^[2]

How-To

1. Identify the sponsoring department and contact DPS to confirm procurement route and solicitation type.
2. Prepare technical specs that include data minimization, retention schedules, access controls, and permitted uses.
3. Complete any required privacy impact assessment or department-specific approvals before solicitation.
4. Include contract clauses that address ownership, third-party sharing, incident response, and audit rights.
5. After award, monitor vendor compliance, retain records, and follow reporting or audit obligations in the contract.

Key Takeaways

• Coordinate with DPS and sponsoring department early.
• Document privacy impact assessments and contract controls.
• Use official procurement and department channels for complaints and appeals.

Help and Support / Resources

• Department of Procurement Services - City of Chicago
• Department of Innovation and Technology - City of Chicago
• City of Chicago Code of Ordinances (Municode)

1. [1] City of Chicago Code of Ordinances - Municode
2. [2] Department of Procurement Services - City of Chicago
3. [3] Department of Innovation and Technology - City of Chicago