8.2 Developing or improving responsible data practices
Now that you have reflected on the key stakeholder you would need to get on board, read through the following slides, and then continue to take the small quiz.
A responsible data management strategy can help you to systematically think about your data management practices. As has been explained in other sessions (Session 4) responsible data management goes beyond privacy, it is a holistic approach of how data is managed, including for example which data is opened up. Having a strategy in place can help you to apply these practices systematically not only in your projects but in the general practice of your institution.
There is no one-size fits all what such a strategy should look like. For some institutions, a strategy can be about having very clear narrowed-down guidelines, templates and frameworks on how to handle data, for others it might be rather about defining overall values on what responsible data means for their institution, others might use a strategy as an umbrella for a wider range of activities in the context of open data, data protection and citizen engagement. In many cases it might be also about reviewing and adjusting existing policies integrating the concepts and values of responsible data handling.
Generally, a responsible data strategy should be directed towards two directions: Internal and the external. A very easy first step is to set up an internal Working Group that meets regularly. This Working Group can consist of a wide range of individuals in the organisation. For example, an internal “data working group” could consist of staff from
- The IT department
- Innovation Department
- Statistics Department
- Legal Department
- Citizen Engagement experts
- Management representative
One part of the internal measures should be a responsible data handling strategy, which ideally covers the following aspects:
- Data processing: what data is collected, how is it processed, where is it stored, how is it protected, who has access to it, and who is it shared with.
- Staff digital security practices: the organizations digital security choices, best practices and processes.
- Human resources: digital on- and off boarding, opportunities for responsible data management trainings, and confidentiality clause
- Infrastructure: how the organizations implements, updates, secures and tests it systems
- Roles and responsibilities: who are responsible for the implementation of the policy.
- Information: Who can staff turn to with their responsible data questions.
- Emergency response: What are the processes and procedures when something has gone wrong.
- Review process: how are processes and decisions documented, when are decisions and process reviewed.
Have a look at these principles for US municipalities proposed by the Sunlight Foundation: Protecting data, protecting residents (2017). 10 principles for municipal authorities on managing data
Another important dimension of responsible data management is the involvement of external stakeholders. Sometimes this can be difficult, because historically government insitutitions, like city departments, tend to work without a lot of external input. However, involving external stakeholders highly benefits projects and processes.
Groups that can give valuable input are for example:
- External experts
- Private Sector
- Civil Society Groups
- Start ups
One way of involving these stakeholders is through a systematic approach. For example, by inviting representatives of these groups to join a steering committee that supports your work on data and innovation. The city of NY has an external advisory group to review their applications of algorithms. The group consists of representatives from academia, civil society, start ups and the private sector.
Who could be participants of such a committee in your city?
Working directly with citizens is often new to institutions. In particularly, when it comes to consulting citizens at an early stage and involving them in the design process. However, this can help you to improve the service you are planning or even to come up with an idea of a new service. This approach is also called human-centered design – designing technological solutions focusing on the human need and not on the product.
Watch this video by Ideo to get an idea what human-centered design is all about:
You see that citizens and other stakeholders can be involved at the entire design process of your service, from the inspiration phase to implementation.
When it comes to the data aspect of a project, citizen and civil society can give you valuable input: what kind of data sharing do people feel comfortable with, which data do they not want to share, how would they want to be asked to share the data, what are their expectations of what will happen with the data?
This article of the city of Barcelona gives you a good idea why citizen’s opinions is so important in developing technology solutions that make a difference.
Lastly, you might consider to develop guidelines that function as a compass on how data will be handled within the organization. To this end, the goal of guidelines is not so much about laying out detailed processes and practices, but rather about values and principles that your institution finds relevant. Of course, also these guidelines benefit immensely from external input, and can in fact be a great way of systematizing your involvement with external stakeholders.
You can get some inspirations from the following examples:
- Recently the city of Amsterdam, New York and Barcelona signed a Declaration of Cities Coalition for Digital Rights which include five aspects. Cities can join the movement https://citiesfordigitalrights.org/
- The UK government developed a Data Ethics Framework to set out principles for how data should be used in the public sector; as a byproduct they developed a Data Ethics Workbook, which dicusses a number of relevant questions.
- Several organisations signed the “Principles for Digital Development”, nine principles that are supposed to guide how digital projects are set up
- Institutions such as GIZ or Oxfam recently developed “Responsible Data Policies”.