1 / 16

Frameworks for Sensitive Data in the Research Lifecycle

Frameworks for Sensitive Data in the Research Lifecycle. John Southall Bodleian Data Librarian Subject Consultant for Economics, Sociology, Social Policy & Intervention Michaelmas 2016. Lifecycle Model. Applicable throughout data lifecycle Before a project During a project

leomaw
Download Presentation

Frameworks for Sensitive Data in the Research Lifecycle

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Frameworks for Sensitive Data in the Research Lifecycle John Southall Bodleian Data Librarian Subject Consultant for Economics, Sociology, Social Policy & InterventionMichaelmas 2016

  2. Lifecycle Model • Applicable throughout data lifecycle • Before a project • During a project • After completion • First two remain key • Third stage also now focus of policy and ‘expectations’ • Management of sensitive and confidential data particularly affected by this • Various stakeholders and frameworks at work

  3. Internal Frameworks • Project Level • Define sensitivity – allows better management • Specific content or general content • Consent agreements with participants • Licensing agreements • University level • Policy requirements or ‘Expectations’ • Applicable throughout data lifecycle

  4. University Policy • Data should be retained for ‘as long as they are of continuing value to the researcher and the wider research community’ – but a minimum of three years • Researcher driven • Developing and documenting clear data management procedures • Planning for the ongoing custodianship of their data • Ensuring that legal, ethical, and funding body requirements are met • Institution responsible • for providing access to the services, facilities, and support needed to allow researchers to comply with the policy • Tagged as RDM

  5. External frameworks • Funder policy • ESRC, EPSRC, Wellcome, RCUK Principles • Collaborator policy and expectations • Legal and Ethical policy • Data protection, FOI regulations • Privacy, confidentiality and consent • Broad consent arrangements need to accommodate all these

  6. RCUK Guidance • … on best practice in management of research data • Principle 4: RCUK recognises that there are legal, ethical and commercial constraints on release of research data. To ensure that the research process is not damaged by inappropriate release of data, research organisation policies and practices should ensure that these are considered at all stages in the research process.” (July 2015)

  7. Discipline Based Guidance • Expectation = case by case discussion • MRC – produce DMP, deposit of appropriate data in ‘timely’ manner, with limited exclusivity clauses • EPSRC – produce DMP, preservation and sharing of data • ESRC – produce DMP,preservation of data wherever possible and deposit with institutional repository or UKDA or secure data lab • ESRC will dispute non-deposit proposals • All discussed as part of application process

  8. Data Management Plan • Place to consider the issues • Internal and external support for DMPs • Goal is to understand • Why your data is considered confidential or sensitive in some way • Impact of this on research process • How you manage it • where intent is that data/ sensitive data is not preserved or made accessible give a good reason

  9. Consent Agreements • Help ensure participation • Create trust • Define interests of stakeholders • Avoid agreements that are too restrictive • Or do not accommodate all three stages • “only to be used by this researcher” - “will be destroyed” - “no one else will read” • Helpful but not too restrictive • Protection for you - not a strait-jacket • Formal – defining - agreements

  10. Three Approaches • Destruction • Alteration • Restriction

  11. Destruction • Dispose or destroy data when project ends • Traditional solution in some disciplines • Wasteful? • Now requires good reason given • Will always be needed in some cases • Retention • Variant on destruction – rules out long term preservation • Oxford policy talks of minimum retention but does not mention maximum period • Does not imply destruction

  12. Alteration • Aggregation, anonymisation of data • Another traditional solution in some disciplines • Loss/ Degradation of content • Against expectations of data preservation? • Fragmentation • Helpful where specific content is the issue • Needs to be well defined and managed

  13. Restriction • Anonymisation allows wide access to less data (ie by removing content) • An alternative approach is to leave content but make access harder • Relies on placing it somewhere with access control • E.g. Microdata from Eurostat • Vetting of access from UKDS • Requires clear access and usage conditions • Restrict what content may be reproduced • Introduce embargoes (last resort)

  14. Conclusion • Content is only starting point • Actual issue is how data will be used, managed, and disseminated. • Applicable throughout data lifecycle • Before a project – planned, approved or licenced • During – managed and secure • After – documented and preserved • Maintain confidentiality through controls on handling, storage and sharing • Use research design to reduce risks • Draw on RDM support at Oxford

More Related