OpenSpending community member identifies unredacted private transactions in UK local public spending dataOutdated Content Warning: This content refers to an older version of OpenSpending. See here for information about the next version of OpenSpending and ways to contribute.
A freelance data specialist from our community recently got in touch to let us know that he had used OpenSpending to identify a number of privacy breaches in an individual dataset presented in OpenSpending.
This was due to inconsistent redaction of sensitive data by the local authority. Whilst the majority of these payments were to organisations (hence probably not highly sensitive), there were also a few unredacted payments to individuals. The person who uploaded the data immediately notified their local council, who in turn referred this to their audit committee.
As we take privacy very seriously, as a precaution we have temporarily taken down the UK Local Council £500 spending data, which also featured data from the council in question.
This incident highlights the importance of proper procedures to ensure that data from public sector bodies is properly redacted before being published. The UK government produces a guideline document for data publishers, which ensures that issues like this are prevented and hence very rare.
Every day people from around the world make use of the database of more than 13 million transactions provided by OpenSpending. The information promotes transparency and helps citizens to hold governments accountable. UK open spending data is some of the best in the world and has already allowed people to get understanding and insight into government spending at a level never before possible.
In this case we’re glad that a member of our community was able to flag up private transactions that should not have been published - leading to these swiftly being taken down. We hope this serves as a reminder for public bodies to thoroughly scrutinise transactional data before it is published.
*The OpenSpending team can be contacted on firstname.lastname@example.org for any further questions on this matter.