Privacy in an open-data world: Why government agencies need to be proactive

Thought leadership

Government agencies — from DC to Duluth, NYC to LA — are struggling. 

The ever-growing digitalization of our world has raised significant concerns about data privacy and security, particularly for agencies that manage and process sensitive and confidential information. And the pandemic only increased the cost and complexity of these challenges. 

There’s no going back. As more of our interactions and transactions occur online, the need for robust data protection measures becomes increasingly critical to safeguard personal data and maintain public trust in government institutions.

More data, more problems

Government agencies often hold vast amounts of personal and sensitive data on citizens, including financial records, healthcare information, and legal documents. 

On the flip side, data brokers pose a significant challenge in this landscape as well. These commercial companies collect, analyze, and sell personal information, often without the knowledge or consent of the individuals involved.


Focus: Regulatory frameworks

Within the United States there are a number of regulatory frameworks that address citizen privacy.  They are the California Consumer Privacy Act (CPRA/CPRA), the Health Insurance Portability and Accountability Act (HIPAA), the FBI’s Criminal Justice Information Services (or CJIS), and many more.  These frameworks narrowly focus within their domain, e.g. HIPAA focuses just on health data, CJIS focuses just on law enforcement data.  Overlaid upon each other create a mosaic of regulations, each of which if violated can cause serious harm to the subject and the unknowing violator.

Simultaneously, federal agencies are creating new applications that must conegate data sources to build richer citizen services.  How does a DevSecOps team thread the needle of privacy frameworks to deliver these services?   The fear of violating privacy rules is a real deterrent to building applications.  What is needed is a rosetta stone to help govern the privacy rules of data.

Collibra helps organizations adhere to and build a model that fits a relevant collection of  patchworks. One example is the Veterans Affairs (VA) department, which must protect data in accordance with HIPAA but if you are a veteran in California, the VA is not going to be accountable for compliance to CPRA.


Although data brokers claim to de-anonymize data before selling it, this process is not always foolproof. The truth is individuals can still be identified with just a few data points.

Both federal government agencies and regular citizens are affected by the sharing and selling of personal information by social media platforms, browsers, and other online services — and the consequences of data breaches can be severe, leading to identity theft, fraud, and even targeted cyberattacks.

Moreover, when data brokers expose citizen data, it makes it easier for attackers to use that data to get even more information from government agencies.

Given the sensitive nature of the information they handle, government agencies are particularly vulnerable — and this only underscores the importance of privacy for all and the need for proactive measures to protect personal information.

The urgent need to prioritize data privacy

Government agencies must not choose between privacy and security.  They must choose both. This involves implementing comprehensive data governance policies, incorporating advanced encryption and security technologies, and ensuring employees are well-trained in data protection best practices.

Moreover, government agencies need to be transparent about data handling practices, engaging in open dialogue with the public to build trust and demonstrate their commitment to privacy. This transparency should include clear communication about what data is collected, how it is used, and the steps taken to protect it from unauthorized access.

In addition to internal data governance measures, government institutions must also advocate for stronger privacy regulations and collaborate with other organizations to establish global data protection standards. This collaborative approach will ensure a consistent and unified response to the challenges posed by the digital age, fostering a more secure and privacy-centric online environment for all.

Collibra: Governance over your governance

Collibra addresses the challenges government agencies are facing by helping users track the flow of data and setting rules for data sharing and retention. Our privacy model is designed for both privacy professionals and legal teams, enabling both to have a better understanding of their data privacy obligations and take actionable steps to protect sensitive information.

With Collibra Data Privacy, government agencies can track the most important legislation related to data privacy, ensuring they are aware of any changes in privacy laws and taking appropriate measures to comply. This proactive approach to data governance helps agencies avoid the pitfalls of reactive data protection, which often only addresses privacy concerns after a breach has occurred.

A time for action on privacy

There is an urgent need for government agencies to proactively address data privacy concerns. And this includes being aware of changing privacy laws, adopting privacy-first policies, and implementing measures like remediation plans and safeguards to protect sensitive information. 

Agencies can prevent data breaches, protect citizens’ privacy, and avoid the costly consequences of inadequate data governance — but need to act now.

A compelling example of the need for proactive data governance is the aftermath of COVID-19. During the pandemic, federal dollars were sent out unchecked, leading to widespread fraud. This could have been avoided if proactive measures had been taken to protect and monitor the distribution of funds.

At the same time, there is a pressing need for increased regulation of data brokers to prevent them from operating without accountability. Legislators must work to create comprehensive privacy laws that protect individuals from the dangers of unregulated data collection and sale, while also providing government agencies with the necessary tools to implement effective data governance policies.

It’s about trust

In today’s increasingly digital world, data privacy has become a pressing concern for government agencies and individuals alike. Proactive measures are essential to protect sensitive information and ensure compliance with privacy laws.

Government agencies can take a proactive approach to data governance by using tools like Collibra Data Privacy to track the flow of data, set rules for data sharing and retention, and monitor compliance with privacy legislation. By doing so, they can prevent data breaches, safeguard the privacy of their citizens, and avoid costly consequences associated with inadequate data protection.

Data governance in a privacy-first world is not only essential for protecting sensitive information but also for maintaining public trust in government institutions. 

By adopting a proactive approach to data privacy, government agencies can ensure they are meeting their obligations to protect their citizens’ privacy and security in the digital age.

Learn more about Collibra Data Privacy.

Related resources


Collibra Data Intelligence Cloud for federal agencies


Collibra for private sector


Tools for compliance

View all resources

More stories like this one

Nov 28, 2023 - 5 min read

Q4 2023 Collibra release: helping customers reduce data risks and improve...

Read more
Jan 25, 2022 - 3 min read

Gaining control of personal information ahead of CPRA

Read more
Feb 25, 2021 - 3 min read

Driving GDPR Compliance

Read more