Skip to content

Help us improve this website by doing a short survey.

Privacy for open data

It is important that you always consider the impacts of publishing your data upon privacy. On this page, we discuss the nature of risk and the options you have to address it. 

Open data and privacy

As an organisation, you publish open data for many reasons. Open data helps you create public value, improve public trust and confidence, and maintain accountability. As the data you collect and use increases, it is important that you continue to provide this value.

The benefits and value of open data – data.europa.eu

However, we acknowledge that, in the current age, opening data may also pose risks to individual privacy that could damage an individual’s wellbeing, society, or your organisation’s reputation. So, it is important that you always consider all possible impacts of publishing your data.

What is data privacy?

Can you avoid all risk?

In the face of this risk to privacy, you might decide not to publish open data at all. However, privacy is only one of the risks that you need to consider. By choosing to not publish, you may eliminate the privacy risk, but you also eliminate any value that the open data might have created, and you still face other possible risks.

For instance, there are situations in which not publishing data results in a risk to public safety or well-being. Also, if the data isn’t released in some form, other organisations may decide to collect it again, putting organisations at risk of wasting time, money, and the goodwill of the public.

Finally, when open data isn’t released, there is a risk of opportunity loss – by not releasing the data, you might prevent someone from solving a fundamental issue in society and improving lives.

How to navigate these tradeoffs

There are tools and options that can help you balance the value of open data, the data privacy risks of publishing open data, and the risks of not publishing open data.

Purpose assessment – what are you trying to achieve?

A purpose assessment helps you describe what you are trying to achieve. Are you trying to provide access to a certain dataset so that others can reuse the data? Are you trying to prevent others from collecting the same data? Are you trying to increase the transparency of the data that your organisation collects and uses?

Collecting this information is useful when trying to determine the value of publishing open data. It also helps you decide which format, level of detail, or mitigation technique will achieve your goal, while reducing the risks you might discover.

Privacy impact assessment

A privacy impact assessment (PIA) helps you identify and assess the privacy risks related to the collection, use, or publication of personal information within open data. A PIA also proposes ways to deal with these risks.

How to do a privacy impact assessment

Other risks

A general risk assessment helps you identify risks that aren’t related to privacy. For instance, you should be able to identify any political risks, opportunity loss, commercial risks, or accountability and transparency risks associated with both publishing and not publishing your open data.

What options do you have?

After completing the assessments, you have identified several risks but have decided to publish because the potential value is great. In that case, what options do you have to release the data but manage the risk?

The PIA and the privacy commissioner describes several of your options. 

  • technical controls – such as access control mechanisms, encryption, and design changes
  • operational controls – such as organisational policies or procedures, staff training, and oversight and accountability measures
  • communication strategies – such as privacy notices, and consent-based collection processes.

You might also decide to remove personally identifiable information by confidentialising the data before you publish it. In that case, you could explore the guidance published by Stats NZ.

Data confidentiality

Finally, when publishing the data itself poses too much of a risk, you might decide to publish the data’s metadata as open data. This might help you achieve some of your goals, such as transparency and duplication, without exposing yourself to the privacy risks.

Also, if people access the metadata and decide that the open data would create undeniable value for Aotearoa, they can contact you and talk about the opportunities.

Contact us

If you’d like more information, have a question, or want to provide feedback, email datalead@stats.govt.nz.

Content last reviewed 30 September 2021.

Top