4: Unreleasible Data
Document if data cannot be released Other Information:
Purpose The Open Data Policy requires agencies to strengthen and develop policies and processes to ensure that only the appropriate
data are made available publicly. Agencies should work with their Senior Agency Official for Privacy and other relevant officials
to ensure a complete analysis of issues that could preclude public disclosure of information collected or created. If the
agency determines the data should not be made publicly available because of law, regulation, or policy or because the data
are subject to privacy, confidentiality, security, trade secret, contractual, or other valid restrictions to release, agencies
must document the determination in consultation with their Office of General Counsel or equivalent. The agency should designate
one of three "access levels" for each data asset listed in the inventory: public, restricted public, and non-public. The descriptions
of these categories can be found below and on Project Open Data. The objectives of this activity are to: * Review information
for valid restrictions to public release in order to ensure proper safeguarding of privacy, security, and confidentiality
of government information * Document reasons why a data asset or certain components of a data asset should not be made public
at this time * Consult with agency's Senior Agency Official for Privacy and general counsel regarding the barriers identified
* Encourage dialogue regarding resources necessary to make more data assets public As part of an agency's analysis to assign
a general access level to each data asset [^19], agencies should consult section ##III.4 of the OMB Memorandum M-13-13, and
Executive Order 13556. Specifically, agencies are required to incorporate the National Institute of Standards and Technology
(NIST) Federal Information Processing Standard (FIPS) Publication 199 "Standards for Security Categorization of Federal Information
and Information Systems," which includes guidance and definitions for confidentiality, integrity, and availability. Agencies
should also consult with the Controlled Unclassified Information (CUI) program to ensure compliance with CUI requirements,
the National Strategy for Information Sharing and Safeguarding and the best practices found in Project Open Data. In addition
to complying with the Privacy Act of 1974, the Paperwork Reduction Act, the E-Government Act of 2002, the Federal Information
Security Management Act (FISMA), and the Confidential Information Protection and Statistical Efficiency Act (CIPSEA), and
other applicable laws, agencies should implement information policies based upon Fair Information Practice Principles, OMB
guidance, and NIST guidance on Security and Privacy Controls for Federal Information Systems and Organizations.
Objective(s):
|
