The University of Southampton
×
Filter your search:
University of Southampton Institutional Repository

DARE UK PRiAM Project D2 Report - A Privacy Risk Assessment Framework for Safe Collaborative Research: Risk Tiers for a Consistent and Transparent Use of the Five Safes Framework (1.1)

DARE UK PRiAM Project D2 Report - A Privacy Risk Assessment Framework for Safe Collaborative Research: Risk Tiers for a Consistent and Transparent Use of the Five Safes Framework (1.1)
DARE UK PRiAM Project D2 Report - A Privacy Risk Assessment Framework for Safe Collaborative Research: Risk Tiers for a Consistent and Transparent Use of the Five Safes Framework (1.1)
Sharing data for research, when carried out responsibly, can have huge public benefits. However, without appropriate protections in place, institutions risk losing the trust of individuals. Hence, privacy risk assessment should be baked into the decision-making processes for sharing or providing access to data. The current approaches for assessing privacy risk are ad hoc, manual, opaque, and inconsistent across different organisations or even different individuals in the same organisation. In this report, we propose a new privacy risk assessment framework that can improve consistency and transparency in data sharing decisions. Our intention is to support shared subjectivity in decision-making among various stakeholders and enforce the subjective decisions consistently.

Our privacy risk assessment framework is built on top of the Five Safes, which is widely used across different public institutions in the UK. In the first PRiAM report (D1), we explored how various organisations using the Five Safes framework interpret it differently. It is impossible to assess if the framework is being used effectively, unless more details regarding how each of these safes were accounted for are available. The proposed privacy risk assessment framework aims to facilitate better usage of the Five Safes. The key idea is to enable data custodians to explicitly list the criteria they consider for assessing privacy risk, thereby enhancing transparency. These criteria are then used to categorise different data sharing scenarios into discrete tiers of risk that can further be tied to decisions around data sharing, therefore providing consistency in decision-making. Creating discrete levels of risk encourages comparison-based reasoning about risk in different scenarios as well as provides a starting point for the creation of standard benchmarks.
Zenodo
Boniface, Michael
f30bfd7d-20ed-451b-b405-34e3e22fdfba
Carmichael, Laura
3f71fb73-581b-43c3-a261-a6627994c96e
Hall, Wendy
11f7f8db-854c-4481-b1ae-721a51d8790c
Mcmahon, James P
241084a2-2bac-4a1f-ba86-fa2c3163523d
Pickering, Brian
225088d0-729e-4f17-afe2-1ad1193ccae6
Surridge, Michael
3bd360fa-1962-4992-bb16-12fc4dd7d9a9
Taylor, Steve
9ee68548-2096-4d91-a122-bbde65f91efb
Atmaca, Ugur Ilker
ffa354ee-9040-4c66-8477-94bbbd12bd44
Epiphaniou, Gregory
5e7089ef-cd58-46ef-84fb-ad5266483d15
Maple, Carsten
99f12daa-5ff8-4057-892e-647d96d4329e
Murakonda, Sasi
a43fb6a3-98d4-43df-875f-d61cf423a497
Weller, Suzanne
98b2335d-eeaa-4042-95fb-857700fcb8de
Boniface, Michael
f30bfd7d-20ed-451b-b405-34e3e22fdfba
Carmichael, Laura
3f71fb73-581b-43c3-a261-a6627994c96e
Hall, Wendy
11f7f8db-854c-4481-b1ae-721a51d8790c
Mcmahon, James P
241084a2-2bac-4a1f-ba86-fa2c3163523d
Pickering, Brian
225088d0-729e-4f17-afe2-1ad1193ccae6
Surridge, Michael
3bd360fa-1962-4992-bb16-12fc4dd7d9a9
Taylor, Steve
9ee68548-2096-4d91-a122-bbde65f91efb
Atmaca, Ugur Ilker
ffa354ee-9040-4c66-8477-94bbbd12bd44
Epiphaniou, Gregory
5e7089ef-cd58-46ef-84fb-ad5266483d15
Maple, Carsten
99f12daa-5ff8-4057-892e-647d96d4329e
Murakonda, Sasi
a43fb6a3-98d4-43df-875f-d61cf423a497
Weller, Suzanne
98b2335d-eeaa-4042-95fb-857700fcb8de

Boniface, Michael, Carmichael, Laura, Hall, Wendy, Mcmahon, James P, Pickering, Brian, Surridge, Michael, Taylor, Steve, Atmaca, Ugur Ilker, Epiphaniou, Gregory, Maple, Carsten, Murakonda, Sasi and Weller, Suzanne (2022) DARE UK PRiAM Project D2 Report - A Privacy Risk Assessment Framework for Safe Collaborative Research: Risk Tiers for a Consistent and Transparent Use of the Five Safes Framework (1.1) Zenodo 40pp. (doi:10.5281/zenodo.7107426).

Record type: Monograph (Project Report)

Abstract

Sharing data for research, when carried out responsibly, can have huge public benefits. However, without appropriate protections in place, institutions risk losing the trust of individuals. Hence, privacy risk assessment should be baked into the decision-making processes for sharing or providing access to data. The current approaches for assessing privacy risk are ad hoc, manual, opaque, and inconsistent across different organisations or even different individuals in the same organisation. In this report, we propose a new privacy risk assessment framework that can improve consistency and transparency in data sharing decisions. Our intention is to support shared subjectivity in decision-making among various stakeholders and enforce the subjective decisions consistently.

Our privacy risk assessment framework is built on top of the Five Safes, which is widely used across different public institutions in the UK. In the first PRiAM report (D1), we explored how various organisations using the Five Safes framework interpret it differently. It is impossible to assess if the framework is being used effectively, unless more details regarding how each of these safes were accounted for are available. The proposed privacy risk assessment framework aims to facilitate better usage of the Five Safes. The key idea is to enable data custodians to explicitly list the criteria they consider for assessing privacy risk, thereby enhancing transparency. These criteria are then used to categorise different data sharing scenarios into discrete tiers of risk that can further be tied to decisions around data sharing, therefore providing consistency in decision-making. Creating discrete levels of risk encourages comparison-based reasoning about risk in different scenarios as well as provides a starting point for the creation of standard benchmarks.

Text
DAREUK_PRiAM_D3_Privacy_Risk_Framework_Application_Guide_v1.1 - Version of Record
Available under License Creative Commons Attribution Non-commercial Share Alike.
Download (3MB)

More information

e-pub ahead of print date: 23 September 2022
Published date: 23 September 2022
Learn more about Institute for Life Sciences research Learn more about Institute for Life Sciences research Learn more about Web and Internet Science research

Identifiers

Local EPrints ID: 472996
URI: http://eprints.soton.ac.uk/id/eprint/472996
DOI: doi:10.5281/zenodo.7107426
PURE UUID: d2b4b31b-0443-4ff8-8a31-5664225591a4
ORCID for Michael Boniface: ORCID iD orcid.org/0000-0002-9281-6095
ORCID for Laura Carmichael: ORCID iD orcid.org/0000-0001-9391-1310
ORCID for Wendy Hall: ORCID iD orcid.org/0000-0003-4327-7811
ORCID for Brian Pickering: ORCID iD orcid.org/0000-0002-6815-2938
ORCID for Steve Taylor: ORCID iD orcid.org/0000-0002-9937-1762

Catalogue record

Date deposited: 06 Jan 2023 17:55
Last modified: 17 Mar 2024 03:35

Export record

Altmetrics

Contributors

Author: Michael Boniface ORCID iD
Author: Laura Carmichael ORCID iD
Author: Wendy Hall ORCID iD
Author: James P Mcmahon
Author: Brian Pickering ORCID iD
Author: Michael Surridge
Author: Steve Taylor ORCID iD
Author: Ugur Ilker Atmaca
Author: Gregory Epiphaniou
Author: Carsten Maple
Author: Sasi Murakonda
Author: Suzanne Weller

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Library staff additional information
Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×