The University of Southampton
×
Filter your search:
University of Southampton Institutional Repository

Towards a socio-technical approach for privacy requirements analysis for next-generation trusted research environments

Towards a socio-technical approach for privacy requirements analysis for next-generation trusted research environments
Towards a socio-technical approach for privacy requirements analysis for next-generation trusted research environments
Increasingly, advanced analytics methods – artificial intelligence/machine learning – are being used to discover value in big datasets. These methods are driving new data processing patterns and forms of research collaborations underpinned by the federated sharing and processing of data. Such multi-stakeholder processing raises the need for a standard privacy risk assessment framework that can fully deal with privacy risks arising in this context. In this paper, we argue that a socio-technical approach to privacy requirements analysis provides a crucial starting point for developing such a framework – as a means to foster a shared understanding of privacy risk in a specific context for effective risk communication, modelling, simulation, and evaluation. By way of example, we concentrate on three main areas. First, to describe the scope and boundaries for privacy risk assessment, we provide an overview of trusted research environments and emerging data usage patterns in operational health networks. Second, for effective and meaningful risk communication in respect of privacy concerns, expectations, and protective measures, we focus on the Five Safes as well-known principles and dimensions used to structure discussions and decision-making about access to sensitive data. Third, to promote a shared understanding through a conceptual mapping of common types of risk factors, we compare the ISO/IEC 27005 methodology for information security risk management with other selected privacy risk assessment methodologies.
169-180
Institution of Engineering and Technology
Carmichael, Laura
3f71fb73-581b-43c3-a261-a6627994c96e
Atmaca, Ugur Ilker
ffa354ee-9040-4c66-8477-94bbbd12bd44
Maple, Carsten
99f12daa-5ff8-4057-892e-647d96d4329e
Taylor, Steve
9ee68548-2096-4d91-a122-bbde65f91efb
Pickering, Brian
225088d0-729e-4f17-afe2-1ad1193ccae6
Surridge, Michael
3bd360fa-1962-4992-bb16-12fc4dd7d9a9
Epiphaniou, Gregory
5e7089ef-cd58-46ef-84fb-ad5266483d15
Le, Anh Tuan
550bb37f-1723-4cd6-a632-a2dec8b97193
Murakonda, Sasi
7950c331-0c7e-4ff8-b799-534a35832968
Weller, Suzanne
eda9be3e-59f5-4d55-8a73-7ca2068afd18
Mcmahon, James
241084a2-2bac-4a1f-ba86-fa2c3163523d
Hall, Wendy
11f7f8db-854c-4481-b1ae-721a51d8790c
Boniface, Michael
f30bfd7d-20ed-451b-b405-34e3e22fdfba
Carmichael, Laura
3f71fb73-581b-43c3-a261-a6627994c96e
Atmaca, Ugur Ilker
ffa354ee-9040-4c66-8477-94bbbd12bd44
Maple, Carsten
99f12daa-5ff8-4057-892e-647d96d4329e
Taylor, Steve
9ee68548-2096-4d91-a122-bbde65f91efb
Pickering, Brian
225088d0-729e-4f17-afe2-1ad1193ccae6
Surridge, Michael
3bd360fa-1962-4992-bb16-12fc4dd7d9a9
Epiphaniou, Gregory
5e7089ef-cd58-46ef-84fb-ad5266483d15
Le, Anh Tuan
550bb37f-1723-4cd6-a632-a2dec8b97193
Murakonda, Sasi
7950c331-0c7e-4ff8-b799-534a35832968
Weller, Suzanne
eda9be3e-59f5-4d55-8a73-7ca2068afd18
Mcmahon, James
241084a2-2bac-4a1f-ba86-fa2c3163523d
Hall, Wendy
11f7f8db-854c-4481-b1ae-721a51d8790c
Boniface, Michael
f30bfd7d-20ed-451b-b405-34e3e22fdfba

Carmichael, Laura, Atmaca, Ugur Ilker, Maple, Carsten, Taylor, Steve, Pickering, Brian, Surridge, Michael, Epiphaniou, Gregory, Le, Anh Tuan, Murakonda, Sasi, Weller, Suzanne, Mcmahon, James, Hall, Wendy and Boniface, Michael (2022) Towards a socio-technical approach for privacy requirements analysis for next-generation trusted research environments. In Competitive Advantage in the Digital Economy (CADE 2022). Institution of Engineering and Technology. pp. 169-180 . (doi:10.1049/icp.2022.2061).

Record type: Conference or Workshop Item (Paper)

Abstract

Increasingly, advanced analytics methods – artificial intelligence/machine learning – are being used to discover value in big datasets. These methods are driving new data processing patterns and forms of research collaborations underpinned by the federated sharing and processing of data. Such multi-stakeholder processing raises the need for a standard privacy risk assessment framework that can fully deal with privacy risks arising in this context. In this paper, we argue that a socio-technical approach to privacy requirements analysis provides a crucial starting point for developing such a framework – as a means to foster a shared understanding of privacy risk in a specific context for effective risk communication, modelling, simulation, and evaluation. By way of example, we concentrate on three main areas. First, to describe the scope and boundaries for privacy risk assessment, we provide an overview of trusted research environments and emerging data usage patterns in operational health networks. Second, for effective and meaningful risk communication in respect of privacy concerns, expectations, and protective measures, we focus on the Five Safes as well-known principles and dimensions used to structure discussions and decision-making about access to sensitive data. Third, to promote a shared understanding through a conceptual mapping of common types of risk factors, we compare the ISO/IEC 27005 methodology for information security risk management with other selected privacy risk assessment methodologies.

This record has no associated files available for download.

More information

Published date: 9 November 2022
Learn more about Institute for Life Sciences research Learn more about Institute for Life Sciences research Learn more about Web and Internet Science research

Identifiers

Local EPrints ID: 472983
URI: http://eprints.soton.ac.uk/id/eprint/472983
DOI: doi:10.1049/icp.2022.2061
PURE UUID: e3c282bd-c1ef-4a33-9af3-13060c2a503f
ORCID for Laura Carmichael: ORCID iD orcid.org/0000-0001-9391-1310
ORCID for Steve Taylor: ORCID iD orcid.org/0000-0002-9937-1762
ORCID for Brian Pickering: ORCID iD orcid.org/0000-0002-6815-2938
ORCID for Wendy Hall: ORCID iD orcid.org/0000-0003-4327-7811
ORCID for Michael Boniface: ORCID iD orcid.org/0000-0002-9281-6095

Catalogue record

Date deposited: 06 Jan 2023 17:35
Last modified: 17 Mar 2024 03:35

Export record

Altmetrics

Contributors

Author: Laura Carmichael ORCID iD
Author: Ugur Ilker Atmaca
Author: Carsten Maple
Author: Steve Taylor ORCID iD
Author: Brian Pickering ORCID iD
Author: Michael Surridge
Author: Gregory Epiphaniou
Author: Anh Tuan Le
Author: Sasi Murakonda
Author: Suzanne Weller
Author: James Mcmahon
Author: Wendy Hall ORCID iD
Author: Michael Boniface ORCID iD

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Library staff additional information
Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×