Balancing Open Government and Privacy Protection

President Obama has stated his commitment and his administration’s commitment to creating an unprecedented level of openness in government to ensure the public trust and to establish a system of transparency, public participation, and collaboration. These three principles of transparency, participation, and collaboration form the cornerstone of an open government. Transparency promotes accountability by providing the public with information about what the Government is doing. Participation allows members of the public to contribute ideas and expertise so that their government can make policies with the benefit of information that is widely dispersed in society. Collaboration improves the effectiveness of Government by encouraging partnerships and cooperation within the Federal Government, across levels of government, and between the Government and private institutions.

One of the primary mechanisms for creating an open Government is publishing information online in an open format that can be retrieved, downloaded, indexed, and searched by commonly used web search applications. Although there is a great desire for openness, there are competing demands in health and safety surveillance and research for protection of information whose release would threaten national security, invade personal privacy, breach confidentiality, or damage other genuinely compelling interests. These competing needs present significant challenges when creating policies for planning, developing, and deploying public use datasets based on health and safety research, surveillance, and field evaluations. Policies for releasing and sharing data from these activities must balance the study participants’ rights to privacy and requirements to protect confidential business information against public health benefits and the need for timely and transparent development of science-based policies.

Disclosure occurs not only when identifying information about an individual or establishment is revealed; it can also occur through release of information that has a high probability of identifying an individual, an establishment, or a small group of individuals or establishments. Researchers have shown that when de-identified datasets are combined with publicly available data, identities can sometimes be determined. To protect individuals and establishments, datasets need to be assessed through a disclosure risk analysis, a process to test whether identities can be determined from a dataset. Disclosure prevention takes into account a broad spectrum of data users, including the knowledgeable user who may be aware that an individual or establishment is within a specific dataset or may have special knowledge or access to other data that, through matching, may identify an individual or establishment.

Disclosure is a greater risk in the work environment because employers often have substantially more information, much of it electronic, about their employees than is generally available in the public domain. The ability to identify individual workers leads to the possibility for companies to identify employees with medical conditions and discriminate against them or attempt to avoid paying for medical care, treatment, or disability. The National Institute for Occupational Safety and Health is interested in learning about the experiences of others who have expertise in this area or are currently dealing with similar issues of balancing openness and privacy.

Dr. Middendorf is a Senior Advisor in the NIOSH Office of the Director.