U.S. Government’s Open Data Initiative: Good for Business or Pandora’s Box? - The Data Center Journal

"The open data movement is based on the idea that certain data should be available in machine-readable form for everyone to use, reuse and redistribute as they wish, with no controlling restrictions such as copyrights or patents. Although the philosophy behind open data has been around for a long time, it has become more popular with the advent of the Internet and programs such as the U.S. government’s Open Government Initiative, which is designed to make government data transparent and available to all agencies, government employees and public citizens. Cities, countries and organizations around the world have jumped on the open data bandwagon, which aims to put previously inaccessible information into the hands of entrepreneurs, businesses and organizations to drive the creation of new products, services and jobs. It’s no secret that the U.S. economy has reaped benefits from the release of government data to entrepreneurs and other innovators over the years. Weather data liberated from government satellites and ground stations has created such economic initiatives as the Weather Channel and commercial agricultural advisory services. Indeed, one of the most frequently touted positives of open data rests on our car dashboards or guides us from our smartphones: the GPS device made possible by the government’s unlocking of the Global Positioning System for commercial use. Aside from the economic benefit of jobs created (GPS device manufacturing, marketing, retail and so on), we all now benefit from hearing a comforting and all-knowing voice say, 'Recalculating,' when we miss an exit on the highway. The Open Government Initiative charges governmental entities with creating a detailed inventory of all their data—even data that won’t be released because it contains personally identifiable information or could be a threat to national security. Creating an inventory of structured data is one thing, but today’s mountain of unstructured data presents a significant challenge for those charged with inventorying, because they likely don’t know everything it contains. What is certain is that the unstructured data probably contains things that should not be made public. Here’s my concern: undertaking such a task is monumental, and privacy concerns should be raised about the way data is classified to separate personally identifiable information (PII) from what is safe for release. The whole project raises the possibility that essentially innocuous information shared with one facet of government could be used for other purposes by a different governmental entity—or even a private citizen or company—when combined with additional data once access to that data is open. Depending on the way it’s used, the data could end up being harmful to the individual. All of this newly liberated data appears on the government’s website, and while much of it is likely to be very useful in a positive way, once the data door is opened and the information released, it’s out there and can no longer be contained. So, we must hope that classification of all the data being released is conducted properly, not rushed, and maintains the strictest security of personally identifiable information. With that in mind, I’d like to offer the following three open data security best practices that can apply to any entity, public or private, along with the related business value for each one: [1] Start With Data Auditing: Conduct discovery of the resources and data you have available. Then inventory them and determine what security levels you need to assign to each ... [2] Conduct Information Classification: Identify the sensitivity of the data and the impact of unauthorized access as your first step towards open data security. Data classification can inform the organization’s rules for data integrity and data availability ... [3] Reinforce Strong Access Control: When data leaves the boundaries of an organization’s internal environment, the risk of unauthorized access to that data increases. Open data offers many opportunities, but it also introduces a risk of accidental leakage of sensitive information ..."