New Data Innovation Projects: Data Privacy and Data Protection

Slides:



Advertisements
Similar presentations
R.K. Baxi Professor Medical College, Baroda. Ensure Purpose of research is towards betterment of all Research is conducted with professional fair treatment.
Advertisements

The Role of the IRB An Institutional Review Board (IRB) is a review committee established to help protect the rights and welfare of human research subjects.
VOLUNTARY PRINCIPLES ON SECURITY & HUMAN RIGHTS. What are the Voluntary Principles? Tripartite, multi-stakeholder initiative Initiated in 2000 by UK Foreign.
DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
University Research Ethics Committee Workshop on procedure and data protection issues 30th May 2008.
BIOMETRICS, CCTV & DATA PROTECTION By Drudeisha Madhub Data Protection Commissioner Date:
 There is no such thing as a child-neutral policy  Every policy positively or negatively affects the lives of children  To comply with the CRC, the.
Getting data sharing right for every child
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
Use of Children as Research Subjects What information should be provided for an FP7 ethical review?
© CSR Asia 2010 ISO Richard Welford CSR Asia
8 Criteria for IRB Approval of Research 45 CFR (a)
Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Health & Social Care Apprenticeships & Diploma
Finance and Governance Workshop Data Protection and Information Management 10 June 2014.
Amicus Legal Consultants THE DEPLOYMENT OF SPECIAL INVESTIGATIVE MEANS IN PROACTIVE ANTI-CORRUPTION INVESTIGATIONS.
The Data Protection Act 1998 The Eight Principles.
Risk Assessment and Management. Objective To enable an organisation mission accomplishment, by better securing the IT systems that store, process, or.
Crosswalk of Public Health Accreditation and the Public Health Code of Ethics Highlighted items relate to the Water Supply case studied discussed in the.
“One Workforce: A Better Future for Children and Young People in Bromley.” Contact us: Bromley Children & Young People Partnership c/o Civic Centre (Room.
Privacy and Confidentiality. Definitions n Privacy - having control over the extent, timing, and circumstances of sharing oneself (physically, behaviorally,
APPROVAL CRITERIA AN IRB INFOSHORT MAY CFR CRITERIA FOR IRB APPROVAL OF RESEARCH In order for an IRB to approve a research study, all.
Data Protection: Workplace, Health and Safety. Employers’ responsibilities Employer obliged to provide safe place of work. Health and Safety Act 2004.
5-6-1 Unit 6: Ethical considerations After completing this unit, you should be able to: Understand the basic ethical principles of working with.
APEC Privacy Framework “The lack of consumer trust and confidence in the privacy and security of online transactions and information networks is one element.
DATA PROTECTION ACT INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March It is more far reaching than its predecessor,
Can you share? Yes you can!! Angus Council Adult Protection Maureen H Falconer, Senior Policy Officer Information Commissioner’s Office.
Getting data sharing right for every child Maureen H Falconer Senior Policy Officer Information Commissioner’s Office.
Data protection—training materials [Name and details of speaker]
Sharing Personal Data ‘What you need to know’ Corporate Information Governance Team Strategic Intelligence.
Sharing Personal Information Programme Wales Accord on the Sharing of Personal Information (WASPI) for organisations involved in the protection, safety,
Key Knowledge Confidentiality Year 4 Medical Ethics and Law Thread Course The Ethox Centre, University of Oxford.
Challenges in Promoting RCR: Reflections from a Public Funder´s Perspective Secretariat on Responsible Conduct of Research [Canadian Institutes of Health.
Business Challenges in the evolution of HOME AUTOMATION (IoT)
Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
Understanding Privacy An Overview of our Responsibilities.
Understanding Privacy An Overview of our Responsibilities.
Preparing to Volunteer
Back to Basics – Approval Criteria
EIA approval process, Management plan and Monitoring
Equality and Human Rights Exchange Network
General Data Protection Regulation
Getting it right for every child and information sharing
Radar Watchkeeping: Have you monitored your Communication department’s radar to avoid collisions with the new Regulation? 43rd EDPS-DPO meeting, 31 May.
GDPR - Individual’s Rights
GENERAL DATA PROTECTION REGULATION (GDPR)
6 Principles of the GDPR and SQL Provision
General Data Protection Regulation
ETHICAL CONSIDERATIONS IN THE CONDUCT OF HEALTH SCIENCES RESEARCH
The General Data Protection Regulation (GDPR)
Security measures Introducing Risk Assessment in GDPR
G.D.P.R General Data Protection Regulations
Data Protection Impact Assessments Drop-in advice session
General Data Protection Regulation
Preparing for the GDPR - What do we need to do if we process children’s personal data? Data Protection Practitioners’ Conference 2018 #DPPC2018.
Chapter 8 Developing an Effective Ethics Program
 How does GDPR impact your business? Pro Tip: Pro Tip: Pro Tip:
Governing the risk of GDPR compliance
ACCOUNTING ETHICS Conf.univ.dr. Victor-Octavian Müller.
IAPP TRUSTe SYMPOSIUM 9-11 JUNE 2004
ACCOUNTING ETHICS Conf.univ.dr. Victor-Octavian Müller.
Dr Elizabeth Lomas The General Data Protection Regulation (GDPR): Changing the data protection landscape Dr Elizabeth Lomas
ACCOUNTING ETHICS Conf.univ.dr. Victor-Octavian Müller.
ACCOUNTING ETHICS Conf.univ.dr. Victor-Octavian Müller.
ACCOUNTING ETHICS Lect. Victor-Octavian Müller, Ph.D.
Understanding Human Rights in Cities - Training Workshop - SESSION 3 Forced Eviction (DRAFT) May 2015 Forced evictions Forced evictions constitute gross.
Getting Ready For GDPR Simon Marks Director
Presentation transcript:

New Data Innovation Projects: Data Privacy and Data Protection 23 September 2016 Mila Romanoff, Data Privacy and Legal Specialist, UN Global Pulse www.unglobalpulse.org

Available at http://www.unglobalpulse.org/privacy-and-data-protection DATA PRIVACY & DATA PROTECTION PRINCIPLES RIGHT TO USE SPECIFIC PURPOSE OF USE & PURPOSE COMPATABILITY INDIVIDUAL PRIVACY DATA SENSITIVITY DATA SECURITY DATA MINIMISATION DATA RETENTION DATA QUALITY DUE DILIGENCE ON COLLABORATORS RISK MITIGATION: RISK/HARM AND BENEFIT ASSESSMENT Based on the UN Resolution 45/95 See more at http://www.unglobalpulse.org/privacy-and-data-protection-principles Available at http://www.unglobalpulse.org/privacy-and-data-protection

DATA PRIVACY & DATA PROTECTION PRINCIPLES RIGHT TO USE: use data that has been obtained by lawful and fair means, including, where appropriate, with the knowledge or consent of the individual whose data is used PURPOSE SPECIFICATION & COMPATABILITY: ensure, to the extent possible, that all of the data we use for project purposes is adequate, relevant and not excessive in relation to the legitimate and fair purposes for which the data was obtained INDIVIDUAL PRIVACY: do not use personal data or the content of private communications, without the knowledge or proper consent of the individual; do not attempt to knowingly and purposely re-identify de-identified data, and we make all reasonable efforts to prevent any unlawful and unjustified re-identification. DATA SENSITIVITY: employ stricter standards of care while conducting research among vulnerable populations and persons at risk, children and young people, and any other sensitive data DATA SECURITY: ensure reasonable and appropriate technical and organisational safeguards are in place to prevent any unauthorised disclosure or breach of data. DATA MINIMISATION: ensure the data use is limited to the minimum necessary DATA RETENTION: ensure that the data used for a project is being stored only for the necessary duration and any retention of it is justified DATA QUALITY AND ACCOUNTABILITY: design, carry out, report and document our activities with adequate accuracy and openness OUR COLLABORATORS: require that our collaborators are acting in compliance with relevant law, data privacy and data protection standards and the United Nations’ global mandate RISK MITIGATION: RISKS/ HARMS & BENEFITS ASSESSMENT: perform a risk assessment and implement appropriate mitigation processes before any new or substantially changed project is undertaken.

GLOBAL PULSE PRIVACY INNOVATION: RISKS, HARMS and benefits ASSESSMNET TOOL What does it do? Helps to make a decision whether the project is ok to launch How? TWO – part process Before a new or substantially changed purpose of data use Evaluate the benefits of your data use Understand and assess the likelihood of the risks Check for all possible harms Ensure that Risks and Harms are not Disproportionate to the Benefits Specifics? New Data Sources Addresses needs of humanitarian and development practitioners Aims to be practical and easy to implement on the ground Considers privacy & ethics Takes into account harms, including group harms Who? Project Managers and Non – Privacy Experts Encourages a multi- disciplinary team work Include a multi-disciplinary team

RISK MANAGEMENT: RISKS/HARMS AND BENEFITS ASSESSMENT

Risk assessment is an accountability and due diligence tool RISK MANAGEMENT: RISKS/HARMS AND BENEFITS ASSESSMENT KEY POINTS TO REMEMBER: Risk assessment is an accountability and due diligence tool Should be based on honest and informed answers There is no “zero” risk, but we can minimize risks It’s not only about privacy and legal compliance Think of the likely harms to individual; groups organization or State Risks and harms must be less than benefits

PART 3.5: ASSESS RISKS AND HARMS Identify risks Identify harms and influence factors

HARMS/NEGATIVE EFFECTS INFLUENCE FACTORS Reputational Economic/financial Surveillance Discrimination Persecution Change of law, norms, ethics Human Rights violations Public Distrust Disadvantage in competition Instability Revelation of state information etc. . Geocultural Social, Economic, Political Instability Legal/Regulatory Use of sensitive data (even if anonymised) Who is conducting a project? What is the purpose? Who will have access to/utilize the results of the project? Who will benefit? etc.

PART: 3.5 ASSESS RISKS AND HARMS Identify risks Identify harms and influence factors Consider likelihood of risks’ occurrence, magnitude and severity of harms Identify who can be affected by the risks and harms

PART 7: Decision: FINAL ASSESSMENT Identify positive effects or benefit of data use; Identify a targeted beneficiary; Identify likely risks and most impactful harms; and who can be affected by those; Consider if there is an alternative to using proposed data; Identify harms linked to not using the data Assess the proportionality of risks and harms with positive impacts; 

PReSENT YOUR FINAL ASSESSMENT: KEY QUESTIONS TO HIGHLIGHT IDENTIFY BENEFIT= IMPACT IDENTIFY DATA IDENTIFY LIKELY RISKS IDENTIFY MAGNITUDE OF HARMS ARE BENEFITS BIGGET THAN THE RISKS? HAVE YOU CHANGED YOUR PROJECT DESIGN/APPROACH BASED ON THE IDENTIFIED RISKS/HARMS? DO YOU THINK YOU WILL NEED TO PERFORM A MORE DETAILED ASSESSMENT IF THE RISKS AND HARMS ARE HIGH?

THANK YOU! romanoff@unglobalpulse.org www.unglobalpulse.org/privacy-and-data-protection

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.