-
Be the first to like this
Upcoming SlideShare
Open data who decides?
- 1. Open data: Who decides? Dave Berry, Enterprise Architect
- 2. Requesting information Personal information Courses and Programmes Buildings & Timetable Research data Schools Journalists Researchers Scammers
- 3. Data governance • Policy • Confidentiality • Openness • Data Stewards • Ensuring security; • Managing access; • Documentation; • Assuring quality Policy PeopleProcess
- 4. Two worlds • Security and Control • Openness & Sharing
- 5. Policy: confidentiality Unrestricted Published (e.g. the web site) Open licence Anything covered by FOI Information we want to make public, or don’t mind becoming public, including everything under FOI Restricted Personal (Data Protection) Financial Security The “normal” level for information that needs to be kept securely. Confidential Sensitive personal (Data Protection) Passwords Exam papers (before the exam) Medical Commercial in confidence ISO 27001 Information that requires extra security controls of some sort.
- 6. Who decides? • Policy to be decided ;-) • But let’s conjecture… • The data steward specifies the confidentiality level • Down to the attribute level, if necessary • Also by population, if necessary • Assisted by Enterprise Architecture • CISO and Records Management review this • Data Steward approves release • Ensures that data is documented
- 7. “Security & Control” world RequestorData Steward Data Definition Publishes Reads Standard Request Form CompletesSubmits Log of Requestors Maintains Approves Data AccessesMaintains
- 8. “Openness & Sharing” world RequestorData Steward Data Definition Publishes ReadsLog of Requestors Maintains? Accesses Standard Request Form Completes?Reads? Licenses Data Maintains?
- 9. (Highly provisional) protocol for requesting access to unrestricted data • The data must not be modified, amended or altered. Any data changes must be actioned within the Golden Copy. • Describe what the data will be used for and by whom it will be used. • Nominate an individual responsible for the receiving system and the data it contains. • Declare if the data will be supplied to any other system. • Define a retention schedule for the data in this system and confirm that the data will be permanently deleted when no longer needed.
- 10. Questions for the open community • Does the data need to be kept up to date? • How should errors be reported? • What if someone modifies the data set and re-releases it? • E.g. reputational damage • Can we track who is using the data? • And what they are using it for?
Be the first to comment