Navigating the Intersection of Data Sharing, Open Data, and Privacy

Transparency is key to a healthy democracy, and in today’s digital world, the role of data is more crucial than ever. As government agencies embrace data sharing and open data to increase transparency and spur innovation, they face a tough challenge: how to be open with data while also keeping sensitive information secure.

This past summer, the team at the Beeck Center for Social Impact + Innovation spoke to members of the State Chief Data Officers (CDOs) network to better understand how they use and manage data. We conducted interviews with 19 State CDOs, each conversation lasting from half an hour to an hour.

In this blog post, I share insights I gained from state data leaders responsible for making decisions about data governance. As a young scholar of civic tech, law and policy, I was intrigued to learn nuances of open data work and the need to protect privacy.

 

Openness of Data

In the realm of data-driven governance, open data programs have become a defining feature for modern state governments across the United States. More states recognize the immense value of open data programs, leading to legislation mandating their implementation. These programs not only empower citizens with valuable information but also foster innovation, reduce biases, and enhance the quality and cost-effectiveness of data collection. As exemplified by Oregon’s dedication to data equity, with a separate role overseeing equity aspects, open data initiatives play a central role in driving inclusive and impactful governance, setting a precedent for other states to follow. 

 

Common Data Sharing Challenges

As states embark on the journey toward data openness, several roadblocks arise that require thoughtful solutions to ensure the responsible and effective sharing of information. Through the CDO interviews, we have identified several recurring challenges:

1. Lack of standardization: The absence of a centralized approach in some states leads to varying data formats, metadata, and organization, making it difficult to collect and use data productively. 
2. Data quality assurance: Since data originates from multiple sources, making sure that the data is high quality continues to be a challenge for states. 
3. Interagency collaboration/cross-agency data sharing: Coordinating the data-sharing efforts between different agencies within a state can be long and complicated and is a significant challenge for many states.

 

Balancing Data Openness and Privacy

Data privacy is of utmost importance, as it safeguards individual rights and sensitive information from potential misuse. Simultaneously, data openness is a linchpin of transparency, accountability, and citizen participation in government affairs. State governments in the United States grapple with striking the right balance between these two imperatives. With the onus on CDOs in many states to deal with this delicate dance, the CDO interviews provided insights on the multifaceted ways in which they navigate this intricate terrain, addressing both the challenges and opportunities presented by the intersection of data privacy and openness.

 

Governance Practices and Approval Processes

CDOs understand that the release of data should not be a hasty decision but rather a meticulously planned and executed process. Several states have embraced comprehensive governance practices to strike a balance between data transparency and privacy. They have put in place detailed approval processes, ensuring that data quality, integrity, and sensitivity are thoroughly assessed before any information is made public.

In Pennsylvania, for instance, a robust governance practice ensures the thoughtful release of data through the involvement of numerous stakeholders, including data agency owners, digital officers, communications officers, and policy officers. Each of them must give their approval before data is published. This process serves as a safeguard, allowing for a holistic evaluation of the data’s potential impact on privacy and transparency.

 

Legal Considerations and Case-by-Case Analysis

The release of sensitive information hinges significantly on legal considerations, and different states have devised distinctive strategies to address this aspect of data management. New Jersey, for instance, takes a proactive approach to balance data openness and privacy, allowing datasets that contain PII to be made private within their Open Data Portal and providing access only to those datasets with the requisite permissions. This approach is underpinned by careful legal advice, which ensures that the public’s right to access information is balanced with the imperative to protect sensitive data.

Moreover, many states recognize the nuanced nature of privacy issues, acknowledging that a one-size-fits-all approach may not be suitable. Consequently, they employ a case-by-case analysis methodology. This pragmatic approach allows for a more precise evaluation of the unique privacy considerations associated with specific datasets, ensuring that sensitive information remains safeguarded.

 

The Role of Privacy Officers

Privacy officers are indispensable architects of the delicate balance between data openness and privacy, providing vital expertise and insights that shape decisions. Their significant contributions are exemplified in states like Maryland and Pennsylvania, where they actively participate in the decision-making process.

In Maryland, for instance, privacy officers play a pivotal role in ensuring that data releases align with privacy regulations by helping determine which data can be shared safely, what information should be redacted, and which datasets require heightened protection. Their deep understanding of policy frameworks enables them to evaluate the impact of data release on government operations and make determinations for data release. 

Similarly, in Pennsylvania, the privacy officer works in tandem with senior leaders and other stakeholders. Their expertise ensures that everything published or shared, both internally and externally, adheres to stringent privacy standards. This collaborative approach helps maintain data integrity while enabling appropriate data sharing.

The involvement of privacy officers in these states underscores the meticulous and multifaceted approach taken to balance data transparency and privacy. Their contributions ensure that data management not only complies with legal requirements but also upholds the broader objectives of effective governance and public trust.

 

Best Practices and Lessons Learned

Engage stakeholders and formalize data governance to balance data openness with privacy.

Many states emphasize stakeholder engagement in order to ensure a broader perspective on balancing data openness and privacy. California’s legislation mandates recommendations for data governance and management, while New Jersey actively seeks buy-in from agencies before implementing data governance policies.  Indiana’s Data Governance Council highlights the importance of data governance bodies. Comprising executives from local agencies, this council employs best practices frameworks and assessments to benchmark and chart a path forward. It ensures that data release decisions align with established policies.

 

Adopt a tailored approach to data privacy concerns.

Data privacy concerns are rarely one-size-fits-all. Maryland encourages agencies to develop data governance plans that align with a framework but allow flexibility, acknowledging that each agency’s needs and maturity levels may differ. North Carolina’s focus on data governance ensures a nuanced consideration of privacy risks for specific datasets. New Jersey exemplifies the pivotal role of legal counsel, consulting legal experts to determine data privacy levels and allowing datasets to be made private within open data portals while still being accessible to authorized users. Legal advice is crucial for balancing public access with data protection.

 

Foster collaboration for a holistic approach to data management.

Virginia’s Commonwealth Data Trust and MOU process showcase the importance of collaboration. Agencies collaborate through MOUs to share data, facilitated by the trustee, ensuring a well-informed approach to data release. 

 

Embrace transparency as a cornerstone of data governance.

In California, legislation mandates recommendations for data governance and management. Transparency is a guiding principle, ensuring that data openness remains a key focus. This legislative approach reinforces the significance of transparency in balancing data openness and privacy.

 

Conduct data-maturity assessments to enhance management practices.

Virginia’s data-maturity assessment provides an excellent example. By evaluating agencies’ data maturity levels through a self-reported assessment, it identifies areas for improvement, promoting a continuous refinement of data management efforts.

 

Adopt an enterprise-level strategy for consistent data governance.

Massachusetts is in the process of building enterprise governance standards and policies, involving various working groups, including chief data and chief privacy officers. This approach aims to ensure consistency across agencies while addressing privacy concerns effectively.