BEST PRACTICES
FOR SHARING
SENSITIVE ENVIRONMENTAL
GEOSPATIAL
Version 1.0
2010
Prepared for:
Natural
Resources
GeoConnections
Prepared by:
AMEC Earth & Environmental
a division of AMEC Americas Limited
BEST PRACTICES
FOR SHARING
SENSITIVE ENVIRONMENTAL
GEOSPATIAL
Version 1.0
2010
Prepared for:
Natural
Resources
GeoConnections
Prepared by:
AMEC Earth & Environmental
a division of AMEC Americas Limited
With the advances in geomatics technologies (i.e. applications, data
storage capacities and communication bandwidth), the extensive efforts expended
in collecting geospatial data (field
surveys, monitoring systems, imagery) and the pervasiveness of the Internet,
geomatics users expect easy access to an unprecedented variety of geospatial
datasets. This expectation is mirrored
in the basic principles of most government data management organizations which
encourage the sharing of data for the greater societal good.
However, while access to data is increasing, there
is also a growing recognition of the extent to which barriers exist in sharing
or accessing of sensitive geospatial data.
A 2006 Environics survey not only identified the barriers in sharing data
(privacy and confidentiality issues, licensing and ownership
issues, and liability issues and broader data sensitivities) but found that removing such barriers to sharing
data were felt to be the most important data issue to mitigate. In a 2006 workshop facilitated by
GeoConnections, communities engaged in land management, environmental impact
assessments and sustainable development (collectively referred
to as the Environmental and Sustainable Development (E&SD) communities) identified several data sharing issues including
the need to develop data-sharing agreements, facilitate open access, conduct
further investigations and provide guidance on how to share data of a sensitive
nature.
To respond to these needs, GeoConnections contracted AMEC Earth and
Environmental to conduct research and stakeholder consultation in supported of
the development these Best Practices.
The purpose of these Best Practices is to educate Data Contributors,
Owners, Custodians, Stewards and Consumers of the issues and concepts
associated with protecting, sharing and utilizing sensitive geospatial data,
with a focus on supporting programs, services, businesses and / or applications
related to the Environment and Sustainable Development (E&SD) community. The intention is to provide practical guidance to those
interested in developing their own sensitive environmental geospatial data
sharing policies and protocols.
In reviewing the literature, surveying
organizations and practitioners, and through consultation by workshops, it was
determined that perspectives range widely on what might be considered sensitive
environmental geospatial data. It was also found that there is no consistent
mechanism for assessing whether a dataset should be classified as sensitive or
not. What was revealed was that the
concept of sensitivity changes with context (time and recent events), an
organization’s regulatory environment (legislation, policy, competition, etc.),
jurisdictions and the personal views of Data Contributors/ Owners/Custodians
and in actuality, there is considerable intertwining of these elements. Anyone who is assessing a dataset to
determine whether it should be considered sensitive or not should be aware of
these elements and the potential impact on the credibility of their organization
if sensitive data is mistreated.
The first significant question to be answered is
“What is sensitive geospatial data?” and how is it determined to be sensitive
or not. What defines
data as sensitive is related to legislation, regulations and policies governing
an organization as well as standards adopted by the organization.
With the focus on the E&SD community, the emphasis is on sensitive
“environmental” geospatial data as a subcategory of sensitive geospatial
data. The Guidelines consider environmental
geospatial data to be thematic geospatial data that could be used for analysis
in areas such as environmental impact assessments, land use planning, land
management, sustainable development, resource management, airshed management,
etc.
Due to the diversity of what can make a dataset sensitive, these Guidelines
propose a categorization of sensitivity to assist an assessor (typically the
Data Custodian) in understanding which aspect of sensitivity may apply to the
dataset they are reviewing. In addition,
each organization has to establish and
publish its own criteria that allow the assessor to determine whether the
dataset being reviewed is sensitive and justify why or why not. These criteria have to be established on an
organization by organization basis due to the diversity of the data
organizations handle and the specifics of the regulatory environment under
which each operates.
It is prudent that each organization develops
these criteria independent of any specific dataset, establish them in advance
of any dataset assessment, document the criteria and have it vetted by an
authorized organizational representative (legal or policy). This step is critical in establishing not
only the process but provides a documented baseline for justifying the classifying
of a dataset as sensitive if challenged at a later date.
Understanding
these categories will also assist in defining the metrics for establishing what
is to be considered sensitive data. Data
can generally be categorized as sensitive geospatial data if it meets any of
the following criteria:
1. Legislation/Policies/Permits
– the data is identified by legislation as requiring
safeguarding. The most prominent
legislation in this regard is the federal
Privacy Act – safeguarding the data is required if an individual can be
identified, either directly by georeferenced information (such as the
geo-coordinates of an address) or indirectly through the amalgamation of
geospatial data and related attributes;
2. Confidentiality
– the data is considered confidential by an organization or
its use can be economically detrimental to a commercial interest;
3. Natural
Resource Protection – the use of the information can result in
the degradation of an environmentally significant site or resource;
4. Cultural
Protection – the use of the information can result in the degradation
of an culturally significant site or resource; or
5.
Safety and Security – the
information can be used to endanger public health and safety.
Numerous articles have identified the need for organizations
to establish frameworks for identifying and sharing sensitive data. This need is driven by:
·
The requirement to support
open government by making data readily accessible unless there is a legitimate
and documented reason not to;
·
Be consistent within an
organization and across jurisdictions so that the mechanisms required to share
the data are also applied consistently; and
·
Document criteria and
processes so that users can search out that the data exists, be made aware of
any decisions relating to the safeguarding of the data and know who to contact
to request access to safeguarded data.
The Best Practices identify basic principles that can be applied to assessing sensitive environmental
geospatial datasets in order to classify sensitivity consistently:
1. Unless the dataset is classified as sensitive it
can be provided free of restrictions;
2.
Information can not be
considered sensitive if it is readily available through other sources or if it
is not unique;
3.
The Data Custodian of
the information is the only agency that can determine whether an environmental
geospatial dataset is to be classified as sensitive;
4.
Data Consumers of
sensitive environmental geospatial datasets must honour the restrictions accompanying
the information in the form of an agreement, license and/or metadata; and
5.
Organizations should
document and openly publish their process, criteria and decisions.
These Best
Practices also present an example decision framework for assessing whether an
environmental geospatial dataset is to be classified as sensitive. This framework has been adapted from the US
Federal Geographic Data Committee (FGDC) document Guidelines for Providing
Appropriate Access to Geospatial Data in Response to Security Concerns. As the FGDC guidelines are primarily
concerned with Security and Public Safety, this framework has been modified to
accommodate sensitive environmental geospatial data.
Once a dataset is defined as sensitive and the organization’s
regulatory environment is understood then the appropriate mechanisms for
sharing become apparent. In most cases
instruments such as agreements or licenses are sufficient, in other cases the
sensitivity must be removed from the dataset before it is shared and in other cases approval
is given to a Data Consumer on a case by case basis. Regardless
of the mechanism put in place, it essentially comes down to the Data Custodian
trusting that the data will be adequately safeguarded by the Data Consumer and
the mechanisms they have in place sufficiently limit the risk of inappropriate
treatment of the data. Furthermore,
there are numerous examples of data collection programs where Data Contributors
contribute sensitive data content on a regular basis to the Data Custodian and
the Data Contributors trust that their contributions are adequately safeguarded
otherwise future contributions may be terminated.
At its core, the successful long term sharing of sensitive
environmental geospatial information is about trust, risk management, the
credibility of the participating organizations and their overriding desire to
disseminate information.
Successful sharing of sensitive geospatial information lies
within the mechanisms used to: present the underlying knowledge yet remove the
sensitivity; the instrument that defines the conditions of use and protection;
and, training of participants to ensure that they are cognizant of their roles
and responsibilities. Those sharing or
accessing geospatial data may use a combination of mechanisms to ensure data is
shared and used responsibly and that the credibility of the process is
maintained.
It is intended that these Best Practices provide the reader
with sufficient insight and links to resources in order to assist them in
implementing a consistent and documented approach to managing and sharing
sensitive environmental geospatial data within their organization. The document is intended as a living
document, and may be updated as related practices mature and the user-community
needs evolve.
Table of Contents
| Chapter | Title | Page |
|---|---|---|
| EXECUTIVE SUMMARY | i | |
| 1 | INTRODUCTION | 1 |
| 1.1 | Background to the Best Practices | 1 |
| 1.2 | Document Structure | 4 |
| 2 | Sensitive Environmental Geospatial Data | 6 |
| 2.1 | The Movement to Share Geospatial Data | 6 |
| 2.2 | Factors Influencing Sensitivity | 7 |
| 2.3 | Definition of Sensitive Environmental Geospatial Data | 15 |
| 2.3.1 | Categories of Sensitivity | 16 |
| 2.3.2 | Standardizing Approaches of Defining Sensitive Data | 16 |
| 2.4 | Potentially Sensitive Environmental Geospatial Data | 19 |
| 3 | Framework for Defining Sensitive Geospatial Data | 22 |
| 3.1 | Principles Related to Sensitivity Assessment | 22 |
| 3.2 | Assessing Sensitive Environmental Geospatial Data | 24 |
| 3.3 | Impact Assessment Outcome | 30 |
| 4 | Mechanisms for Sharing Sensitive Data | 32 |
| 4.1 | Overview of Instruments Types | 33 |
| 4.1.1 | Agreements | 33 |
| 4.1.2 | Licences | 34 |
| 4.1.3 | Data Access Requests | 36 |
| 4.2 | Methods of Removing the Sensitivity of the Data | 37 |
| 4.3 | Metadata | 39 |
| 4.4 | Training | 39 |
| 4.5 | Community of Practice and Networking | 40 |
| 5 | Conclusion | 41 |
| Appendix A - Terms & Acronyms | 42 | |
| Appendix B - Summary of Relevant Legislation, Regulations and Policies | 45 | |
| Appendix C - Annotated Bibliography and Relevant Links | 54 | |
| Appendix D - Project Contribution Acknowledgements | 60 | |
| Appendix E - Project Methodology and Survey Summary Results | 62 |