In an open data world, how to do we reconcile accessibility and security?

In an open data world, how to do we reconcile accessibility and security?

We live in an open world. Numerous Open Data movements have emerged and are now spreading into the mainstream. Where does the line of openness cross those of digital rights and if everything is open, where are the safe spaces in a digital world?

We’re getting bombarded daily with relatively new terms such as Open Source, Open Data and Government 2.0, just to name a few. It really seems like openness is everywhere. And advocates of the Open Data movement argue that data should be available to everyone with no restriction of usage.

On the other hand, we also hear of cyber attacks and data leaks. Too often do we hear about a major corporation whose data—private data about us—has been stolen by some ill-intended pirates. Or some government “secrets” being exposed. How do we reconcile data accessibility and security when we’re constantly reminded, both as individuals and as corporations, of the importance of securing data and keeping it from falling into the wrong hands? Aren’t these mutually exclusive realities?

Open data movements

Open data is data that anyone can access, use or share. Simple as that.

According to the Open Data Institute,  open data is a broad concept but also an important one. There’s a whole Open Data movement out there. And the very fact that an Open Data Institute exist is proof of its importance, if not its value. We can’t ignore it. And Open Data advocates are insisting that data should be free for all to use and access.

Open Data is at the base of so many great things that have become part of our everyday lives. Whenever you use an app on your phone to look up flight schedules, you’re using Open Data made available by airlines and airports. This is only one example. Many live traffic apps or weather websites also rely on some sort of Open Data.

Government 2.0

In the wake of the Open Data movement, the concept of Government 2.0 saw life. The term was coined by computer book publisher Tim O’Reilly in 2009, 5 years after he came up with the web 2.0. concept. According to O’Reilly, although most people see Government 2.0 as just “making governments more accessible (through social media or by giving access to some of its data)”, it really is about seeing the government—and its data—as a platform, just like web 2.0 was seeing the web as a platform. And just like the web 2.0, this is not a just a trendy fad. It’s been here for a while and It’s here to stay. So much so that the US government launched, a portal to a gigantic repository of accessible data sets from all areas of the US government, back in 2009. Australia has its own version:

Where does security fit in this model?

Let’s re-focus on our original question: How to reconcile data accessibility and security. Many of those organizations and corporations that are offering accessible data are often also the custodians of huge amounts of private data. How do they secure it? How do we make sure they do? Is our private data at risk of being exposed to the public? The proponents of Open Data clearly state that only data that cannot be traced to a person should be open. There might, therefore, not be any risk. But who do we trust? How can we be sure? So many questions yet so little answers.

The private sector

Governments and other public entities may have vast amounts of valuable information that could be beneficial to all sorts of individuals or organizations, but what about private organizations? Even if they don’t necessarily want to make the bulk of their data available to the general public, there are enormous advantages to making some data available to some users who have a legitimate business need for it. But these corporations also often hold private information about their finances, their clients, etc. Again, the conflict between data accessibility and security is obvious.

How do we address the conflict of open data?

There are several ways this can be accomplished. First and foremost, organizations, public or private, must ensure that any data they make openly available is expunged of anything that can link it to a person. Also, security measures must be put in place to ensure that only authorized users can access data and that only the data they need can be accessed. Segmenting data between “public” and private data could be one of the keys here.

Another concept called “precommitment” was put forth by a group of researchers from the Netherlands and Belgium in a paper published in the Journal of theoretical and applied electronic commerce research. The authors present the notion of precommitment as a restriction of one’s choices that can be applied by an organization to restrict the extent to which an Open Data policy might conflict with public values. Yet another approach, used by the US Office of Financial Research, is to promote the use of catalogs of metadata to inform parties about the data before any access is granted to the actual data.

Where do the open data movements leave us?

We are really facing two truly irreconcilable concepts that still need to be reconciled… at least to a certain extent. I think that the reconciliation between accessibility and security can be summarized in one word: TRUST.

We, the public, need assurance—and reassurance—that the organizations and their personnel will do all in their power and use all the necessary resources to safeguard our private information. We need to trust the organizations.

Consequently, as organizations, we need to make sure that we have everything in place to safeguard data both for our own sake and for the public’s. We need to ensure, and more importantly demonstrate, that all is done to address security issues and to protect private data. We need to earn the public’s trust.

In light of all this, it is important to find the right balance between accessibility and security. Although it might be difficult, we must be transparent and open about where we draw the line between those two opposing concepts. Only then can we achieve both outcomes while building trust. And trust is the key here.

Carl Sudholz is the founder at AGContext and specialist in the integration of information technology within organisations. He holds two degrees, is a certified Business Analyst and a Director of the Australia Chapter of the International Institute of Business Analysis. Carl’s expertise and experience spans 15 years serving public, private and non-for-profit organisations to take control over technology.