Safeguarding sensitive information shouldn’t be an all or nothing proposition

by
computer keyboard access denied key

At Sunlight we’ve long emphasized the importance of proactively releasing public information online. It has continually been an emphasis of our Open Data Policy Guidelines, which are meant to serve as a resource showing what open data policies can and should do. We believe the open data policies being adopted across the country (and the world) can raise public records access to a higher standard by enforcing the principle that public information should be open by default.

Providing this level of access comes with challenges, however. Although government information is public information, sometimes the information collected would be sensitive to release to the public — especially when it comes to proactive, online release or release in bulk. Information about crime is one example of a dataset that can be harmful to share in this way. Though the right to access information about crime is often established in public records laws and enables critical reporting about public safety issues, crime data intrinsically includes sensitive details. This data should only be released with careful thinking about what information might infringe on the privacy or security of those impacted.

This kind of case illustrates a necessary element of safeguarding any sensitive information: using a balance test to think through what should or should not be released. Safeguarding of information can only be done appropriately with a balance test that asks whether the potential harm from releasing the information outweighs the public interest in accessing the information. The matter of what outweighs something else is subjective, but language can be carefully crafted to weigh specific elements of public interest and potential harm. It brings an important thought process into the decision of whether to withhold information from proactive online disclosure.

In our Open Data Policy Guidelines, the principles of safeguarding sensitive information and using a balance test used to be separate provisions. In the latest iteration of the Guidelines, we’ve made an update reflecting that safeguarding sensitive information can only be done appropriately with a balance test. Without this process to prove how the public interest was considered, any sensitive information being withheld should be subject to scrutiny as to why it is not being released.

The balance test doesn’t have to be an all or nothing proposition. Safeguarding can and should be done with varied interests taken into account and with consideration for different levels of access. That’s why we also updated the provision about safeguarding sensitive information to highlight the importance of considering things like access for researchers. While some information might be too sensitive to release proactively online, or release in bulk, academics and nonprofit researchers often use this kind of information to provide important insights about communities and policies. Access to sensitive information for these academics and researchers comes with the understanding that they should protect the information and only release it in ways that limit the potential for harm. The limited access can have beneficial findings and impacts while keeping sensitive information shielded. This privileged information-sharing should not, however, be given priority over full public release. This route should only be taken when the potential for harm outweighs the public interest in access, but privileged access could yield important insights.

Following those principles, selective redaction of sensitive information can also empower important findings. Rather than refusing to release all of a dataset due to one problematic element (or even a few), the sensitive information should be redacted and the rest of the dataset should be released. Once again, selective access or information sharing should only be done with appropriate balance tests.

Safeguarding sensitive information is a necessary, if challenging, aspect of open data. Balance tests are necessary for this safeguarding to be done appropriately. For that information where the public’s interest in access outweighs the potential harm of release, the information must be shared proactively online, upholding the standards of open data and empowering access for all.