[MyData & Open Data] Guidelines for privacy and open data

Tue Jul 14 14:45:58 UTC 2015

Is this list aware of the City of Boston model for addressing this topic and related issues?  It is short (one page) and provides a basic framework for "open data" and also for date requiring security controls and protections. 

In particular the Boston measure is a legal and executive order applicable to "Open and Protected" data of/with the city.  Protected data includes personal data to which privacy expectations attach but it's broader and describes more or less any data that has some important requirement constraint on access or use. 

This Boston measure is continually confused or lumped in with plain old open data policies and other open data focused rules.  HoWever, the Mayor of Boston has promulgated a horse of a different color.  This measure is fundamentally about basic "data" management.  Managing data across an enterprise is a sound basis for identifying and developing the types of enterprise and narrower data policy, contracts, licenses and other rules governing open data publishing and propagation as well as protected data security and authorized sharing. 

While many rightly decry meshing personal data with open data a deeper view might reveal that open and protected data are more like two sides of the same coin. The lines between open and protected data even in a single jurisdiction can blur at time. As is oft repeated, one side does not fit all needs. Far from being an exception or confounder, directly addressing that sort of tension is a deliberate driver of this unified data policy approach.  Personally, I am among the people who have concluded there is value in providing a more comprehensive floor of data rules precisely to enable better understood roles and flows for each type of data. 

In addition to supporting "swim lanes" this approach is also intended to manage the inevitable reclassifications of the same data from one status to another and the more complex situation when s re-designation of the same data occurs due to changes in some relevant aspect of the situation. IE: to cover situational evolutions resulting in data being open on Tuesday but Protected on Wednesday due, for example, to a change in custodial ownership hence responsibilities of some key technology providers or perhaps based on the passage of time causing a legal constraint to sunset, etc. 

By providing a unified baseline, treatment in law and policy both for data that is open and data that is not open, the intent was to lay a foundation for basic enterprise wide data management. Upon foundations like that, hopefully better tailored business practices, legal protections and technical procedures can be more rapidly and reliably applied commensurate with the prevailing situation(s), the relevant context(s) and surrounding facts & circumstances. 

If it's of interest, here is a direct link: 
m.cityofboston.gov/news/Default.aspx?id=6589

I'm sinking into an ocean of meeting rest of the day but will endeavor to check back later on this thread. 

Thanks,
 - Dazza

   |  Sent from my iPhone 
   |  Please Forgive Typos
   _________________
   |   Dazza Greenwood, JD
   |   CIVICS.com, Founder & Principal
   |   MIT Media Lab, Visiting Scientist
   |     Vmail: 617.500.3644
   |     Email: dazza at CIVICS.com
   |     Biz: http://CIVICS.com
   |     MIT: https://law.MIT.edu
   |     Me: DazzaGreenwood.com
   |     Twitter: @DazzaGreenwood
   |     Google+: google.com/+DazzaGreenwood
   |     LinkedIn: linkedin.com/in/DazzaGreenwood
   |     GitHub: github.com/DazzaGreenwood/Interface

> On Jul 14, 2015, at 9:12 AM, Daniel Dietrich <daniel.dietrich at okfn.org> wrote:
> 
> Sure, I know that this need to be done properly and will not fit on a one-pager. I am not looking for a over-simplified global recommendation but a practical guide for data publishers that guides them through the issue and points them to areas to think about and what actions to take.
> 
> Do you mean this ODI pice ?
> http://theodi.org/guides/save-the-titanic-handson-anonymisation-and-risk-control-of-publishing-open-data
> 
> Daniel
> 
> 
> 
> 
> 
>> On 14 Jul 2015, at 14:45, Javier Ruiz <javier at openrightsgroup.org> wrote:
>> 
>> Hi Daniel
>> 
>> I’m not sure that all of that exists in one place, guidance bringing together process and technical advice and applicable across jurisdictions.  The ODI certificates are probably as close as it gets in terms of incorporating privacy in the process of opening data, but they would need extra support to be solid enough. There are guides on anonymisation, and you could apply privacy by design principles to the process.
>> 
>> You would also need guidance on when it would be appropriate to release personal information, and what kind of measures you would take to protect it (e.g. minimisation, no machine readable) while delivering the main benefits of disclosure (e.g. accountability on a specific area.). But this should be converted into a properly thought out policy.
>> 
>> Best, Javier
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>>> On 14 Jul 2015, at 13:24, Daniel Dietrich <daniel.dietrich at okfn.org> wrote:
>>> 
>>> Dear all,
>>> 
>>> I thought to remember there was a section on privacy and how to safeguard no personal data is published in Open Government Data was part of the Open Data Handbook. However looking at it I can't find it anymore.
>>> 
>>> There are some links in the resources section http://opendatahandbook.org/resources/#privacy
>>> 
>>> Although there are links to some great papers (as the one from O‘Hara) I can not find a simple and generic (useful as a starting point across jurisdictions) guide that is useful for civil servants that are to decide to publish a certain dataset and need to ensure that no personal data is released and that (if used) anonymisation is applied in a way that safeguards against re-identification.
>>> 
>>> I am sure something like this exists somewhere, so please excuse my ignorance and thanks a lot for any pointers.
>>> 
>>> All best
>>> Daniel
>>> 
>>> 
>>> 
>>> --
>>> Daniel Dietrich
>>> Chairman & open data evangelist
>>> Open Knowledge Foundation Germany
>>> www.okfn.de | info at okfn.de | @okfde
>>> Office: +49 30 57703666 0 | Fax: - 9
>>> Mobile: +49 176 32768530
> 
> _______________________________________________
> mydata-open-data mailing list
> mydata-open-data at lists.okfn.org
> https://lists.okfn.org/mailman/listinfo/mydata-open-data
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/mydata-open-data/attachments/20150714/fb6a3e59/attachment-0003.html>