The document discusses the governance of open data, focusing on policies regarding confidentiality, data stewardship, and access management. It outlines the balance between security and openness, detailing the responsibilities of data stewards and the processes for requesting access to data. Key considerations include keeping data secure, documenting its use, and ensuring proper protocols for modifications and data retention.

1. Open data: Who decides?
Dave Berry, Enterprise Architect

2. Requesting information
Personal
information
Courses and
Programmes
Buildings &
Timetable
Research
data
Schools
Journalists
Researchers
Scammers

3. Data governance
• Policy
• Confidentiality
• Openness
• Data Stewards
• Ensuring security;
• Managing access;
• Documentation;
• Assuring quality
Policy
PeopleProcess

4. Two worlds
• Security and Control • Openness & Sharing

5. Policy: confidentiality
Unrestricted Published (e.g. the web site)
Open licence
Anything covered by FOI
Information we want to make public, or
don’t mind becoming public, including
everything under FOI
Restricted Personal (Data Protection)
Financial
Security
The “normal” level for information that
needs to be kept securely.
Confidential Sensitive personal (Data Protection)
Passwords
Exam papers (before the exam)
Medical
Commercial in confidence
ISO 27001
Information that requires extra security
controls of some sort.

6. Who decides?
• Policy to be decided ;-)
• But let’s conjecture…
• The data steward specifies the confidentiality level
• Down to the attribute level, if necessary
• Also by population, if necessary
• Assisted by Enterprise Architecture
• CISO and Records Management review this
• Data Steward approves release
• Ensures that data is documented

7. “Security & Control” world
RequestorData Steward
Data
Definition
Publishes Reads
Standard
Request
Form
CompletesSubmits
Log of
Requestors
Maintains
Approves
Data
AccessesMaintains

8. “Openness & Sharing” world
RequestorData Steward
Data
Definition
Publishes ReadsLog of
Requestors
Maintains?
Accesses
Standard
Request
Form
Completes?Reads?
Licenses
Data
Maintains?

9. (Highly provisional) protocol for requesting
access to unrestricted data
• The data must not be modified, amended or altered. Any data
changes must be actioned within the Golden Copy.
• Describe what the data will be used for and by whom it will be used.
• Nominate an individual responsible for the receiving system and the
data it contains.
• Declare if the data will be supplied to any other system.
• Define a retention schedule for the data in this system and confirm
that the data will be permanently deleted when no longer needed.

10. Questions for the open community
• Does the data need to be kept up to date?
• How should errors be reported?
• What if someone modifies the data set and re-releases it?
• E.g. reputational damage
• Can we track who is using the data?
• And what they are using it for?