West Bengal State Public Transactional Data Sharing Guidelines, 2020
Information Technology and Electronics, Data Sharing
GOVERNMENT OF WEST BENGAL
DEPARTMENT OF INFORMATION TECHNOLOGY AND ELECTRONICS
MONIBHANDAR (5th & 6th FLOOR), WEBEL COMPLEX, BLOCK- EP & GP
SECTOR- V, SALT LAKE, KOLKATA- 700091
Phone: 2357-2533, Fax: 2357-2534, E-mail: firstname.lastname@example.org
No. 587-Estt/ITE-20012/2/2020 Date: 28/12/2020
Subject: West Bengal State Public Transactional Data Sharing Guidelines, 2020
Ref: This Office Notification vide No 584-Estt/lTE-20012/2/2020 dated 28.12.2020.
The State Government in the Department of Information Technology & Electronics has issued Notification under reference to formulate ‘West Bengal State Broadband Policy 2020’ wherein the instant ORDER features as Annexure C.
The Governor is pleased hereby to make the following guidelines in order to bring clarity, simplification and standardization in the process of public transactional data sharing system. West Bengal is poised to increase data transparency, accountability, citizen engagement, collaboration, better governance, decision making & innovation. The data repository will facilitate distribution of the anonymised data set to the interested community majorly state start-ups, MSMEs, App developers, Data Journalists and others interested parties. The Government of West Bengal (GoWB) would be able to ensure that Government departments, agencies and private organization abide by the data sharing rules and respect the importance of anonymize data sharing and develop a robust and consistent data repository which can be used for state’s economic benefits and empower the sectoral community players to get first-hand data input in form of anonymised transactional data strictly for development and testing purpose.
1. Short title, extent and commencement
a) These guidelines may be called the “Public Transactional Data Sharing Guidelines, 2020”
b) It shall extend to the whole of the State of West Bengal
c) It shall come into force with effect from the date of issue.
Data sharing is a multi-disciplinary process which involves not only enabling technology, but also business and legal considerations. Concerns over trust and security hinder the mass sharing of anonymized data, despite the benefits that can be gained from leveraging large volumes and variety of data for analytics, including machine learning artificial intelligence. The objective is to maximise the release of government data of value to support transparency, accountability, citizen engagement, and socio-economic benefits. This initiative will be ongoing and evolving. The data sharing ecosystem is still in a nascent stage and guidance is highly required to help interested community majorly state start-ups, MSMEs, App developers, Data Journalists and other interested parties. This will be achieved by providing an easy access, reliable services, adaptive, flexible, responsive, better user experience to the users and by extending a deployable on cloud- as SaaS, open source driven service that supports publication of data alongside facility for easy search against multiple datasets. It is envisaged that Departments would release anonymized datasets on proactive/auto consumption basis through Application Programming Interfaces (APIs)/ Web Services. There will be a strict mandate, by way of due government notification to share the data results consumed via this system in form of any products, services etc. with the state government for better future consumption and utilization. This will help the state in developing a robust and consistent data repository which can be used for state’s economic benefits. This trend is motivated by the state governments commitment to become more data-driven and to take advantage of technological trends such as big data and artificial intelligence (AI). The globalization of communications driven by advances in computer processing power, improved internet connectivity and speed, and the almost ubiquitous presence of mobile communications devices are largely responsible for this step change. Huge quantities of diverse forms of information can now be processed and shared at previously unimaginable speeds.
3. Goals & Objectives
Primary objectives of the State Transactional Data Sharing Guidelines are enumerated below-
- Provisioning an enabling electronic System to provide conditional and supervised access to the transactional data generated by various departments/ organizations of the West Bengal State Government in a complete anonymised form whereby there will be no chance of retraction and profiling of the data principals i.e. the creators of the data, who created while receiving public service.
- Increase Transparency, Accountability, Citizen Engagement, Collaboration, Better Governance, Decision making & Innovation.
- To improve participative governance – Direct Delivery of Services to Citizen, Setting up a System for Collaboration. Innovation in delivery of Services to Citizen.
This social model is a community component which will facilitate and empower the sectoral community players to get first-hand data input in the form of anonymised transactional data to be strictly used for development and testing purpose i.e. facilitate the sector specific players and attain maturity while developing an application or system.
4. Applicability of the guidelines
These guidelines are applicable for wilful Government Departments, Government Agencies and interested legal entity from the State of West Bengal viz. Start-ups, MSMEs, App developers. Data Journalists among others subject to approval as to be notified.
All employees working in the above-mentioned organizations, will directly fall under the ambit of these guidelines and hence shall abide by these guidelines.
All records that are created, handled, stored, processed by such organizations electronically (soft copy) or in paper (hard copy) form for business and operations by was of using data received from this System shall come under the ambit of this Public Transactional Data Sharing System Guidelines and shall mandatorily remain anonymous and Personally Identifiable Information (PII) free.
5. Implementation framework
As per extant provisions of statues in vogue, the State Government formulates appropriate policies and guidelines for promoting as well as safe keeping the digital economy, including measures for its growth, security, integrity, prevention of misuse of Personally Identifiable Information (PII). Now the State Government encourages proactive sharing of anonymised and non-PII transactional data (including metadata)by various Departments, Governmental and Private authorities including statutory as well as self-governed organisations by way of uploading the said anonymised data into this system for better policy framing and decision making. The implementation of the anonymous data sharing framework is designed to provide an overview of the key areas in data sharing focussed on anonymity; highlight key considerations in each area and facilitate data sharing conversations with data sharing partners and help users think through the entire process to structure their data sharing arrangements.
Embedded throughout the framework is the concept of trust. As data sharing often involves the movement of data assets, it is important to establish that all associated stakeholders would be able to handle and manage the data asset responsibly. The implementation framework is based on trust principles listed below:
- Data Integrity
The state government may direct data fiduciaries to share any: (i) non-personal transactional data and (ii) personal data, only in anonymised form where data principal remains unidentified and unprofiled; for creation and delivery of improved citizen-centric services. Such processing will be subject to certain purpose, collection and storage limitations. For instance, personal data can be processed only for specific, clear and lawful purpose. Additionally, all data fiduciaries must undertake pertain transparency and accountability measures such as: (i) implementing security safeguards (such as data encryption and preventing misuse of data), and (ii) instituting grievance redressal mechanisms to address complaints of individuals.
According to the impact assessment in terms of gaining benefits on the public transactional data sharing system, the listed areas need to be improved upon:
- Public sectoral data holders may enter into arrangements with the private sector to derive appropriate value from their data, which creates the risk of lock-in of public-sector data. Example: For Healthcare sector, in case public and private hospitals collaborate to provide data to budding healthcare start-ups and/ or MSMEs for refinement of the ongoing solution or service; that will be a win-win situation for both parties in terms of consumption of the healthcare service or product and improving public healthcare sector at large.
- Limiting the data uses and reuse charge: A mandate to provide a free transactional data usage for the state Start-ups and relevant MSMEs needs to be promoted and encouraged toward improvement of the health condition in the state and in the country. The final product or service consumption needs to be first consumed by the government for better public service delivery. For Example: In case of e-Prescription, hospitals will greatly benefit along with the healthcare industry at large, in identifying the trends of the pre-existing disease and its prescribed medication.
- Increase business opportunities by encouraging the dissemination of dynamic data via APIs.
- Minimise the risk of excessive first-mover advantage, opportunity for all; which benefits large companies and thereby limits the number of potential re-users of the data in question, by requiring a more transparent process for the establishment of public-private anonymised data arrangements.
- Reduce market entry barriers, in particular for state start-ups, small and medium-sized enterprises (SMEs), by providing an opportunity to get the first-hand data for their research and development purpose.
It is envisaged that Departments/ Organisations would release anonymized datasets after taking prior approval from the appropriate authority on proactive/auto consumption basis through Application Programming Interfaces (APIs)/ Web Services unto this electronic system. This would motivate the users to utilize the data sharing system and meet business needs such as the creation of new services, lowering business costs, detection of fraud, regulatory compliance, etc. The business motivations will, in turn, help state start-ups, MSMEs, App developers, Data Journalists and others interested parties to agree on the intended outcomes of the anonymized data. Once the Public Transactional Data Sharing System is established, organizations may consider using the framework to kick-start the anonymized data sharing journeys. Following is the high-level strategy these guidelines will employ to achieve as the end goals and objectives:
A. Data Sharing Strategy: Data fiduciaries will understand what anonymized data will be useful to be shared, how this anonymized data can be valued, and the various arrangements or models that can be used for the sharing of the anonymized data.
During the process of stock-taking, it is important to categories the anonymized data. When it comes to categorizing data types, there is no ‘one size-fits-all’ solution. Depending on the industry/ sector and context, data fiduciaries will have to define their own data taxonomy. While this is generally a lengthy and challenging exercise, fiduciaries could set up their own unique taxonomy to share the data internally across business units and externally. The data fiduciaries will have to proactively assess potential for data sharing by identifying potential use cases that could leverage data from other stakeholders or identifying potential uses and users for their own data.
Further, the departments may consider using common data valuation methodologies as yardsticks to establish an agreed value for the anonymized data assets when negotiating with data sharing partners.
Additionally, data fiduciaries will have to first consider if using anonymized data can meet the data sharing objectives. For data to be considered anonymized, data fiduciaries will have to ensure that there is no serious possibility that an individual can be re-identified. They must consider if the data sharing purpose is different from the original purpose for which consent had been obtained, and consider the need to seek fresh consent, rely on or seek exemptions.
B. Legal and Regulatory Considerations: Data fiduciaries as well as interested communities will understand the compliance requirements for anonymized data sharing, and how to adhere to the legal standards to enable trusted data sharing. The stakeholders need to consider a range of different rules and restrictions that may impact their data sharing activities. The rules and restrictions that apply will depend on the type of anonymized data being shared, how the data is being used and the parties involved.
Further, data protection policies and practices are intended as per data protection and data use standards. Data protection policies and practices will also help to demonstrate transparency relating to the use of data.
C. Technical and Organization Considerations: Data fiduciaries will understand the technical considerations and mechanisms for moving data to other organizations and interested communities in an electronic manner through this electronic system.
D. Operationalizing Data Sharing: The associated stakeholders will understand the additional considerations after data sharing has taken place. Organizations should seek to be transparent on how the shared data would be used. For example, both Data Principal i.e. the Creator/ Owner and Data Consumer including Processor/ Sub-processor/ End-user should have access to how’ data was processed and/or manipulated to meet the agreed objectives.
E. Identification of Potential Risks: Organizations will be aware of the potential risks associated with data sharing. Such as,
- Lack of control over the use of data
- Lack of control over exchange or system modifications
- Insolvency and reputational risks
Critical to risk management is the categorization of data based on type, value, sensitivity and criticality to the organization – this categorization will determine the level of associated risk and therefore appropriate security measures. Different data types will attract different legal, regulatory, contractual and jurisdictional requirements, which must be reviewed, managed and checked.
Organizations should retain or dispose of the data received according to the policies and procedures as agreed with the data sharing partners and/or Data Service Providers/ Fiduciaries. If these were not set out in the Data Sharing Agreement, organizations should follow policies and procedures based on the applicable laws and/or internal data management policies based on classification of the received anonymized data.
This public transactional data sharing framework will encourage and empower data controller and data fiduciary to upload the anonymized data on this system to facilitate the use of data analytics and data for evidence-based solutions and improvements to public services delivery. This will improve access to services through a single identifier and helps in mapping new data back to existing data sources by collaborating with the data consumers. Example: One of the initiatives started by Department of Statistics to develop and integrate the Geospatial data (geo-data) provide information about West Bengal geographic locations. They are typically used for geographic information systems. The most prominent example are digital maps, but geo-data may also include data on addresses, administrative units, geology, and agriculture and Water bodies, to name just a few. Transportation data can also be considered geo-data, to the extent that geolocation information is covered by the data. This is the case with data on traffic flows and data on public transportation schedules. The benefits for maximizing access and sharing of the public transactional data are listed below:
- Increased data availability to create opportunity for evidence involved policy making
- The proposed system should pop up “open by default” notification disclaimer on administrative or government and private authorities’ transactional systems to share the anonymize data structure for public benefits
- Responsible disclosure of public transactional data use for innovation and accountability
- Data use results in improved decision making supports the case of investment in data
- Data quality improves through proper support from sectoral stakeholders, effective feedback and by establishing a transparent process
- Over the time institutional capacity grows leads to improved data repository and participative governance
- Improved participative governance and greater understanding results in data sharing opportunities
6. Implementation Procedure
The Department of Information Technology & Electronics shall function as the Nodal Department in the State of West Bengal and they shall develop the aforementioned electronic system West Bengal Public Transactional Data Sharing Guidelines (WB-PTDSP). The brief procedure to be followed while uploading of public transactional data by any data fiduciary i.e. government organisation is enumerated underneath.
I. The data fiduciary shall identify data to be shared i.e. anonymised personal including metadata and transactional data;
II. Thereafter the data fiduciary shall ensure that the data to be uploaded in the WB-PTDSP is fully anonymised by using the ‘anonymisation tool’ provided in the system;
III. Then the data fiduciary shall procure a certificate of anonymisation from the empanelled ‘third party auditor’ already on boarded into the said WB-PTDSP;
IV. Lastly, the data fiduciary shall submit the said anonymised data unto the WB-PTDSP and download receipt of submission.
The Department of Information Technology & Electronics (IT&E) shall duly notify Society for Natural Language Technology Research (SNLTR), a Society under the Dept of IT&E as the State Implementation Agency (SIA) to develop the said system by using their internal technical resources of or by allowing them to call for an RFP following dye process for development facilitation. Funds for development of the said system and maintenance shall be borne out of budgetary provisions of the Dept of IT&E. There shall be regular review of the performance and security of the system by the Dept of IT&E and may decide on its technical upgrade.
The Department of IT&E shall by way of notification lay down the entire methodology of encryption and anonymisation of data and process of selection of consumer of such anonymised transactional public data before final submission unto the system and ensure that the said submission unto the system as a repository and sharing of the same with the intending consumer i.e. Startups, MSMEs, Govt organisations et al conforms to acceptable industrial standards and statutes in vogue.
By order of the Governor,
Principal Secretary to the
Government of West Bengal
No. 587-ITE dated 28.12.2020, Source