MANAGING SENSITIVE DATA FOR SHARING − THE UK DATA ARCHIVE EXPERIENCE ……………………………………………………....................................................................................................

Slides:

Advertisements

Similar presentations

Reconciling the sharing of research data with ethical review for research with people as participants Dr Veerle Van den Eynden UK Data Archive Data support.

Advertisements

Re-use of PSI Data Protection Issues Cécile de Terwangne Professor at the Law Faculty, Research Director at CRIDS University of Namur (Belgium) 2 nd LAPSI.

Reconciling the sharing of research data with ethical review for research with people as participants Veerle Van den Eynden UK Data Archive Data Support.

Dealing with confidential research information and consent agreements in research with people as participants Data Management and Sharing workshop Edinburgh,

Data security and controlling access Managing research data well workshop London, 30 June 2009 Manchester, 1 July 2009.

Dealing with confidential research information anonymisation techniques and other measures to enable using and sharing research data Data Management and.

Dealing with confidential research information - Anonymisation techniques and access regulations to enable using and sharing research data Data Management.

Anonymisation techniques and other measures to enable using and sharing research data Managing and Sharing Research Data workshop London, 2 December 2009.

MANAGING YOUR DATA WELL …………………………………………

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.

BEST PRACTICE FOR DATA SHARING ……………………………………………………

Data Protection.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.

What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.

© 2012 Morgan Cole LLPExpertise | Experience | Efficiency | Contribution 11th October 2012 Avoiding Data Protection pitfalls when collecting Equality Information.

Data Protection and Ethics Committees in Social Science Research

DATA LIFECYCLE & DATA MANAGEMENT PLANNING ……………………………………………………………………………………………………………………………….…………………………….. ……………………………………………………………......…... RESEARCH DATA.

Data Protection: The Law. EU & Irish Legislation Data Protection Directive 95/46/EC Electronic Privacy Directive 2002/58/EC EUROPOL etc Data Protection.

Data Protection Overview

Dealing with confidential research information and consent agreements in research Louise Corti Associate Director UK Data Archive University of Glamorgan.

MANAGING YOUR RESEARCH DATA: PLANNING TO SHARE ……………………………………………………………………………………………………………………………….…………………………….. ……………………………………………………………......…... RESEARCH.

DATA MANAGEMENT SUPPORT FOR RESEARCHERS …………………………………………

Data Protection and You Your Rights & The Law Registration Basics Other Activities Disclaimer: This presentation only provides an introductory info. Please.

Skeletons in the archive: Ethical and methodological challenges of sharing data Libby Bishop ESDS Qualidata, University of Essex Timescapes, University.

Guidelines for data preparation - ESRC Datasets Policy Louise Corti ESDS/UKDA Social Science Data Archives for Social Historians: creating, depositing.

ESRC Datasets Policy and Qualitative Data Preparation Gill Backhouse Senior Acquisitions and Liaison Officer Qualidata.

OCR Nationals Level 3 Unit 3.  To understand how the Data Protection Act 1998 relates to the data you will be collecting, storing and processing  To.

Data Protection: An enabler? David Freeland, Senior Policy Officer 23 October 2014.

Data Protection STFC Presentation to PPD Senior Staff 26/11/2009 FoI/DP team.

Data Protection Act & Freedom of Information Simon Mansell Corporate Governance and Information Team.

Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.

Processing personal health data: the regulator’s perspective Ken Macdonald Assistant Commissioner Information Commissioner’s Office.

The Data Protection Act - Confidentiality and Associated Problems.

RESEARCH ETHICS AND DATA CONFIDENTALITY: ANONYMISATION AND ACCESS CONTROL ……………………………………………………………………………………………………………………………….…………………………….. ……………………………………………………………......…...

Open Access to Data Confidentiality, Consent and Archive Access CESSDA, Athens October John Southall ESDS Qualidata.

Legal and ethical considerations for archiving and sharing research data Research Ethics as Practice University of Lancaster 17 September 2008 Libby Bishop.

ANONYMISATION Research Data Management. c Research Data Management Sensitive Data Sensitive Data is information covering: The racial or ethnic origin.

Introduction Data protection is relevant to every individual, business or organisation today, not just Local Government. As well as protecting privacy,

Data Protection Act The Data Protection Act (DPA) is a balance between rights of the DATA SUBJECT and obligations of the DATA CONTROLLER DATA CONTROLLER.

Data Protection and research Rachael Maguire Records Manager.

DATA PROTECTION ACT (DPA). WHAT IS THE DATA PROTECTION ACT?  The Data Protection Act The Data Protection Act (DPA) gives individuals the right.

DATA PROTECTION ACT INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March It is more far reaching than its predecessor,

GCSE ICT Data and you: The Data Protection Act. Loyalty cards Many companies use loyalty cards to encourage consumers to use their shops and services.

Session 11 Data protection. 1 Contents Part 1: Introduction Part 2: Applicability and responsibility Part 3: Our procedures on data protection Part 4:

© University of Reading Lee Shailer 06 June 2016 Data Protection the basics.

Data protection—training materials [Name and details of speaker]

Sharing Information Legally Lindsay Ould London Borough of Lewisham.

Uses of brain imaging data: privacy and governance implications Dr. Hester Ward Medical Director, Information Services Division, (ISD) Consultant in Public.

Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.

Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.

Understanding Privacy An Overview of our Responsibilities.

Data Protection and Freedom of Information. Objectives Describe the main points of the Data Protection Act 1998 and Freedom of Information Act 2000 Illustrate.

Introduction to Data Protection Plan »Brief Introduction to Data Protection  Example  Principles  P3, 4, 7  Sensitive Data  Conditions for Processing.

Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.

Data protection act. During the second half of the 20th century, businesses, organisations and the government began using computers to store information.

Understanding Privacy An Overview of our Responsibilities.

Personal Data Protection

Data Protection: The Law

Data Protection and Confidentiality

Issues of personal data protection in scientific research

Data Protection & Freedom of Information- An Introduction

GENERAL DATA PROTECTION REGULATION (GDPR)

New Data Protection Legislation

Data Protection principles

Data Protection and You

Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .

DATA LIFECYCLE & DATA MANAGEMENT PLANNING

Open data in the social sciences, conundrum or feasible?”

Understanding Data Protection

Data Protection for SDS Employers Alison Johnston Lead Policy Officer (Scotland) Information Commissioner’s Office.

Presentation transcript:

MANAGING SENSITIVE DATA FOR SHARING − THE UK DATA ARCHIVE EXPERIENCE …………………………………………………… VEERLE VAN DEN EYNDEN …………………………………. UK DATA ARCHIVE UNIVERSITY OF ESSEX …………………………………. MANAGING AND CITING SENSITIVE DATA, BRITISH LIBRARY 29 OCTOBER 2012

……………………………………………………………………………………………………………………………….…………………………….. ……………………………………………………………………………………………………………………………….…………………………..… UK DATA ARCHIVE TOPIC The challenges of managing and citing sensitive or personal data within the repository context Legal / ethical background UK Data Archive strategy Suggestions for citation & repositories

……………………………………………………………………………………………………………………………….…………………………….. ……………………………………………………………………………………………………………………………….…………………………..… UK DATA ARCHIVE OUR STRATEGY Shared responsibility & trust relation: Researchers producing data Researchers (re)using data Data centre / archive / repository A COMBINATION OF GAINING CONSENT FOR DATA SHARING, ANONYMISING AND REGULATING ACCESS TO DATA WILL INCREASE THE POTENTIAL FOR MAKING PEOPLE-RELATED RESEARCH DATA MORE READILY AND WIDELY AVAILABLE

……………………………………………………………………………………………………………………………….…………………………….. ……………………………………………………………………………………………………………………………….…………………………..… UK DATA ARCHIVE PERSONAL DATA Protection of personal information legislation : Data Protection Act 1998 relate to a living individual the individual can be identified from those data or from those data and other information include any expression of opinion about the individual

……………………………………………………………………………………………………………………………….…………………………….. ……………………………………………………………………………………………………………………………….…………………………..… UK DATA ARCHIVE SENSITIVE DATA DPA 1998 defines ‘sensitive personal data’ : data regarding an individual's race or ethnic origin, political opinion, religious beliefs, trade union membership, physical or mental health, sex life, criminal proceedings or convictions,... Data that may incriminate a person Data a person prefers not to share with wider society e.g. business, income, health, medical details

……………………………………………………………………………………………………………………………….…………………………….. ……………………………………………………………………………………………………………………………….…………………………..… UK DATA ARCHIVE DATA PROTECTION ACT PRINCIPLES Personal data should be: processed fairly and lawfully obtained and processed for a specified purpose adequate, relevant and not excessive for the purpose accurate not kept longer than necessary processed in accordance with the rights of data subjects e.g. right to be informed about how data will be used, stored, processed, transferred, destroyed, … & right to access information and data held kept secure not transferred abroad without adequate protection

……………………………………………………………………………………………………………………………….…………………………….. ……………………………………………………………………………………………………………………………….…………………………..… UK DATA ARCHIVE DPA PRINCIPLES Personal data only disclosed if consent has been given to do so (exception e.g. legal reasons) Every individual has the right to access info and data held If data are anonymised (personal identifiers removed) then DP laws will not apply as these no longer constitute ‘personal data’ Data protection is not intended to, and does not, inhibit ethical research

……………………………………………………………………………………………………………………………….…………………………….. ……………………………………………………………………………………………………………………………….…………………………..… UK DATA ARCHIVE DPA EXCEPTIONS Personal data collected as part of research: can be retained indefinitely (if needed) can be used for other purposes in some circumstances, but people should still be informed sensitive personal data can only be processed for research purposes if: explicit consent (ideally in writing) obtained; or medical research by health professional or equivalent with duty of confidentiality; or analysis of racial/ethnic origins for equal opportunities monitoring; or substantial public interest and not causing substantial damage and distress

……………………………………………………………………………………………………………………………….…………………………….. ……………………………………………………………………………………………………………………………….…………………………..… UK DATA ARCHIVE FREEDOM OF INFORMATION ACT Right to request access to recorded information held by public sector organisations incl. research data from universities and publicly funded research organisations Sensitive / personal data - exceptions personal data cannot be requested information that is subject to a confidentiality agreement (e.g. signed consent form) or sensitive data held under restricted access by a data archive there must be a real likelihood that disclosure would open the public authority to legal action for breach of confidence

……………………………………………………………………………………………………………………………….…………………………….. ……………………………………………………………………………………………………………………………….…………………………..… UK DATA ARCHIVE RESEARCH ETHICS duty of confidentiality towards informants/participants duty to protect participants from harm by not disclosing sensitive information duty to treat participants as rational, autonomous beings, who can decide (via informed consent) how the information they provide (in research) can be used, shared and made public duty to inform participants how information and data will be used, processed, shared, disposed of duty to wider society to make available resources produced by researchers with public funds e.g. data sharing required by research funders

……………………………………………………………………………………………………………………………….…………………………….. ……………………………………………………………………………………………………………………………….…………………………..… UK DATA ARCHIVE SHARING & RE-USING SENSITIVE DATA Obtaining informed consent, also for data sharing, preservation, curation, re-use Protecting identities e.g. anonymisation, not collecting personal data Restricting / regulating access where needed (all or part of data) e.g. by group, use, time period Securely storing personal or sensitive data Consider jointly and in dialogue with participants

……………………………………………………………………………………………………………………………….…………………………….. ……………………………………………………………………………………………………………………………….…………………………..… UK DATA ARCHIVE ROLE OF DATA ARCHIVES Provide trust Enable and support ethical re-use of data Rights framework Enable maximum accessibility / least restrictions – optimum access Disclosure checks and data anonmyisation checks

……………………………………………………………………………………………………………………………….…………………………….. ……………………………………………………………………………………………………………………………….…………………………..… UK DATA ARCHIVE ROLE OF DATA ARCHIVES Regulate user access to data - UK Data Archive: archived data NOT in public domain data use for specific purposes after user registration (UK Federation) data users sign legally binding End User Licence e.g. not identify any potentially identifiable individuals stricter access regulations for sensitive / confidential data (case by case): access to approved researchers only data access authorisation from data owner prior to data release embargo for given time period secure access to data / data enclave Secure Data Service Metadata & documentation always open access

……………………………………………………………………………………………………………………………….…………………………….. ……………………………………………………………………………………………………………………………….…………………………..… UK DATA ARCHIVE ROLE OF RESEARCHERS When ‘producing’ data: consider methodology e.g. collect personal data or sensitive data in research? consider data sharing & re-use during ethical review informed consent procedures anonymise data

……………………………………………………………………………………………………………………………….…………………………….. ……………………………………………………………………………………………………………………………….…………………………..… UK DATA ARCHIVE DATA CITATION Metadata: provide info about rights, restrictions, access conditions, use conditions

……………………………………………………………………………………………………………………………….…………………………….. ……………………………………………………………………………………………………………………………….…………………………..… UK DATA ARCHIVE REPOSITORIES Discuss with depositors: consent anonymisation choose right access Checks: anonymisation DPA breaches Legal framework – deposit licence & use licence Set access conditions (repository / depositor) Administer user access (depositor)

……………………………………………………………………………………………………………………………….…………………………….. ……………………………………………………………………………………………………………………………….…………………………..… UK DATA ARCHIVE EXAMPLES Labour Force Survey End User Licence version Special Licence with extra variables birth month &year, NUTS2, 4-digit Standard Occupational Classification, unitary authority/local authority, urban/rural indicator British Household Panel Survey main survey End User Licence (GOR) Secure Data Service: geography variables, grid references Special Licence: geography variables, wards, SOAs SN 4596 Conflicts and Violence in Prison, methods undisclosive re. English prisons studied, minimal anonymisation, explicit detail in data Data Owner Permission access

……………………………………………………………………………………………………………………………….…………………………….. ……………………………………………………………………………………………………………………………….…………………………..… UK DATA ARCHIVE EXAMPLES SN 5407 Health and Social Consequences of the Foot and Mouth Disease Epidemic in North Cumbria, (qualitative data) data archiving discussed extensively with participants, consent sought, minimal anonymisation (pseudonyms) standard End User Licence access to interview transcripts and diaries Data Owner Permission access to audio files 20 year embargo for selected interviews / diaries SN 5827 Rape in the 21st Century: Old Patterns, New Behaviours and Emerging Trends, (quant. data) some removal of variables, rounding of dates combined with Data Owner Permission access

……………………………………………………………………………………………………………………………….…………………………….. ……………………………………………………………………………………………………………………………….…………………………..… UK DATA ARCHIVE

……………………………………………………………………………………………………………………………….…………………………….. ……………………………………………………………………………………………………………………………….…………………………..… UK DATA ARCHIVE

……………………………………………………………………………………………………………………………….…………………………….. ……………………………………………………………………………………………………………………………….…………………………..… UK DATA ARCHIVE

……………………………………………………………………………………………………………………………….…………………………….. ……………………………………………………………………………………………………………………………….…………………………..… UK DATA ARCHIVE ESRC DATA STORE Online (self) archiving system for ESRC-funded research data: manage, make accessible & discoverable

……………………………………………………………………………………………………………………………….…………………………….. ……………………………………………………………………………………………………………………………….…………………………..… UK DATA ARCHIVE ESRC DATA STORE ROLES Depositors: upload data files & send for review & publication set access conditions all registered users collaborators only administer access to collaborators UK Data Archive: user registration (UK Federation) licensing: Deposit & End User Terms & Conditions disclosure & documentation checks advice to depositors publish data Users: agree to Terms & Conditions (click) prior to access request collaborator status for access

……………………………………………………………………………………………………………………………….…………………………….. ……………………………………………………………………………………………………………………………….…………………………..… UK DATA ARCHIVE

……………………………………………………………………………………………………………………………….…………………………….. ……………………………………………………………………………………………………………………………….…………………………..… UK DATA ARCHIVE CONTACT RESEARCH DATA MANAGEMENT SUPPORT SERVICES UK DATA ARCHIVE UNIVERSIY OF ESSEX WIVENHOE PARK COLCHESTER ESSEX CO4 3SQ ……………………………….…………. T +44 (0) E