What about a data governance strategy?

After receiving a mandate to deliver open data it is important to develop a data governance strategy of the availability, usability, integrity and security of data. In the South African context data governance is a process that will have to comply with the Protection of Personal Information Act (POPI). All spheres of government and private sector companies in South Africa will be given 12 months to fully comply with the Protection of Personal Information Act (POPI) once it is made fully effective. This compliance grace period is likely to be sooner rather than later because the Information Regulator, Adv Pansy Tlakula was appointed from 1st December 2016 under Section 39 of POPI. It is likely that POPI will be enforced once the Office of the Information Regulator is fully established, which will trigger the compliance grace period. It is recommended that when getting started with open data that local governments use the following strategy which would be aligned with the POPI Principles.

While not all open data in South Africa for solving service delivery problems at the local government level will contain personal data, It is recommended that a data governance strategy is followed that incorporates the relevant 8 POPI principles. This section is based on an article written by Gary Allman in which he points out that a data governance strategy should include the following 4 aspects:

  • Goals and Data Alignment

  • Process Management

  • Roles and Responsibilities

  • Data Management

This diagram shows the linkages between the aspects of data governance strategy and the related POPI principles.

Goals and Data Alignment

In this first stage of the strategy local governments would identify the data aligned to their developmental focus. The identification of the data would be noted in a catalogue including specification of the purpose of the data, the format of the data, frequency of data collection, any limits to processing the data and the security of the data. The related POPI principles in compliance management are: Purpose Specification, Processing Limitation, and Security Safeguards.

Process Management

Process management involves the assessment of the operational, process and reporting structures related to relevant data. This process management is to ensure that data is inline with the developmental agenda, is stored securely and effectively, is accurate and is not duplicated. The related POPI principles in process management are: Information Quality, Openness and Security Safeguards.

Roles and Responsibilities

Roles and responsibilities requires the assignment of responsibility and roles for storing, securing and managing data, all of which increases accountability. The definition of responsibilities should include identification of relevant data, de-identification of personal data, data quality, frequency and methods of collection, what the purpose of the data is, and how the data is secured and stored. The related POPI principles are: Accountability, Processing Limitation, Purpose Specification, Information Quality, Openness and Security Safeguards.

Data Management

Data management should ensure that compliance, process, and roles and responsibilities are an effective process to ensure that relevant data is securely stored, quality assured, up to date and accessible for achieving developmental goals and for problem solving at local government level. The related POPI principles are: Accountability, Information Quality, Openness and Data Subject Participation.

Often one of the first steps cities take within implementing open data (as in the case of Cape Town or Ekurhuleni) is to set up an open data catalogue, which is simpler than a portal and lists datasets that exists and provides a link to where a user can find them. In setting up an open data catalogue, the city can assess its state of readiness across the spectrum with regard to data, and map processes to achieve openness. Almost always different datasets, departments and functions will be at different stages of readiness, it is not expected that this will result in uniform treatment across the municipality.

Once the catalogue has been completed and there is awareness around what data exists and what will be required to open it, the city can then develop a change management process for opening data, set up pilot projects, and even create an initial catalogue of data that is in the right state to be opened, to kickstart the process.