Research and analysis

Access to Geospatial Data

Updated 16 December 2020

1. Introduction

Many organisations hold data that could be valuable to others but choose not to publish because of concerns about risks that may or may not exist. In the absence of a standard assessment process, data stewards are frequently left to make the call and end up publishing datasets that should not be released and not publishing datasets that should.

An assessment process, consistently applied, would mitigate both these issues and protect publishers, data users and the public from the inappropriate release of data. Where a genuine risk exists that prevents data from being released, for a richer user experience, the reasons for not publishing a dataset can be stated in the data catalogue.

2. What we did

Data Sharing considerations: A data sharing assessment should start from the point of view that the data should be shared unless there are sound reasons not to. It should ensure publishers consider the most important risk factors associated with publishing their geospatial data. Following a number of workshops, the factors were identified as:

• Personal data: Does this dataset contain personal data as defined by the General Data Protection Regulation 2018?
• Third party intellectual property: Would sharing this dataset result in a third party supplier agreement or third party intellectual property rights being breached?
• National security: Does the dataset contain information, that if shared, would pose a national security risk?
• Anti-competition legislation: Does sharing this data impinge on anti-competition law?
• Existing licence infringement: Have you published the dataset already under a licence or agreement that would constrain you from licensing again?
• Commercial interests: Would releasing the dataset potentially damage the commercial interests of the data publisher or a third party supplier?
• Data quality: Is a dataset quality caveat required for end-users?
• Ethics: Are there any ethical issues that need to be managed? For example, is it likely to result in fraudulent activity?
• Data Sharing Assessment tool (ods, 132 KB): The factors above were built into a simple, freely available tool to help data publishers responsibly publish data. Guidance is available as how to mitigate any issues as identified as part of the assessment. The images below show an extract of the DSA tool.

3. Recommendations

1. The DSA process and tool should be used whenever a new dataset is conceived. It is preferable to use the process to identify risks and take appropriate action at the design stage.

2.Create and maintain data sharing metadata to understand and document:

• whether a dataset has been risk-assessed;
• when the assessment was run and when/if it is due for review;
• what, if any, mitigation has been put in place; and
• what the outcome of the assessment is.

3.To maximise the value of this process it should be integrated with data publisher’s internal data cataloguing solutions. This may result in the process being converted from Excel into an environment that supports dynamic update of the data catalogue and links to machine-readable licences.

4. Benefits

1. The tool is a framework that provides a consistent, robust method for confirming that data has been assessed and any possible concerns have been addressed.
2. Data publishers wishing to share data but who don’t have relevant expertise or governance in place can use the tool as a starting point, providing guidance and an audit trail.
3. More datasets will be published where the assessment finds no reason to restrict access. Also, datasets that have been published but later fail the assessment, will be restricted.
4. Drives a culture of sharing data responsibly.