As more and more organisations realise the need for an open data policy, ODI Associate Leigh Dodds puts together a check-list to make sure yours is clear, useful and has the best impact

A well-written open data policy will clearly define the commitment of the organisation to publishing, sharing and consuming data. Photo: Bruce Guenter

Data exists on a spectrum: it can be closed, shared, or open. Open data is data that anyone can access, use and share. A growing number of public and private sector organisations are drafting open data policies that outline how they intend to openly publish data. Increasingly many organisations are also relying on open data published by governments and by other organisations in their sector. An open data policy can also help encourage informed reuse of third-party data.

A well-written open data policy will clearly define the commitment of the organisation to publishing, sharing and consuming data. It will be used by internal stakeholders to help identify and prioritise releases, and by external stakeholders to understand how an organisation will be releasing its data and ways in which they can be involved.

The ODI believes that creation of an open data policy is an important element of developing a strong open data practice.

This guidance is intended to support the drafting of both new and revised policies, and review and feedback on the content of existing policies. The guidance draws on an informal review of both publicly shared policy documents, as well as those shared with the ODI for feedback.

What makes a good open data policy: key elements

An open data policy will include some general context that helps to define its scope.

For example:

  • a definition of open data – why it is important to the organisation and the reasons for defining a policy
  • a general declaration of principles that should guide the release and reuse of open data
  • an outline of the types of data collected by the organisation and whether they are covered by the policy
  • references to any relevant legislation, policies or other guidance which also apply to the management and sharing of information with third-parties

Clearly stating the scope of a policy will help all stakeholders to reach a common understanding of how, when and where it should be applied.

A good policy will also consider the following elements:

  • approach to identifying and prioritising data for release – how will data be inventoried, reviewed and then released?
  • privacy considerations – ensuring that personal information is not released by mistake and recommending steps to mitigate, e.g. by undertaking privacy impact assessments or approaches to anonymisation
  • data licensing and reuse rights – this will include not only the licence under which data will be released, but also the importance of clearing rights during data collection
  • data publishing standards – ensuring that data is shared in well-structured, machine-readable formats, with clear metadata and documentation
  • engaging with reusers – how the organisation will work with external stakeholders to help guide release of data and ensure it can be easily used,
  • measuring success – what metrics the organisation will use to measure whether the policy is successful and how these measures will be shared
  • approach to consuming open data – for organisations that are reusing open data, guidance on how to identify high quality datasets and ensure reuse rights are clear
  • concrete commitments – what the organisation is committing to do, in concrete terms, over the timespan of the policy
  • policy transparency – how the policy and the processes it describes will be reviewed based on feedback from stakeholders and lessons learned

A policy document won't necessarily include detailed information on each of these areas, e.g. specific standards or release processes. It will instead focus on general principles that should be followed and which may inform the drafting of more detailed guidance for practitioners.

The following sections provide checklists of policy elements that can inform the drafting and review of open data policies. The open data maturity model also includes relevant guidance that highlights how an mature organisation will implement a number of the more detailed processes and policies.

Policy context

  • Is there a clear definition of closed, shared and open data?
  • Does the policy outline why publishing and consuming open data is of benefit to the organisation?
  • Does the policy describe the types of data that the organisations collects and stores, with an indication of which types of dataset might be suitable for release?
  • Does the policy reference relevant legislation or other organisational policies and best practices that are relevant to the application of the policy?
  • Is there a clear declaration of the principles that underpin the policy? For example, whether the organisation is adopting the open data charter.

Data licensing and reuse rights

  • Does the policy have a clear recommendation of the default open licence under which data is to be released?
  • Is there reference to the need to ensure that the rights to publish are properly cleared and understood, starting from when data is collected through to its publication?
  • Does the policy refer to where open data might be embedded in procurement processes?

Identifying and prioritising data for release

  • Does the policy highlight if and how data might be prioritised for release? E.g. based on user feedback, FOI requests, etc
  • Does the policy note the importance an inventory of internal data assets to help drive the data release process?
  • Does the policy outline the process by which data will be released, especially highlighting any decision points, risk assessments, etc?

Privacy considerations

  • Does the policy clearly indicate that personal data should not and will not be released as open data, unless there is either consent from affected parties or other legitimate basis for its release?
  • Does the policy indicate the need to anonymise or aggregate data prior to its release?
  • Does the policy reference relevant data protection laws and standards that relate to the collection and subsequent sharing of data?

Data publishing standards

  • Does the policy state that data will be published in both human and machine-readable formats, with a preference for open standards to encourage wide reuse?
  • Is the creation of good quality metadata and supporting documentation highlighted as an important aspect of publishing high-quality data?
  • Does the policy suggest measuring quality of publication against industry best practices, e.g. using open data certificates?

Engaging with reusers

  • Does the policy set out how users can engage with the publisher to request and help prioritise data for release?
  • Are there channels for users to provide feedback, e.g. on quality issues or to ask for clarifications
  • Does the policy outline a wider strategy for engaging with reusers, e.g. through workshops, industry events, etc?

Approach to consuming data

  • Is there clear guidance on how to identify whether third-party open data is appropriately licensed for reuse?
  • Are there suggestions for how to find and source reliable, high-quality data, e.g. by reference to government or industry portals, or services like open data certificates?

Concrete commitments

  • Does the policy state what the organisation will do in terms of improving its own capability, including development of further guidance and training for its staff?
  • Does the policy make concrete commitments to the publication of particular open data within the timeframe of the policy (eg a number of datasets within 1 year)?
  • Does the policy make commitments about the quality of publication of open datasets (e.g. that a certain percentage will have achieved a specific rating of open data certificate)?
  • Does the policy commit to datasets that are released being maintained over time, and for how long?

Policy transparency

  • Does the policy indicate the timespan that the policy covers?
  • Is it clear how the open data policy will be revised and how feedback can be provided?
  • Is the responsible party for the policy identified?

Leigh Dodds is an ODI Associate. Follow @ldodds on Twitter.

If you have ideas or experience in open data that you’d like to share, pitch us a blog or tweet us at @ODIHQ.