Play 05 - Establish clear roles, permissions, and moderators

##risk #rolesandpermissions #dataproducts #collaboration #documentation #Misuse

Relational play for data stewards: Establish clear roles and permissions for each kind of data user.

Different kinds of users interact with the data within any given organization in ways that may be implicit. For example, users from the general public may view a map of data inputs but not the raw CSV files, while a project manager makes decisions on what licenses apply to certain datasets. Formalizing these roles and permissions, and creating #documentation that captures this information, is a way to delineate who is responsible for what and to minimize #risk. For example, an organization may be more willing to share data with another organization that has a well-defined and transparent methodology of who can access their data at any given time in the data’s lifecycle, and lists specific people who can be contacted if issues arise.

Roles will vary based on the governance framework and organization, but potential roles may include: data project manager, advisory councils or boards, individual data owners, technical implementers, contractors, programmatic staff, or the general public. Permissions will also vary based on the individual data project, but potential permissions include: perform analyses using raw data, manage data licenses, share #dataproducts, verify data from new sources, etc.

The list of permissions can also include what specific roles are not allowed to do, or if they need extra permission from another role to do. For example, a data project manager may not be able to share a specific dataset unless they receive permission from that individual dataset’s owner. Establishing these roles and permissions should be done in a collaborative setting with each role represented. Creating a timeline for future review and revision can also be helpful.

🌱 Each play stems from a takeaway from an case study, workshop, or other learning source.

Takeaway: Risk emerges in different ways when data sharing.
Data #misuse runs the gamut from truly harmful—misaligned actors can selectively choose data points to communicate harmful or untrue narratives—to merely inconsiderate—people could use data without acknowledging the original source. The risks of sharing data can rarely be fully eliminated, but there are practices and tools that can mitigate against potential threat.

Source: Community Data Playbook (Full report)