AISP Toolkit Feb25 2025 - Flipbook - Page 44
Positive and Problematic Practices: Data Access
POSITIVE PRACTICE
PROBLEMATIC PRACTICE
CENTERING RACIAL EQUITY THROUGHOUT THE DATA LIFE CYCLE
Privacy & Security for All Data Types
Having a comprehensive privacy strategy as the
foundation for decisions, policies, training, and
procurement processes.
Approaching privacy in an ad hoc fashion.
Balancing data access and data privacy by
adhering to best practices for managing and
protecting sensitive data (e.g., “Five Safes”
framework).
Assuming that best practices for data
management and security are being followed
without explicit protocols, oversight, and training
in place.
Carefully discerning how de-identi昀椀cation and
anonymization of data will take place prior to
release.
Releasing data that can be re-identi昀椀ed by
individuals (e.g., publishing small geographies
or cell sizes) or by more advanced data mining
techniques.
Evaluating privacy, security, data quality, and
other risks relative to the bene昀椀t of providing data
access, and engaging community members in the
data governance process.
Releasing data without proper consultation with
data owners (e.g., Tribal Consultation is required
whenever data that could identify a Tribe or Tribal
members are disclosed).
Open Data
Deciding which data to make publicly available
based on value and bene昀椀t to community partners
and those represented within the data.
Releasing open data based on indices, algorithms,
or other sources with a history of discriminatory
impact on communities (e.g., “teacher
effectiveness scores” and “school report cards”).
Disseminating information that enables
community members to effectively use open
data (e.g., contextual information, data release
schedules, how to access data, process for
requesting new open datasets and how requests
are evaluated).
Assuming that the data presents a full picture of
reality and not publishing contextual metadata
(e.g., source; why, how, and when it was collected;
its relationship to structural factors; data quality
considerations; whom to contact for questions
and clari昀椀cation).
Protected Data
Outlining clear data request policies and
procedures for all requesters, both internal and
external.
40
Failing to re昀椀ne data request processes based on
user experience and solicited feedback.