I see a lot of wasteful security efforts being made. The questions that need to be asked are:

1. What is the worst case scenario for someone getting access?

2.What is the probability that worst case will occur?

3. What is the opportunity cost of not having the data available?

For example, the opportunity costs in terms of data value of me not having the names and social security numbers of students in the TIMSS data is virtually nil. The data are extremely useful to me without that information. Yes, I might be able to merge with some income data better if I had it, but for the vast majority of cases the data without personally identifying information works perfectly well. (Yes, I know TIMSS doesn't collect SSNs, it's an example.)

The worst case scenario is identity theft and other bad things. So, no, I can't have SSNs but I can have tons of data on answers for each item, school demographic data, etc.

The argument comes about harm to who - schools might think it harmful if everyone knew their students were performing below average - while parents might think it harmful NOT to have those data - as a result of the on-going argument we get school level information from some sources and not others. 

Discussion Process Suggestion:

• Before we can have the discussion of security vs openness.  We need to discuss and define these terms publically.
• The defined terms could be used to help create the category in which data topics generated/requested would fall.

Note: Data and requested data ideas should be publically available to spur ideas for new data topics and how the data could be presented to possibly allow the data to be public. 

• Discussions should be held upon contested topics which should look to find a balance and identifty the reasons why it is considered to be important to security.  The discussions should be public and available for public comments to help find a way to present it that would not violate "national security".
• The last issues would be the expression of the data and how some datasets would impact privacy, preliminary, and predecisional items.  Ideas could be generated as how the data could be released in a way that protects the privacy of non public figures as well as how best to tackle the preliminary and predecisional information.  

Note: This could be an ongoing discussion and deliberation to ensure the lates evoluation of technology, process, etc is addressed.

Personal Thoughts and approach to Data:

My personal approach is as much data as possible should be available freely online for public review for institutions of government that represent the people with minimal restriction being put on the data analysis and publication.  The data that should be restricted would be that in the interest of "national secruity".  This term and what fall into the category should be clearly defined.  There should be a proceedure to petition/contest data determined to be in interest of "national secruity" to ensure that as much data can be available for public review.  

The remaining data to protect privacy should be anonomysed and vetted that the level is sufficinet to protect privacy and personal inforamtion of of non public figures.  Preliminary and predecisional information should be available for some areas, but I do not have a specific oppinion at this time.  Possibly the prelminary and predecisional information could be tackled by making the data available at request as long as the project or dataset is announced once it is collected or inprogress of being collected.

It's really old question what's the balance between security and opennes. We think that privacy must be even in democratic country. People in it's consistence are not prepared to obtain much information, for example UFO, if they really exists, than it's better to hide this fact till final moment, otherwise there can be panic from nation. 

Just as an example, let's speak about paparazzi, they are making "Star life" more opened, but in fact they are inside each person privacy, they are everywhere, so "Start life" become horrible, everyone knows where are they going, what are they doing and that decrease their quality of live, and the facts of husband cheating become public. In that case that cheating will be discussed by everyone in the world, everyone will have his version of story, and after some time there will be not possible to divide real facts from people fantasies. In fact, husband cheating it's problem to a family, and only family needs to find solution in privacy, and show to public only result (for example: divorce), not the process of discussion, same should be in government, important questions should be discussed in privacy, but that in case if people trust to its government.  I think that financial expenses should be up to 90% opened, people must know where government spend their taxes, people must know main facts, main details.  National security interests, they needs to be. Government security, army, global strategic questions that must be secured information.  When we are going to restaurant, we are not going to kitchen to check who is working, what they cook, what are the quality of products, we didn't check financial date how much they spend to create meal and what is the amount of profit, we don't care, if we came, we trust that place, and we only order meal and we are happy.  If government works like it should work, than nobody will care about details, nobody will search for secret data (instead of opponents)... That is only my opinion. Best Regards,Vladislavs DovoreckisEnVers Group SIA, Member of a board--------------------------------https://www.gogetssl.comSecure SSL Certificates