Privacy Risk Assessment Use Case
GitHub POC and Email Address: @k-finch | kfinch [at] fpf.org
Affiliation/Organization(s) Contributing: Future of Privacy Forum (FPF)
While the transparency goals of the open data movement serve important functions in cities like Seattle, some municipal datasets about the city and its citizens’ activities carry inherent risks to individual privacy when shared publicly. In 2016, the City of Seattle declared in its Open Data Policy that the city’s data would be “open by preference,” except when doing so may affect individual privacy. To ensure its Open Data Program effectively protects individuals, Seattle committed to performing an annual risk assessment and tasked the Future of Privacy Forum (FPF) with creating and deploying an initial privacy risk assessment methodology for open data.
This Report first describes inherent privacy risks in an open data landscape, with an emphasis on potential harms related to re-identification, data quality, and fairness. To address these risks, the Report includes a Model Open Data Benefit-Risk Analysis (“Model Analysis”). The Model Analysis evaluates the types of data contained in a proposed open dataset, the potential benefits – and concomitant risks – of releasing the dataset publicly, and strategies for effective de-identification and risk mitigation. This holistic assessment guides city officials to determine whether to release the dataset openly, in a limited access environment, or to withhold it from publication (absent countervailing public policy considerations). The Report methodology builds on extensive work done in this field by experts at the National Institute of Standards and Technology, the University of Washington, the Berkman Klein Center for Internet & Society at Harvard University, and others, and adapts existing frameworks to the unique challenges faced by cities as local governments, technological system integrators, and consumer facing service providers. The Report concludes by detailing concrete technical, operational, and organizational recommendations to enable the Seattle Open Data Program’s approach to identify and address key privacy, ethical, and equity risks, in light of the city’s current policies and practices.
Notes: Templates for the Model Benefit-Risk Assessment (https://fpf.org/wp-content/uploads/2018/01/Model-Benefit-Risk-Analysis.pdf) and the Program Maturity Assessment (https://fpf.org/wp-content/uploads/2018/01/Program-Maturity-Assessment.pdf) are available separately, as well.
Future of Privacy Forum website: https://fpf.org/
City of Seattle Executive Order 2016-01: http://murray.seattle.gov/wp-content/uploads/2016/02/2.26-EO.pdf
Contribute your privacy risk assessment use case.