We are all familiar — in concept if not in practical experience — with encryption protocols that we use everyday to protect our sensitive personal information along the internet’s pathways. We are also familiar with how necessary it has become in today’s world to share our personal information with various organizations, with financial institutions, and with many government agencies (Social Security, state and federal taxes, just to name two). To get ahead in this digital, data intense world we live in, it is clear that finding a balance between sharing data and protecting data is vital. Well, we just happen to have four tips on ways to accomplish just that.
Open Data = Sensitive Data. It is an unwritten “rule” that local governments often find that open data equals sensitive data. In addition, the “law of unintended consequences” often comes into play when data set expansion allows hackers to mine data already in the public space until they eventually identify individuals. Cybersecurity experts know this as the mosaic effect, which often weakens long-established best efforts at data protection.
Tension between sharing data and protecting data. It is safe to say that there is a natural tension between sharing data and protecting data. Open government proponents want to see more sharing of information. The popular move toward smart cities means the big data publicly available to government entities as well as various business organizations will skyrocket. The problem is not the release of sensitive data to the public. Rather, it is the potential for hackers to mine information already out in the public domain. It is the potential for hackers to take advantage of information the government or other organization did not need for its project and should avoid storing it in the first place.
Four ideas for IT officers. The following are the suggestions for finding the balance between sharing and protection.
- Find the level of risk that government officials and the public can tolerate. Start with the understanding that zero tolerance is not possible. Before creating any data sharing program, do due diligence in a risk-benefit analysis. That is identifying the possible vulnerabilities, potential threats, and how likely the threats will happen. To do this, developers must know who will use the data, who will benefit from the data, and how those individuals will use the data.
- Privacy, Privacy, Privacy. That means privacy is a major concern during all phases of the data’s life. It’s important for data collection, maintenance, release, and removal when no longer relevant. For practical purposes, remaining cognizant of privacy means not collecting sensitive information that is not relevant to the project and could result in a vulnerability.
- Privacy framework. Local governments are on their own for the privacy framework because the federal government and most states have few guidelines. Researchers say cities should develop their own frameworks with their own privacy standards and consistent procedures.
- Keep Public Informed. Whenever cities decide to release data, researchers say that the public should know how the government developed the data, how it benefits the city, and what precautions they took with regard to the data in order to protect sensitive information. The watchword is transparency. Part of transparency means developing access to information as well assigning and maintaining responsibility for the results and creating ways to assess benefits and risks.
Harvard researchers developed the “Open Data Privacy Playbook” with suggestions for local governments on how to find the right balance between sharing and protecting data. It is well worth a read as is the Citylab.com article entitled “A Playbook for How Cities Should Share and Protect Data” which was the inspiration for this post.