Open data is a concept of freely available information for everyone without such restrictions as patents, copyright, and other control mechanisms. Open-data champions have objectives similar to those of open movements for other things such as software, hardware, education, government, science, knowledge, and the Internet (“Open data and privacy”, 2016). Open-data tradition is not necessarily a new concept. For instance, there has been the Mertonian tradition of science; however, the term itself is relatively recent. Despite the rise in the open-data movement, there has also been an upsurge in intellectual property rights.
Governments continue to play a vital role in the open data movement. Data.gov was developed under OPEN Government Data Act; this is Title II of Foundations for the Evidence-based Policymaking Act (“Privacy and website policies”, n.d.). The website was launched in 2009 by the US government’s Chief Information Officer; its mission statement is to provide the public with high-value, machine-readable datasets. The data is also supposed to maintain privacy and security (“Privacy and website policies”, n.d.). When getting data to data.gov, federal agencies must conduct an inventory of their data the same way they would record any other asset, such as furniture. They are then required to publish the data assets that are publicly accessible.
The executive branch has a role to play in the open data policy. President Obama 2009 issued a memorandum on transparency and open government; the memo had instructions to the Office of Management and Budget (OMB) to declare an Open Government Directive. The OMB’s role was to help form, draft, and issue directives on the president’s open government orders (“Privacy and website policies”, n.d.). The OMB was also supposed to guide agencies on implementation throughout the executive. In 2019, POTUS signed into law the Foundations for Evidence-Based Policymaking (FEBP). The legislation consists of Open Public, Electronic, and Necessary Government (Title II) legislation; the bill passed Congress in 2018 (“Privacy and website policies”, n.d.). It is a relief to witness significant efforts from the executive branch that is typically sidetracked by politics.
Benefits and Values of Open Data
Open data is valuable information that is available for use and sharing with anyone without restriction. Governments are adopting this new paradigm as a new way to communicate with their citizens. Open data comes with many benefits and values and has opened a recent debate about running government operations (Huston et al., 2019). Citizens will be on the lookout to ensure governments meet certain milestones; as a result, governments will feel the pressure and act accordingly.
Increases Transparency and Accountability
Open data means that members of the public will stay tuned and informed about their local governments’ operations. The open nature of this communication ensures that governments are held accountable for their results (Huston et al., 2019). Citizens can scrutinize their governments’ achievements, and their deficits, and can offer suggestions on further actions. Citizens can pressure their governments if they do not meet goals and objectives; conversely, it can increase trust if they exceed expectations.
Fosters Trust, Credibility, and Reputation
Publicly available data is, typically, transparent; this inherent characteristic enables exposure of certain facets of an organization that are usually hidden. As it is with sharing information on a personal level, this type of arrangement fosters trust and credibility by building an honest conversation between parties (Huston et al., 2019). Through open data, citizens can rest assured that the government is working to deliver its mandate and making decisions in the community’s best interest.
Fosters Progress and Innovation
There is immense value in data being released into the public realm. Open data can provide an opportunity for the development of commercial applications. Open data also widens markets for businesses and can form the basis for new technologies enhancing economic growth (Waxer, 2014). Some organizations that may not have the resources to collect data by themselves can leverage this free data and repurpose it or utilize it for their services. Public data is also crucial for the academic, scientific, public sector, and industrial research in communities (Huston et al., 2019). Open data allows information to be freely available and increases its velocity and value, thus enabling its full exploitation.
Encourages Public Education and Engagement
There are few better ways to educate the citizenry and ensure their participation than enabling free access to information in a user-friendly manner. Anybody can have answers to persistent questions from freely available sources (Huston et al., 2019). Information becomes available as fast as it was collected, enabling citizens to provide immediate feedback; this can help streamline processes for all stakeholders’ benefit. Access to helpful information fosters unity in the community and empowers them to shape their future.
Examples of Open Data Businesses
Many businesses have been built around governments’ free data. An example of this is Yelp; they provide quality and hygiene ratings of restaurants to their customers, using municipal health inspection data. Google also uses General Transit Feed Specification (GTFS) data to enhance their Google Maps so that their users can plan their trips better (“Open data businesses – an oxymoron or a new model?”, n.d.). Although building a business around open data may seem ironic, it has been a successful experiment that has created tremendous value.
Security Challenges Facing the FIOA
The size of public data available is making cybersecurity a complex issue for most companies. Under normal circumstances, a government agency will collect vast amounts of data that are supposed to be available under the Freedom of Information Act (FIOA); these government agencies may have suffered to avail the information to the public before, but technological advancement has eased the process (Vigil et al., 2015). However, this opportunity brings challenges where governments are at crossroads since they must balance the public’s need and right to public information and the concern for the data’s security. Information security refers to the protection of data against unauthorized access, destruction, or modification. Open data systems do not typically release personally identifiable information (PII). The challenge, however, is that enough details may be released that it would be possible to infer the PII (Vigil et al., 2015). Malicious persons may cross-reference different databases to the point of uncovering people’s true identities.
Another challenge facing open data is integrity, where information can be altered and modified without detection. Therefore, it is essential to ensure the correctness of messages to protect against unauthorized alteration; this can be safeguarded against by coding the message such that when altered, the code changes (Vigil et al., 2015). A modification would then be detected by comparing the hash codes of the two files. Availability of information is also a challenge in open data. The question remains whether the providers of access can maintain the availability of data especially given that the data is supposed to be free. Authenticity is a concept in information security that pertains to the verification of the claim of identity. Non-repudiation, on the other hand, refers to the assurance that a person appending a signature cannot deny having signed it.
The government is the primary source of open data and must make data security a priority. The government’s role in open data security is to set the rules; they utilize their legislative power to ensure industry players abide by security and safety regulations. Some areas in which the government has passed laws include the definition of the right to protect PII; an example of such a law is the OMB Memorandum M-07-1616. The government also decides which information is mandatory for organizations to share. Finally, they also offer guidelines on collecting, managing, and disseminating data. According to Boyne (2018), the US currently lacks an all-encompassing single act enacted to protect personal data; however, there are hundreds of laws in different acts. For instance, the Federal Trade Commission Act protects citizens against privacy violations, including false promises of privacy from companies.
Recommendations to Guard FIOA and PII
As much as open data presents a remarkable opportunity for accountability, as discussed, there are challenges of security because some information may be private. Other challenges of data include integrity, availability, and authenticity. The National Institute of Standards and Framework published a Cybersecurity Framework (CSF) in 2014, in response to a presidential directive that called for a standardized framework for vital infrastructure in the US (“NIST cybersecurity framework”, n.d.). The NIST cybersecurity framework is organized into five core functions called the Framework Core. The functions are essential in the management of cybersecurity risk; they are defined as follows (“NIST cybersecurity framework”, n.d.):
- Identity: the first step involves developing the organizational understanding to manage potential security risks to assets, systems, data, and capabilities.
- Protect: The second step is developing and implementing appropriate measures to ensure critical infrastructural services are delivered.
- Detection: The third step involves developing and implementing appropriate activities to manage security events.
- Responding: the next step is to implement appropriate procedures when faced with security events.
- Recover: the final function is developing and implementing relevant procedures for resilience and restoration capabilities in case of adverse security events.
On top of the above functions, many categories and subcategories provide specific context when referring to other frameworks such as COBIT, ISA, and ISO. The NIST framework also provides tiers that show how well an organization is handling its security threats (“NIST cybersecurity framework”, n.d.). Tier-1 is a partial adoption where cybersecurity is informal and managed in an ad-hoc manner with little awareness. Tier-2 is also called a risk-informed approach where an organization applies some education to their methodology; problems are addressed as they happen.
Tier-3 also called the repeatable approach, involves formalized risk management in an organization with a clear security policy. Tier 4 is called the adaptable approach, which is when an organization will adopt a cybersecurity policy based on lessons learned and also from analytics (“NIST Cybersecurity Framework”, n.d.). An organization implementing this standard will constantly learn from security threats occurring within the organization and share the information with relevant peers. NIST cybersecurity is one of the most powerful frameworks that can help an organization standardize its security management (“NIST cybersecurity framework”, n.d.). An institution can also use this framework when trying to benchmark its security processes.
Many cybersecurity frameworks are developed to provide public sector organizations with guidelines to meet their open data goals while being privacy-aware. The concerned agency will have to conduct a first step of assessing the purpose; data cannot be released for its sake, which means not all data should be released (“Open data and privacy”, 2016). The second step is to conduct a security risk assessment, including assessing the chance of connecting data to individuals.
Summary
Open data is the concept of freely availing data for reuse and sharing without restrictions such as copyright and IP. When this information is available this way, it provides an opportunity for citizens to hold their governments accountable and set a rich precedent world over. Open data has revolutionized the way governments interact with communities. The US government has played an essential role in implementing open data policies, with the executive branch spearheading this initiative. For example, since the passing of the OPEN Government Data Act, the two presidents who have ruled have both signed directives accelerating open data adoption.
The advantages of open data start with increasing the accountability of governments. Besides accountability, there are also economic opportunities, such as developing commercial applications around the data. Open data is also a great way of storing information and performing historical comparisons to discover trends. For a long time, citizens have had a great mistrust of government institutions, but this situation has been assuaged through open data. Governments show that they have nothing to hide, which builds credibility in public institutions.
With great opportunity comes the challenges; open data is hounded by security problems such as privacy, integrity, authenticity, and non-repudiation. There are many frameworks proposed to tackle these issues, one of which is the widely-adopted NIST framework for cybersecurity. The NIST framework provides functions that an organization can adopt in its security management or in benchmarking its existing processes. The important thing for organizations to consider when adopting cybersecurity frameworks is that not all data needs to be shared. The first process in implementing a security management protocol is the non-technical policy part, followed by the technical aspect that involves the adoption of technological solutions.
References
Boyne, S. M. (2018). Data protection in the united states. The American Journal of Comparative Law, 66(suppl_1), 299–343. Web.
Huston, P., Edge, V., & Bernier, E. (2019). Reaping the benefits of Open Data in public health. Canada Communicable Disease Report, 45(10), 252–256. Web.
NIST cybersecurity framework. (n.d.). GSA.Gov. 2021, Web.
Open data and privacy. (2016). Citizens-Guide. Web.
Open data businesses—An oxymoron or a new model? (n.d.). Web.
Privacy and website policies. (n.d.). Data.Gov. Web.
Vigil, M., Buchmann, J., Cabarcas, D., Weinert, C., & Wiesmaier, A. (2015). Integrity, authenticity, non-repudiation, and proof of existence for long-term archiving: A survey. Computers & Security, 50, 16-32. Web.
Waxer, C. (2014). Government open data proves a treasure trove for savvy businesses. Computerworld. Web.