Towards a Modern Approach to Privacy-Aware Government Data Releases
ARTICLE SUMMARY
The standards relied on by government agencies that release data to promote transparency may be inadequate to protect privacy. The rules agencies follow in releasing data in response to Freedom of Information Act (FOIA) requests, or from public records and statistics lack consistency.
POLICY RELEVANCE
Government agencies should adopt a new framework to protect privacy from the time that data is collected until the end of its life cycle.
KEY TAKEAWAYS
- Making government data widely available promotes transparency, a key principle of democratic governance; access to government data is also important to advance research in social science.
- Federal and state agencies release data under a wide range of circumstances.
- Agencies often release data under the Freedom of Information Act (FOIA), or a state-level equivalent.
- Government also releases data stored in the registries of births, deaths, marital status, and property ownership.
- The Census Bureau and the Bureau of Labor Statistics release statistical records.
- E-government and open data laws trigger the release of large quantities of data online.
- Agencies often release data under the Freedom of Information Act (FOIA), or a state-level equivalent.
- Agencies protect privacy when releasing documents in response to FOIA requests by redacting information about individuals, or withholding the record entirely if privacy concerns outweigh the public interest in disclosure.
- Public records such as voter registration records and criminal records are traditionally public; but the online release of campaign contribution records revealing the names of contributors to a ban on same-sex marriage was controversial, as it enabled activists to intimidate some donors.
- Laws requiring public records to be made available online may not allow officials to redact sensitive information such as social security numbers.
- When releasing statistics, government agencies protect privacy using several methods, including swapping values in similar records, aggregating data, or by introducing random noise; agencies will also screen researchers requesting access to the data, or conduct background checks.
- Shortcomings of the methods governments use to protect privacy when releasing data include:
- Excessive reliance on redaction of a few fields;
- Sparse guidance as to how privacy impacts ought to be measured and protected;
- Inconsistency in addressing privacy risks in different contexts (some regimes call for privacy interests to be balanced against the public value of disclosure, but others simply prohibit the release of some information such as the identity of sexual assault victims).
- Excessive reliance on redaction of a few fields;
- Privacy controls for government agencies should include:
- Use of notice and consent when the data is collected, and/or oversight by a privacy review board.
- Removal or masking of individually identifiable data when the data is being analyzed.
- Policies to ensure that data is not retained longer than necessary, or the use of registers to ensure the public is aware of what data is retained.
- The use of risk assessments to ensure that identifying information is scrubbed from records at the time information is released.
- Use of notice and consent when the data is collected, and/or oversight by a privacy review board.
QUOTE
TAGS
About Urs Gasser
Professor Urs Gasser is Professor of Public Policy, Governance and Innovative Technology, and serves as Rector of the Hochschule für Politik (HfP) and Dean of the TUM School of Social Sciences and Technology. His research focuses on the societal and regulatory implications of new technologies such as cloud computing, artificial intelligence, and quantum technology..
