Organisations responsible for data protection must demonstrate that sharing data for research does not put individuals at undue risk of harm. Such harms relate to a person’s right to privacy – for example, they may involve someone’s identity being revealed or data being used unlawfully.
Organisations aim to reduce harm through privacy risk management. Although best practice principles such as the ‘Five Safes’ are used, there is no standard privacy risk assessment approach. This leaves organisations to make their own choices about levels of risk and how they should be managed.
Personal data may be held by many organisations. Often, research requires combinations of data – for example, studying patients’ journey from hospital to recovery may involve combining medical data with data from social care, digital health applications and wearable technologies. With no standard risk assessment approach, it’s hard for multiple organisations to assess and manage risk consistently.
PRiAM aimed to deliver a way to assess privacy risks for data managed by multiple organisations. Engaging experts and members of the public in research use cases, a privacy risk assessment framework has been developed and demonstrated using a security decision support tool. The framework and evaluation of usability and efficiency has been published, ensuring widespread impact.
Principal investigator: Professor Michael Boniface, University of Southampton
Funded amount: £249,499
- D1 Report: Privacy Risk Assessment Requirements for Safe Collaborative Research: Exploring Emerging Data Patterns and Needs of Advanced Analytics in Cross Council Research Networks through Use Case Analysis
- D2 Report: A Privacy Risk Assessment Framework for Safe Collaborative Research: Risk Tiers for a consistent and transparent use of the five safes framework
- D3 Report: Privacy Risk Framework Application Guide
- D4 Report: Public Engagement: Understanding private individuals’ perspectives on privacy and privacy risk