Data Governance
Last updated
Last updated
An area of particular concern to all data-intensive organizations, including municipal governments, is data governance. An effective data governance system must address competing stakeholder claims and numerous legal, financial and ethical considerations, not all of which will have emerged at the time of its design. A data governance system must therefore delicately balance competing priorities yet also flexibly adjust to new issues.
The value of data has soared in recent years as its value as an input to innovation and in the provision of services has become increasingly apparent. A range of organizations and entities have become increasingly interested in accessing data stewarded by municipal governments. Traditional municipal data stewardship models have not emphasized data sharing and instead focused on protecting privacy interests inherent to data, doing so at times when some data subjects would have benefited from more permissive sharing of data and would have positively consented to such sharing. Accordingly, municipal governments have begun exploring data stewardship models that rise to the challenge of maintaining accountability and legal compliance while sharing data with industry and public interest users.
The concept of the “data trust” is drawing a great deal of attention among those who study and address data governance challenges. Data trusts are organizational structures designed to administer data – management of the conditions and terms of access to and use of data – according to principles derived from the common law trust. A data trust requires trust administrators – the trustee – to administer the data – the contents of the trust – in the best interests of the beneficiaries of the trust. In practice, the concept of the data trust is fluid, and many different organizational structures call themselves “data trusts”. However, generally a “true” data trust retains two key features: allegiance to the principle that a trustee manages assets in the interests of beneficiaries, and a fiduciary-like responsibility owed by the trustee to beneficiaries so that the terms of the trust may be enforced. In practice, however, many data governance vehicles called “data trusts” retain neither of these features.
Data trusts are just one of a variety of emerging data governance systems, including open data, data commons, data pools, and data co-operatives.
Cryptography – Data governance involves ensuring that only authorized entities may access data. Cryptographic solutions provide one means of doing so. Encrypting data both in storage and in transit ensures that only authorized entities can access data.
Blockchain – One of the most interesting data governance applications in recent years has been Barcelona’s DECODE project. DECODE (which stands for “Decentralised Citizen Owned Data Ecosystem”) uses encryption and blockchain technologies to give city residents greater control over their data. Residents are able to specify the degree of privacy protection they wish to afford data collected through smart municipal appliances and metres. Collected data reflects these preferences, and storing and processing that data on blockchain offers transparent and verifiable processing of resident data.
Alanus von Radecki, Grainne Bradley & Martine Tommis, Management & Governance of Urban Data Thematic Report” (May 2018) Urbact - *This report summarizes the results of a Europe-based SmartImpact network meeting that focused on the question of how cities can work with data to deliver better services, be more sustainable, and grow their local economy. The report is intended for city officials and policy makers who want to improve their data governance and uses real examples of ways cities can manage data that benefits citizens without jeopardizing potential business opportunities.
“Building Ontario’s Next Generation Smart Cities through Data Governance: Part 2: Towards a Smart City Data Trust” ORION (5 November 2019) - *Compute Ontario, ORION, and MaRS Discovery District to create a series of reports based on research data governance models for smart cities. This report focuses on the practical design choices for a smart city data trust and provides preliminary recommendations to make a data trust work in practice. The report situates the research in the realm of personal mobility (transportation) because it requires the use of commercially and personally sensitive information and requires a mechanism for data governance.
“Building Ontario’s Next Generation Smart Cities through Data Governance: Part 4: The Future of Ontario’s Data”, ORION (5 November 2019) - *This report summarizes findings of Compute Ontario and ORION’s smart cities project and focuses on data governance. It describes different data governance models to address data sharing and protection requirements which are described to fall on a continuum in terms of levels of control, legality, regulation, and complexity. These models include principles, data commons, data collaboratives, and data trusts, listed from lowest degree of control and complexity to the highest. The features, pros, cons, and examples of each model is briefly described, and the remainder of the report focuses on data trusts and its application to use case pilots involving health data, mobility data, and open architecture.
Copenhagen Solutions Lab, “City Data Exchange – Lessons learned from a public/private data collaboration” (March 2018) - *This report was prepared by the Municipality of Copenhagen and describes the lessons learned from the City Data Exchange (CDE) project which was a data sharing platform that allowed public and private organizations to exchange data as an innovative approach to test the readiness of the market to deliver new data-sharing solutions. This paper presents the key findings and challenges from the CDE and makes recommendations for improving data sharing. The three key insights into creating an effective data infrastructure are of interest. First, establishing solid use cases show how data can be used to address specific challenges or opportunities. Second, creating a regional or national data community to facilitate opportunities. Third, establish common standards for data sharing. These high-level recommendations derived from a real project may assist cities also exploring data sharing platforms.
“Designing a Data Collaborative” - *The Data Collaboratives Guide outlines eight phases for designing and implementing a Data Collaborative and is supported with examples and resources to improve outcomes. This was produced as a resource by The GovLab to create public value by exchanging data.
Center for Government Excellence, “First Things First: Laying the foundation for a Smart City” (May 2018) - *A collaboration between the University of Maryland, Morgan State University, University of Baltimore, and the Center for Government Excellence at John Hopkins University, this guide offers insight into key aspects of smart city data planning and implementation. The guide outlines the necessary steps to establish strong data management and use practices and makes reference to other resources that provide further guidance for data governance structures and milestones.
Geoff Mulgan & Vincent Straub, “The new ecosystem of trust” Nesta (21 Februrary 2019) - *This paper provides a summary of the current state of data governance and suggests designing a new group of solutions under data trusts to provide greater control for citizens and value for the public. The paper describes the existing landscape of data governance and illustrates the level of control or choice people have in determining how personal data is shared. Mulgan and Straub propose a new framework for data governance, focusing on data trusts that have a distinct public element to the data, including public data, data primarily for public benefit, and public-private data.
Jack Hardinges et al, “Data trusts: lessons from three pilots” Open Data Institute (April 2019) - *This report draws on research from three data trust pilots and explains data trusts, proposes a potential life-cycle for data trusts, and offers recommendations for governments and other entities who wish to implement or use data. The ODI report advocates for the use of data trust in data infrastructure and summarizes the lessons learned from the data trust pilots projects. The lifecycle model is a general guide to approaching data trusts but with the caveat that they will need to be individually designed to be context specific. The model is comprised of six phases which are each described, along with activities to be undertaking during each phase and key topics associated with each phase.
PwC, “The foundation for smart city success: Seven layers of data governance and management”. - *The report by PricewaterhouseCoopers (PwC) describes seven foundational layers of data governance management for successful smart cities. Based on a review of global best practices and independent analysis, PwC writes that the seven layers, categories, consent, collection, anonymization, storage, access, and monetization, create a foundation for secure and actionable data.
Theresa Scassa, Merlynda Vilain, Governing Smart Data in the Public Interest: Lessons from Ontario’s Smart Metering Entity CIGI Paper No. 221, (2019) - This paper focuses on the governance of data captured through “smart” technologies and uses Ontario’s smart metering program as a case study.
GeoConnections, Geospatial Data Preservation Primer, (2015) - An introduction to digital geospatial data archiving and preservation. This primer outlines how to include archiving and preservation in data management processes for the entire data life cycle.
Privacy
Issues.
Managing issues.
Security
Issues.
Managing issues.
Intellectual Property
Issues.
Managing issues.
Inclusion
Issues.
Managing issues.
Data governance usually implicates stewardship of personal information.
Municipal governance routinely involves stewardship of data derived from residents. If that data can be associated or re-associated with identifiable individuals, privacy obligations will emerge.
Not all data governance challenges entail privacy challenges. Public environmental data, for example, is unlikely to entail associations with particular individuals. However, one of the challenges that arises in stewarding data generated by smart city applications is the “identifiability” of data associated with individuals – including ostensibly anonymous individuals. This will particularly arise where geographic data can be associated with individuals who may prove surprisingly identifiable.
Data trusts in particular face privacy issues. Often trusts-like stewardship models are proposed to overcome challenges with obtaining consent to the collection of data that may include personal information. For example, data collected in public spaces may well include personal information derived from the movement and activity of individuals through that space. Trusts have been proposed as solutions to the challenge of obtaining consent from such individuals.
Data governance vehicles must include privacy compliance as an essential element of responsible stewardship.
Data deidentification. Include de-identification strategies as standard where information is to be shared with third parties and consent is unavailable. If personal information absolutely must be collected, it should be stripped away as soon as possible.
Capture data impersonally. Where data governance objectives don’t require personal information, don’t collect it.
Data-fuzzing. Employ data-fuzzing techniques to preserve privacy. For example, do not include start and end points in route data so that a particular route cannot be traced to an individual. Similarly, fuzzing data of sensitive areas provides an additional layer of security for personal information.
De-identify at the source. Many data collection technologies allow for collection of less granular data.
Ensure that partners or contractors follow collection restrictions. When purchasing data from private companies, ensure that they are upholding their own privacy obligations under relevant legislation.
Follow good privacy practices.
Data governance is closely connected to data security. Indeed, overseeing access is a core data governance activity.
Encryption tools and strategies will protect data in storage and in transit while securing access rights to stewarded data.
Many of the same solutions to privacy issues will address security issues: e.g., de-identify at source if possible, or as soon as possible if otherwise. Where personal information is collected, it should be held in a secure location.
Follow good security practices
Data governance can include managing access and sharing of data in which an entity enjoys intellectual property rights, such as copyright or confidential information rights.
In dealing with confidential information, non-disclosure agreements will often include crucial details over conditions of access, including: (a) the term of use (i.e., an expiry date); (b) the identities of individuals who may access the information; (c) the permitted uses of the information; and (d) storage conditions (for example, the data may be required to be encrypted and may not be duplicated).
License terms of original compilations of data protected by copyright may similarly include conditions of access, such as terms, permitted uses, and other such restrictions.
Carefully review intellectual property issues.
Data governance implies purposive stewardship: data flows are being managed, but to what end? To whose benefit?
Municipalities embracing smart city approaches face the challenge of ensuring that all residents benefit from such approaches.
They also face the challenge of substituting special interests for resident interest. For example, while consumers undoubtedly benefit from private sector research and innovation, it does not follow that municipal residents would necessarily agree to disclose their data to commercial interests for such purposes.
Trust-like data stewardship structures should have a well-defined trusteeship model. Such models should identify data beneficiaries and in administer access and exploitation decisions on a good faith assessment of the best interests on those beneficiaries.
Multi-stakeholder forum models are not well suited to act as trustees in such structures since, by definition, the loyalties of representatives are divided. Multi-stakeholder forums may nonetheless provide essential inputs enabling informed trustee decision-making.