There's no doubt the UK is leading the way in open government data. Almost 17,000 datasets are now available on the data.gov.uk website – and the benefits of sharing data with the public are obvious: according to theOpen Data Institute, it has the potential to increase custom for services and products, ease information sharing with other organisations, reduce maintenance cost and encourage innovation.
Perhaps most convincingly of all, open data is predicted to deliver a £2bn boost to the UK economy in the short term, with a further £6-7bn further down the line.
Yet simply declaring data public does not automatically make it practical or meaningful. It has to be secure, accessible and presented to users in a format that is easy to use and make sense of.
The huge amounts of sensitive information - such as patient records, payment details or personally identifiable information (PII) – released could potentially be at risk of breaches and misuse. As a result, government is faced with having to find a solution that protects the privacy rights of the individual while at the same time providing organisations with valuable data.
Too much or too little security and the project could be rendered useless – or worse, pose a serious threat.
Here are some key considerations that need to be addressed to master this delicate balancing act:
When dealing with highly sensitive information a number of questions should be considered up-front. What data is useful in the first place? How should it be made available? Will people be able to make sense of it? Does presenting large volumes of data present an aggregated risk? Whose responsibility is the implementation of the project? And, crucially, can we trust that the data is shared in a secure, compliant manner?
In an age where state sponsored attacks are a reality, hackers are organised and relentless in their efforts to access valuable information from governments around the world. Providing global public access to data on the entire doesn't just open up data – it also opens up new threat vectors to be exploited by those with malicious intent.
Securing and making use of open data is about more than just technology – people, processes and infrastructure have to be integrated and users need to be educated in how to access, make use of and store data in a responsible manner. They need to be given tools that monitor, analyse and mitigate attacks reliably without restricting – or complicating – access to data.
Perhaps the most important point to consider in our rush to share information is just what data should be released in the first place.
Every copy that leaves the government's servers poses an additional security risk – once in the public domain it is impossible to ever truly regain control over it as it is copied and shared across the web.
Open data can constitute a huge asset for the way information is shared, used and absorbed in the UK and across the globe. However, it is vital that if data is released it has to be done in a secure, sensible fashion – and while the government does not have the technology and regulations in place that will guarantee protection the most sensitive data should be kept under lock and key.
Graeme Stewart is director of UK public sector strategy at McAfee