Skip to content

Data Publishing Policies

Data management policies are the foundation of responsible and effective data governance in any organization or institution. They provide a structured framework for handling data, ensuring that it is collected, stored, processed, and shared in a consistent, secure, and compliant manner.

These policies serve as essential guidelines that not only protect the integrity and privacy of data - where needed - but also promote transparency, accountability, and trust among data stakeholders. By clearly outlining the rules and procedures for data management, these policies help city administrations mitigate risks, optimize data usage, and uphold legal and ethical standards.

In an era where data plays a pivotal role in decision-making, having well-defined data management policies is paramount to harnessing the full potential of information assets.

There are a few major data management policies which are important to know and to use as a guideline in the daily data management tasks.

Data Privacy Policy

Defines how personal and sensitive data is handled, ensuring compliance with privacy laws, data encryption, and user consent for data usage.

  • Protect Sensitive Information: Safeguard personal and sensitive data with strong encryption, access controls, and regular security assessments (e.g. passwords)
  • Anonymize Data: Anonymize or pseudonymize personal data in datasets or resources to minimize privacy risks
  • Data Audit Trails: Maintain detailed audit trails to track data access and changes for accountability, e.g. by versioning metadata or resources. E.g. this can be done by a specific title: fuel prices 2020-2021
  • Data Protection Impact Assessment: Conduct DPIAs to evaluate and mitigate privacy risks before publishing new datasets

Data Quality Policy

Establishes standards for data accuracy, completeness, and timeliness, ensuring high-quality and reliable datasets.

  • Data Validation: Implement automated data validation checks to detect and correct errors. Manual checks can help e.g. if external links are still valid
  • Metadata Standards: Ensure accurate and comprehensive metadata to aid data discovery and interpretation. Review metadata standards and dataset compliance (e.g. against DCAT standard)
  • Version Control: Maintain version control for datasets, clearly documenting changes and updates. Use a metadata field with the version number (see semantic versioning, e.g. version number 1.2.1)
  • User Feedback: Encourage users to report data quality issues and act promptly to address them.
  • Data Documentation: Provide comprehensive data documentation where the data originates from, including data lineage and sources, to enhance data trustworthiness.

Data Access and Sharing Policy

Outlines rules for data accessibility, including who can access data, under what conditions, and any associated fees or restrictions.

  • Access Control Lists (ACLs): Maintain well-defined ACLs to restrict writable data access to authorized individuals and roles (e.g. by organization admins or members)
  • User Training: Educate portal users on access request procedures and data usage guidelines
  • Audit Access Requests: Thoroughly review data requests from users, verifying the legitimacy and necessity of publishing requirements
  • Regular Access Reviews: Periodically review and update access permissions, revoking access when necessary
  • Data Sharing Agreements: Establish clear data sharing agreements outlining access conditions and restrictions (see also: data licencing)

Data Security Policy

Details measures to protect data from unauthorized access, breaches, and data loss, encompassing encryption, access controls, and regular security audits.

  • Regular Security Audits: Conduct routine security assessments and penetration testing to identify vulnerabilities
  • Incident Response Plan: Develop and regularly update an incident response plan to address security breaches
  • Employee Training: Train staff on security best practices and enforce strict four-eye-principles when releasing datasets to the public (switching from private to public visibility)
  • Patch Management: Keep software and systems up-to-date with the latest security patches and updates.

Data Licensing and Attribution Policy

Defines how users can use and share data, including licensing terms, attribution requirements, and intellectual property considerations.

  • Clear Licensing: Ensure that licensing terms for each dataset are clearly defined and prominently displayed. Every dataset should have a license attached. Refer to the standard license set in the TUMI datahubs
  • Attribution Guidelines: Specify how users should attribute data sources when they use or share the data. Details are specified in the licences.
  • License Compatibility: Ensure that licensing terms align with the portal's mission and the broader open data community's expectations.
  • Consistency: Maintain consistency in licensing across datasets to avoid confusion among users.
  • Monitor Compliance: Regularly monitor and enforce licensing and attribution compliance, addressing violations promptly.

Data Governance Policy

Establishes roles and responsibilities for data management, including data stewardship, data ownership, and decision-making processes.

  • Establish Governance Board: Form a governance board responsible for overseeing and enforcing data management policies.
  • Decision Accountability: Clearly define roles and responsibilities for data governance decisions, including data stewardship.
  • Regular Audits: Conduct periodic audits to evaluate compliance with data policies and make necessary adjustments.
  • Feedback Mechanism: Establish a feedback mechanism for users and stakeholders to provide input on governance decisions.
  • Policy Evolution: Be prepared to adapt governance policies as the portal evolves and user needs change

Data Transparency and Openness Policy

Promotes openness by mandating transparent metadata, data documentation, and accessibility standards to foster trust and accountability in data sharing.

  • Open by Default: Make data open and accessible whenever possible, following open data principles.
  • Clear Transparency Guidelines: Define and communicate transparency standards for data publication, including metadata transparency.
  • Open Formats: Publish data in open and interoperable formats to maximize accessibility and usability. Get to know the 5-Star-Schema and use higher levels wherever possible.
  • Release Timeliness: Strive to release data in a timely manner, reducing unnecessary delays.
  • Engage Stakeholders: Engage with stakeholders and the open data community to gather input and ensure transparency aligns with user expectations.