Let's start with what can't be shared:
- Name
- Full address
- Unique identifier for the data record
- Nearly all combinations of data elements within the record
The first two are obvious Data Protection precautions; the last two are less obvious precautions for the same reason: they make it possible to identify the individual data subject.
Any data extraction for release as open data must specify the required data elements. Required fields need to be selected for extraction rather than having fields not required filtered out post-extraction. This prevents any accidents. Once data's openly out in the wild it's out in the wild.
"Registration location" and "Library/libraries used" (if available) are both safe in themselves as they aren't personal data and will have data sets broad enough not to be able to identify individual data subjects. They could be combined with each other and any one of the following:
- Category (e.g. type of borrower)
- Ethnicity
- Disability
- Gender
- Year of birth/age in years (if only date of birth can be extracted then this data shouldn't be used)
The data extract could be:
Bedlam Library Child
Bedlam Library Child
Bedlam Library Adult
Bedlam Library Adult
But not:
Bedlam Library Child Male
Bedlam Library Child Female
Bedlam Library Adult Female
Bedlam Library Adult Male
Any two of these could be combined:
- Category (e.g. type of borrower)
- Ethnicity
- Disability
- Gender
- Year of birth/age in years (if only date of birth can be extracted then this data shouldn't be used)
A postcode dump for the whole library authority could be made available but not combined with any other data because of its very specific nature for identification purposes.
I think that's pretty much it. And I'd still want to run it by an Information Governance expert before going ahead (and for them to check my Privacy Impact Assessment).
No comments:
Post a Comment