MetroLab

Data Integrity and Data Protection/Cybersecurity

06.20.23 | 9 min read

This is a section of the Model Data Governance Policy & Practice Guide for Cities and Counties. Learn more about the report and find the other sections here.

Section Notes

Purposes. Doing public good with Data requires that the Data is of sufficient quality/integrity, is properly accessible, and is stored safely. Recent cybersecurity incidents faced by city and county  governments very clearly highlight the importance of strong information security and privacy preserving practices when governments collect sensitive personal information.  This Section 3 offers recommendations regarding data quality/integrity and data protection and security standards and practices, as well as measures to lessen risks of damage from data breaches or cybersecurity attacks, in relation to intra- and inter-departmental data processing activities. Note: various levels of designated Data classifications require different and unique process considerations. Please refer to Section 1 for recommendations regarding Data classifications.

Prominent Challenges Addressed. The initial working group that led to the MetroLab Data Governance Task Force identified several scenarios, challenges, and considerations in connection with Data integrity, Data Protection, and cybersecurity, including:

Quality and Security Measures, Compliance, and Audit Mechanisms

Note: cybersecurity is a complex endeavor with several processes to consider. This section is a high-level overview, with auditing being a particularly key tool to ensure cybersecurity measures are in place.  

Data Quality and Integrity

“Data Quality” is critical to avoid garbage in garbage out. Once data is acquired, every data pipeline should go through a Data quality check. A Data quality check includes assessment of Data accuracy, validity, timeliness, and completeness. Jurisdictions  can set up review processes and steps to assess Data quality. Baseline Data assessment should include the following:

As capacity allows, Jurisdictions can embed the baseline quality checks and other auxiliary tests in the acquisition process itself. Datasets that fail baseline assessment should trigger a warning to the Data owner and initiate a review and correction process.1

“Data Integrity” goes beyond Data Quality which is primarily limited to checking for errors or anomalies in the dataset. Ensuring Data Integrity requires ensuring (to the best of your ability) that the Data is internally consistent and as free of bias as possible.2

Data Security Policy

The Jurisdiction should adopt a formal, written “Data Security Policy” for establishing and communicating  Data security requirements across all Jurisdictions departments and agencies. The Data Security Policy  should: 

Data Handling Systems

All Data or data systems (hardware or software)used by the city or county, its representatives, and Applicable Third  Parties, or interconnected to the Jurisdiction’s network(henceforth referred to as a “Data Handling System”) shall provide mechanisms for compliance with the Jurisdiction’s  Data Security Policy.  Such mechanisms should include, without limitation, the following: 

a. All Data Handling Systems shall be subject to a security assessment and  tested for vulnerability to unauthorized access or use prior to deployment. These scans should be done on regular schedule as determined by the Chief Data Officer. If a  Data Handling System employs any means of credit card transactions or  interfaces with third party systems that employ such transactions, such Data Handling System shall comply with the provisions of industry standards such as the Criminal Justice Information Standard (CJIS) or the Payment Card  Industry (PCI) Data Security Standard.

b. The city/county shall take additional precautions with respect to all Internet-accessible  Data Handling Systems to safeguard against unauthorized information  access or manipulation by outside actors. The Chief Technology Officer (or other appropriate leader of security and/or Information Technology on a city-wide basis) shall from time  to time promulgate a series of tests using up-to-date federal standards for  information assurance to ascertain the security of all Data  Handling Systems against: 

Compliance

A compliance approach is necessary by supporting a structured team or implementing a standard process. Working with IT department teams to ensure that those requirements are implemented, and documentation is maintained is critical. This is a significant amount of work. If capacity is restricted, consider whether this is internal or external compliance (i.e., holding vendors accountable to requirements and audit checks).  

The Jurisdiction’s Data Security Policy and Data Handling Systems shall comply with all applicable laws,  regulations and the Jurisdictions policies and practices. The city/county shall comply fully with applicable Public Disclosure Laws.5 Legal notices and copyrights shall be included for disclosure purposes. 

Security Audits

The city/county should conduct a periodic “Security Audit” at such intervals as are determined by the Controlling Authority and under the supervision of a recognized independent audit authority approved by the Controlling Authority.  The primary functions of the Security Audit are to evaluate all  Data Handling Systems  and other mechanisms in place to ensure compliance with the Data Security Policy, protect  information assets, and properly dispense information to authorized parties. Security Audits shall  include evaluation of each pertinent system’s internal design. Such evaluation must include, but  is not limited to, efficiency and security protocols, development processes, and governance or  oversight. Installing controls is necessary but not sufficient to provide adequate security. Security  Audits must include a report on the implementation of this Policy. The auditor must consider  whether the controls are installed as intended, if they are effective if any breach in security has  occurred and, if so, what actions can be taken to prevent future breaches. These inquiries must  be answered by independent and unbiased observers employed by the auditor performing the  task of information systems auditing. The following principles and actions should be among those  included in each Security Audit: 

Web Presence Audits

The extension of the Jurisdiction’s presence beyond its internally controlled Data Handling Systems, network, and management domain (e.g., the adoption of social media by the enterprise along with the proliferation of cloud-based tools such as social media management systems) requires the city/county  to incorporate Web Presence Audits into the Security Audit. The purposes of such Web Presence Audits are to ensure that the Jurisdiction and Applicable Third Parties are taking the necessary steps to: 

Network and Communications Systems Audits6

The city/county should audit its network, including all interfaces and interconnections with third party  networks and infrastructure, and its communications systems, whether controlled internally or  purchased as a service, for compliance with the Jurisdiction’s Data Security Policy. The “Network and  Communications Systems Audit” should ensure that the Jurisdiction’s network and communication systems: 

For sample approaches to Data Security Policies, Data Handling Systems, cybersecurity, and  related policies and practice tools, see the resources linked in the Data Management and Cybersecurity sections of the Resources Library.

Special Provisions for Open Data Programs

With respect to all of its Open Data Programs, it is recommended that the Jurisdiction:7

  1. Make Data it collects discoverable and accessible to the public only through Data platforms that adhere to its adopted Data Governance principles and comply with its policies on Data quality and Data Integrity and its Data Security Policy.
  2. Assess the Datasets to publish as Open Data, in accordance with standards and procedures established from time-to-time by a Data Governance Oversight Committee of the type described in Section 5 of this Guide), to identify risks of harm to personal privacy or personal safety and take steps to mitigate such risks. 
  3. Document the process for reviewing new Open Data requests, including who approves or denies the request and the rationale for the decision, and make the request, decision, and rationale available to the public.  
  4. Perform an annual risk assessment of the Open Data Program and the content available to the public pursuant thereto and present such report to the Data Governance Oversight Committee for its review, comments, and recommendations as to efficacy and risk mitigation strategies.
  5. Provide a public process to allow individuals to review and contest Data that concerns their own individual personal information, whether or not such information is PII.
  6. Provide to the Data Governance Oversight Committee an annual “Open Data Program Plan” and annually report on the assessment of progress towards achievement of the goals described in the Open Data Program Plan for the previous year.
  7. Include in its Open Data portal and any similar Jurisdiction-maintained mechanism for publishing Open Data appropriate Limitation of Liability Provisions.8
  8. To the extent prudent the Jurisdiction should:
    • Publish high quality, public Data with documentation online.
    • Ensure publishable Data is in the public domain and can be easily retrieved.
    • Minimize limitations on disclosure of public information while safeguarding Sensitive Data.
    • Encourage innovative uses of publishable data by agencies, the public, and other partners.
1
For an example of a “Data Quality Self-Assessment Checklist,” see NYC Open Data – Data Quality Standards and Review Process (May 2022 Revision) at pages 5-6, available at https://docs.google.com/document/d/1hnmsJDkI4YmO8Pzk2yljFouwCFbdfbIfSn65Re074HU/edit.
2
See, e.g., Brookings report Algorithmic bias detection and mitigation: Best Practices and policies to reduce consumer harms at https://www.brookings.edu/research/algorithmic-bias-detection-and-mitigation-best-practices-and-policies-to-reduce-consumer-harms/ and Shea Brown, Ryan Carrier, Merve Hickok, and Adam Leon Smith, Bias Mitigation in Data Sets at https://osf.io/preprints/socarxiv/z8qrb/.
3
Cf. San Francisco City-wide IT focused –Disaster Preparedness, Response, Recovery, and Resilience Policy at https://sf.gov/resource/2021/disaster-preparedness-response-recovery-and-resiliency-policy-dpr3.
4
Cf. San Francisco’s DataSF Open Data Release Toolkit at https://datasf.org/resources/open-data-release-toolkit/.
5
From City of Seattle Web Presentation and Accessibility Standards Version 3.0, October 2, 2012.
6
See Michael Juergens, Social Media Risks Create an Expanded Role for Internal Audit, The Wall Street Journal, August 6, 2013 available at https://deloitte.wsj.com/articles/social-media-risks-create-an-expanded-role-for-internal-audit-1377532961 for discussion of this and other areas of precaution listed immediately above. A Jurisdiction may want to expressly adopt specific standards for these types of audits and cross-reference or attached them as appendices their Data Handling Policy. Several potentially relevant standards exist—for example see: Cybersecurity Framework published by the National Institute of Standards and Technology (NIST) at https://www.nist.gov/cyberframework; ISO 27001 at https://www.iso.org/standard/27001 (Information security management systems) and ISO 27002 at https://www.iso.org/standard/75652.html (Information security, cybersecurity, and privacy protection- Information security controls ); and the GDPR. See also NYC Guidelines for the Internet of things at https://iot.cityofnewyork.us/data-management/ and https://iot.cityofnewyork.us/security/; San Francisco Citywide Cybersecurity Policy at https://sfcoit.org/cybersecurity.
7
Some of the following recommendations in this Subsection 3.C are based on or inspired by D.C. Data Policy at https://opendata.dc.gov/pages/data-policy.
8
See, e.g., D.C. Data Policy at X and XI.; City of Charlotte “Terms of Use” at https://charlotte.maps.arcgis.com/home/item.html?id=7c88b8633b034ddcbbd6badb1b7076fe; and City of Chicago Privacy Policy at https://docs.google.com/document/d/1hnmsJDkI4YmO8Pzk2yljFouwCFbdfbIfSn65Re074HU/edit.