Evaluate new fields as required by Evidence Act

[philipashlock]

New fields that may need to be established based on Evidence Act requirements:

• FOIA determination
• Dissemination Determination (this references affirming that it’s gone through an assessment of some sort; seems beyond just filling in accessLevel)
• Sensitivity level
• Risk assessments

Ideas of what fields can get us there or if we need new ones would be helpful. This issue can be used for general discussion of what new fields are needed, but each individual new field would probably benefit from having a separate issue and discussion focused on it individually

[bbrotsos]

@philipashlock, @dsmorgan77, & @arielsgold

One element that we at DOT had internal discussions on is Data Ownership. There are many instances with cooperative agreements, multi-agency collaborations, and working with 3rd-parties where contactPoint and publisher do not meet our needs. This is an example: https://www.hsisinfo.org/ We narrowed down all the edge cases to these elements:

• Data Owner: The person or organization that has the authority, ability, and responsibility to access, create, modify, store, use, share, and protect data. Data owners have the right to delegate these privileges and responsibilities to other parties.

• Data Steward: At the direction of the data owner, the person or organization that is delegated the privileges and responsibilities to manage, control, and maintain the quality of a data asset throughout the data lifecycle. The data steward may also apply appropriate protections, restrictions, and other safeguards depending on the nature of the data, subject to the direction of the data owner.

The cleanest solution we found is to utilize hasRole which is a valid vCard property https://www.w3.org/TR/vcard-rdf/#Organizational_Properties and convert contactPoint to an array.

For example:

           "contactPoint": [{
                          "@type": "vcard:Contact",
                          "fn": "Jane Doe",
                          "hasEmail": "mailto:jane.doe@agency.gov",
                          "hasRole": "owner"
           }, {
                          "@type": "vcard:Contact",
                          "fn": "John Doe",
                          "hasEmail": "mailto:john.doe@agency.gov",
                          "hasRole": "steward"
           }]

With this change, organizational points of contact and shared email boxes are acceptable in some cases.

Thanks for opportunity to provide feedback, and we are open to other ideas on how this change can be implemented.

[ddw338]

If someone takes an automated system from a persons hard drive they have to run the system from my devices and they use my name and my accounts all my accounts that I have opened and the ones I had before them hacking my system so identity theft is involved with my problem they are not just and haven’t been from the get go.