| Abstract | With the advances in geomatics technologies (i.e. applications, data storage capacities and communication bandwidth), the extensive efforts expended in collecting geospatial data (field surveys,
monitoring systems, imagery) and the pervasiveness of the Internet, geomatics users expect easy access to an unprecedented variety of geospatial datasets. This expectation is mirrored in the basic principles of most government data management
organizations which encourage the sharing of data for the greater societal good.
However, while access to data is increasing, there is also a growing recognition of the extent to which barriers exist in sharing or accessing of sensitive geospatial
data. A 2006 Environics survey not only identified the barriers in sharing data (privacy and confidentiality issues, licensing and ownership issues, and liability issues and broader data sensitivities) but found that removing such barriers to sharing
data were felt to be the most important data issue to mitigate. In a 2006 workshop facilitated by GeoConnections, communities engaged in land management, environmental impact assessments and sustainable development (collectively referred to as the
Environmental and Sustainable Development (E&SD) communities) identified several data sharing issues including the need to develop data-sharing agreements, facilitate open access, conduct further investigations and provide guidance on how to share
data of a sensitive nature.
To respond to these needs, GeoConnections contracted AMEC Earth and Environmental to conduct research and stakeholder consultation in supported of the development these Best Practices.
The purpose of these Best
Practices is to educate Data Contributors, Owners, Custodians, Stewards and Consumers of the issues and concepts associated with protecting, sharing and utilizing sensitive geospatial data, with a focus on supporting programs, services, businesses
and / or applications related to the Environment and Sustainable Development (E&SD) community. The intention is to provide practical guidance to those interested in developing their own sensitive environmental geospatial data sharing policies and
protocols.
In reviewing the literature, surveying organizations and practitioners, and through consultation by workshops, it was determined that perspectives range widely on what might be considered sensitive environmental geospatial data. It was
also found that there is no consistent mechanism for assessing whether a dataset should be classified as sensitive or not. What was revealed was that the concept of sensitivity changes with context (time and recent events), an organization's
regulatory environment (legislation, policy, competition, etc.), jurisdictions and the personal views of Data Contributors/Owners/Custodians and in actuality, there is considerable intertwining of these elements. Anyone who is assessing a dataset to
determine whether it should be considered sensitive or not should be aware of these elements and the potential impact on the credibility of their organization if sensitive data is mistreated.
The first significant question to be answered is “What
is sensitive geospatial data?” and how is it determined to be sensitive or not. What defines data as sensitive is related to legislation, regulations and policies governing an organization as well as standards adopted by the organization.
With the
focus on the E&SD community, the emphasis is on sensitive “environmental” geospatial data as a subcategory of sensitive geospatial data. The Guidelines consider environmental geospatial data to be thematic geospatial data that could be used for
analysis in areas such as environmental impact assessments, land use planning, land management, sustainable development, resource management, airshed management, etc.
Due to the diversity of what can make a dataset sensitive, these Guidelines
propose a categorization of sensitivity to assist an assessor (typically the Data Custodian) in understanding which aspect of sensitivity may apply to the dataset they are reviewing. In addition, each organization has to establish and publish its own
criteria that allow the assessor to determine whether the dataset being reviewed is sensitive and justify why or why not. These criteria have to be established on an organization by organization basis due to the diversity of the data organizations
handle and the specifics of the regulatory environment under which each operates.
It is prudent that each organization develops these criteria independent of any specific dataset, establish them in advance of any dataset assessment, document the
criteria and have it vetted by an authorized organizational representative (legal or policy). This step is critical in establishing not only the process but provides a documented baseline for justifying the classifying of a dataset as sensitive if
challenged at a later date.
Understanding these categories will also assist in defining the metrics for establishing what is to be considered sensitive data. Data can generally be categorized as sensitive geospatial data if it meets any of the
following criteria:
1. Legislation/Policies/Permits - the data is identified by legislation as requiring safeguarding. The most prominent legislation in this regard is the federal Privacy Act - safeguarding the data is required if an individual
can be identified, either directly by georeferenced information (such as the geo-coordinates of an address) or indirectly through the amalgamation of geospatial data and related attributes;
2. Confidentiality - the data is considered confidential
by an organization or its use can be economically detrimental to a commercial interest;
3. Natural Resource Protection - the use of the information can result in the degradation of an environmentally significant site or resource;
4. Cultural
Protection - the use of the information can result in the degradation of an culturally significant site or resource; or
5. Safety and Security - the information can be used to endanger public health and safety.
Numerous articles have identified
the need for organizations to establish frameworks for identifying and sharing sensitive data. This need is driven by:
• The requirement to support open government by making data readily accessible unless there is a legitimate and documented
reason not to;
• Be consistent within an organization and across jurisdictions so that the mechanisms required to share the data are also applied consistently; and
• Document criteria and processes so that users can search out that the data
exists, be made aware of any decisions relating to the safeguarding of the data and know who to contact to request access to safeguarded data.
The Best Practices identify basic principles that can be applied to assessing sensitive environmental
geospatial datasets in order to classify sensitivity consistently:
1. Unless the dataset is classified as sensitive it can be provided free of restrictions;
2. Information can not be considered sensitive if it is readily available through other
sources or if it is not unique;
3. The Data Custodian of the information is the only agency that can determine whether an environmental geospatial dataset is to be classified as sensitive;
4. Data Consumers of sensitive environmental geospatial
datasets must honour the restrictions accompanying the information in the form of an agreement, license and/or metadata; and
5. Organizations should document and openly publish their process, criteria and decisions.
These Best Practices also
present an example decision framework for assessing whether an environmental geospatial dataset is to be classified as sensitive. This framework has been adapted from the US Federal Geographic Data Committee (FGDC) document Guidelines for Providing
Appropriate Access to Geospatial Data in Response to Security Concerns. As the FGDC guidelines are primarily concerned with Security and Public Safety, this framework has been modified to accommodate sensitive environmental geospatial data.
Once a
dataset is defined as sensitive and the organization's regulatory environment is understood then the appropriate mechanisms for sharing become apparent. In most cases instruments such as agreements or licenses are sufficient, in other cases the
sensitivity must be removed from the dataset before it is shared and in other cases approval is given to a Data Consumer on a case by case basis. Regardless of the mechanism put in place, it essentially comes down to the Data Custodian trusting that
the data will be adequately safeguarded by the Data Consumer and the mechanisms they have in place sufficiently limit the risk of inappropriate treatment of the data. Furthermore, there are numerous examples of data collection programs where Data
Contributors contribute sensitive data content on a regular basis to the Data Custodian and the Data Contributors trust that their contributions are adequately safeguarded otherwise future contributions may be terminated.
At its core, the
successful long term sharing of sensitive environmental geospatial information is about trust, risk management, the credibility of the participating organizations and their overriding desire to disseminate information.
Successful sharing of
sensitive geospatial information lies within the mechanisms used to: present the underlying knowledge yet remove the sensitivity; the instrument that defines the conditions of use and protection; and, training of participants to ensure that they are
cognizant of their roles and responsibilities. Those sharing or accessing geospatial data may use a combination of mechanisms to ensure data is shared and used responsibly and that the credibility of the process is maintained.
It is intended that
these Best Practices provide the reader with sufficient insight and links to resources in order to assist them in implementing a consistent and documented approach to managing and sharing sensitive environmental geospatial data within their
organization. The document is intended as a living document, and may be updated as related practices mature and the user-community needs evolve. |