This Toolkit contains two methods to manage risk in publishing open data.
Method 1: Privacy Edition
This is a step-by-step process to assess the release of de-identified sensitive or protected datasets on the SF Open Data portal. Sensitive or protected data is generally data that is protected by privacy law or regulation, identifies individuals, could be misused to target individuals and/or poses other concerns.
We seek to publish data responsibly. This requires a balancing of competing factors, such as:
- the value of publishing the data,
- an individual’s expectation of privacy,
- repercussions to an individual or the organization from re-identification, and
- the likelihood of re-identification.
Method 2: Security Edition
The security edition is for datasets that pose security (versus privacy) risks. Your data may not contain any data about individuals, but it may contain data with the following kinds of risks:
- Life / safety
- Rights / Intellectual Property
The Security Edition follows a 4 step process to manage security risks. Includes an appendix with a worksheet.