[MyData & Open Data] Introductions

Thu Mar 14 13:37:20 UTC 2013

Jason, 

Might the ICPSR framework for dealing with disclosure risk be appropriate to use here?

"ICPSR subjects all datasets to a review to assess disclosure risk. It has established a certification program in disclosure risk management that involves training data processors to apply rigorous procedures to protect the confidentiality of data that ICPSR processes, archives, and distributes."

http://www.icpsr.umich.edu/icpsrweb/content/datamanagement/confientiality/index.html

-Limor

Limor Peer, PhD
Associate Director for Research | Institution for Social and Policy Studies | Yale University
77 Prospect Street
POBox 208209
New Haven, CT 06520-8209
limor.peer at yale.edu
203-432-0054
http://isps.yale.edu/

________________________________________
From: mydata-open-data-bounces at lists.okfn.org [mydata-open-data-bounces at lists.okfn.org] on behalf of Hare, Jason [Jason.Hare at raleighnc.gov]
Sent: Thursday, March 14, 2013 8:19 AM
To: s at ctrlc.hu
Cc: mydata-open-data at lists.okfn.org
Subject: Re: [MyData & Open Data] Introductions

Stef,

There is nothing inherently analog about redaction. In fact, using very simple web services, we can identify and redact columns of information that may contain PII. By  web service I am not taking about a web application but more of a middleware abstraction layer. That is not really the point of my post. My post was about the philosophical stance on PII within open government data and how the OKFN can provide some leadership on best practices.

In the US we do not have much in the way of national privacy policies except perhaps FERPA, HIPAA and a few others. This makes it difficult to implement a policy standard across jurisdictional lines which creates the problem of isolated and non-interoperable open data initiatives.

So, just checking to see if I am the lone American on this list. I see Europe working on the W3C draft on open data standards in London. I do not see a lot of uptake on this side toward proposing new legislation on privacy and electronic records. We are using 40 year old models of records disclosure. Since my city adopted the Open Data Handbook as our guide toward developing statements and policies around our open data initiative I am hoping to have a dialog on personal data topics with members of this mailing list.

Best regards

Jason Hare
Open Data Program Manager
City of Raleigh - Information Technology
One Exchange Plaza, Suite 900
P. O. Box 590
Raleigh, North Carolina 27602-0590
Mobile: 919-323-2767
Office: 919-996-3599
jason.hare at raleighnc.gov
http://www.raleighnc.gov/open

-----Original Message-----
From: s at ctrlc.hu [mailto:s at ctrlc.hu]
Sent: Thursday, March 14, 2013 7:14 AM
To: Hare, Jason
Cc: laura.james at okfn.org; mydata-open-data at lists.okfn.org
Subject: Re: Re: [MyData & Open Data] Introductions

heyhey,

On Wed, Mar 13, 2013 at 09:55:37PM +0000, Hare, Jason wrote:
> Has anyone attempted a policy or a statement on PII redaction in regards to the posting of open government data sets?

what do you mean with redaction? that sounds very analog. which is an excellent protection against cheap/digital data-krakens, collect the data in analog form on dead trees and use a huge tipped black pen to redact stuff. but in the digital realm this does not work. either you have useful data or anonymous, but both does not work :/

what works best in the digital world is to practice data minimization. only collect data if it's necessary, there's no alternative and only as long as needed.

--
pgp: https://www.ctrlc.hu/~stef/stef.gpg
pgp fp: FD52 DABD 5224 7F9C 63C6  3C12 FC97 D29F CA05 57EF otr fp: https://www.ctrlc.hu/~stef/otr.txt