Privacy Policy
In Open Data Policy
See also the Open Data Policy page for relevant clauses on privacy.
Segregation
From New York State Freedom of Information Law:
When records maintained electronically include items of information that would be available under this article, as well as items of information that may be withheld, an agency in designing its information retrieval methods, whenever practicable and reasonable, shall do so in a manner that permits the segregation and retrieval of available items in order to provide maximum public access.
Assessment
Seattle’s Open Data Candidate Requirements and Risk Evaluation rubric covers some privacy considerations
Data submitted to data.gov requires the submitting agency to conduct a Privacy Impact Assessment - http://www.data.gov/datapolicy
Provenance & Accountability
Privacy coverage in the W3C guide on Putting Government Data Online:
A very common and important concern is the privacy of data which contains personally identifiable nformation. This article does not suggest that all data should be made public, nor does it discuss issues with anonymisation of data. Systems where PIP is an issue will probably not be an early choice when selecting those to put on the web. However, in cases in which these issues have already been resolved and the data is already public but not in the standard form, converting it to Linked Data is an excellent idea. In general, new government systems should be built to be aware of the provenance of the data they use, and of the appropriate use to which it may be put. But the design of these accountable systems is another topic we do not have space for here.
US Federal Policy
Each executive branch agency submitting datasets to data.gov must comply with privacy requirements in the Privacy Act of 1974, the E-Government Act of 2002, and OMB guidelines for privacy and security. The OMB guidelines include the mandate that agencies must not post PII on Data.gov. The guidelines also explicitly recognize “mosaic concerns,” or the idea that increasing the availability of government data to the public in easily accessible and interoperable forms, and the collection of many datasets disseminated jointly, may increase the risk of privacy and security breaches.[1] In addition, Data.gov’s own privacy policy requires that agencies providing access to data they own or control through the Data.gov portal must make Privacy Impact Assessments or System of Record Notices and publish them on their websites.[2]
[1] Office of E-Government and IT & Office of Management and Budget, Data.gov Concept of Operations Version 1.0 at 22, 24 (n.d.), available at http://www.data.gov/documents/data_gov_conops_v1.0.pdf
[2] Data.gov, Data Policy, http://www.data.gov/datapolicy.