Presentation is loading. Please wait.

Presentation is loading. Please wait.

New Data Innovation Projects: Data Privacy and Data Protection

Published byJuliana Mills Modified over 5 years ago

Similar presentations

Presentation on theme: "New Data Innovation Projects: Data Privacy and Data Protection"— Presentation transcript:

1 New Data Innovation Projects: Data Privacy and Data Protection
23 September 2016 Mila Romanoff, Data Privacy and Legal Specialist, UN Global Pulse

2 Available at http://www.unglobalpulse.org/privacy-and-data-protection
DATA PRIVACY & DATA PROTECTION PRINCIPLES RIGHT TO USE SPECIFIC PURPOSE OF USE & PURPOSE COMPATABILITY INDIVIDUAL PRIVACY DATA SENSITIVITY DATA SECURITY DATA MINIMISATION DATA RETENTION DATA QUALITY DUE DILIGENCE ON COLLABORATORS RISK MITIGATION: RISK/HARM AND BENEFIT ASSESSMENT Based on the UN Resolution 45/95 See more at Available at

3 DATA PRIVACY & DATA PROTECTION PRINCIPLES
RIGHT TO USE: use data that has been obtained by lawful and fair means, including, where appropriate, with the knowledge or consent of the individual whose data is used PURPOSE SPECIFICATION & COMPATABILITY: ensure, to the extent possible, that all of the data we use for project purposes is adequate, relevant and not excessive in relation to the legitimate and fair purposes for which the data was obtained INDIVIDUAL PRIVACY: do not use personal data or the content of private communications, without the knowledge or proper consent of the individual; do not attempt to knowingly and purposely re-identify de-identified data, and we make all reasonable efforts to prevent any unlawful and unjustified re-identification. DATA SENSITIVITY: employ stricter standards of care while conducting research among vulnerable populations and persons at risk, children and young people, and any other sensitive data DATA SECURITY: ensure reasonable and appropriate technical and organisational safeguards are in place to prevent any unauthorised disclosure or breach of data. DATA MINIMISATION: ensure the data use is limited to the minimum necessary DATA RETENTION: ensure that the data used for a project is being stored only for the necessary duration and any retention of it is justified DATA QUALITY AND ACCOUNTABILITY: design, carry out, report and document our activities with adequate accuracy and openness OUR COLLABORATORS: require that our collaborators are acting in compliance with relevant law, data privacy and data protection standards and the United Nations’ global mandate RISK MITIGATION: RISKS/ HARMS & BENEFITS ASSESSMENT: perform a risk assessment and implement appropriate mitigation processes before any new or substantially changed project is undertaken.

4 GLOBAL PULSE PRIVACY INNOVATION:
RISKS, HARMS and benefits ASSESSMNET TOOL What does it do? Helps to make a decision whether the project is ok to launch How? TWO – part process Before a new or substantially changed purpose of data use Evaluate the benefits of your data use Understand and assess the likelihood of the risks Check for all possible harms Ensure that Risks and Harms are not Disproportionate to the Benefits Specifics? New Data Sources Addresses needs of humanitarian and development practitioners Aims to be practical and easy to implement on the ground Considers privacy & ethics Takes into account harms, including group harms Who? Project Managers and Non – Privacy Experts Encourages a multi- disciplinary team work Include a multi-disciplinary team

5 RISK MANAGEMENT: RISKS/HARMS AND BENEFITS ASSESSMENT

6 Risk assessment is an accountability and due diligence tool
RISK MANAGEMENT: RISKS/HARMS AND BENEFITS ASSESSMENT KEY POINTS TO REMEMBER: Risk assessment is an accountability and due diligence tool Should be based on honest and informed answers There is no “zero” risk, but we can minimize risks It’s not only about privacy and legal compliance Think of the likely harms to individual; groups organization or State Risks and harms must be less than benefits

7 PART 3.5: ASSESS RISKS AND HARMS
Identify risks Identify harms and influence factors

8 HARMS/NEGATIVE EFFECTS INFLUENCE FACTORS
Reputational Economic/financial Surveillance Discrimination Persecution Change of law, norms, ethics Human Rights violations Public Distrust Disadvantage in competition Instability Revelation of state information etc. . Geocultural Social, Economic, Political Instability Legal/Regulatory Use of sensitive data (even if anonymised) Who is conducting a project? What is the purpose? Who will have access to/utilize the results of the project? Who will benefit? etc.

9 PART: 3.5 ASSESS RISKS AND HARMS
Identify risks Identify harms and influence factors Consider likelihood of risks’ occurrence, magnitude and severity of harms Identify who can be affected by the risks and harms

10 PART 7: Decision: FINAL ASSESSMENT
Identify positive effects or benefit of data use; Identify a targeted beneficiary; Identify likely risks and most impactful harms; and who can be affected by those; Consider if there is an alternative to using proposed data; Identify harms linked to not using the data Assess the proportionality of risks and harms with positive impacts; 

11 PReSENT YOUR FINAL ASSESSMENT: KEY QUESTIONS TO HIGHLIGHT
IDENTIFY BENEFIT= IMPACT IDENTIFY DATA IDENTIFY LIKELY RISKS IDENTIFY MAGNITUDE OF HARMS ARE BENEFITS BIGGET THAN THE RISKS? HAVE YOU CHANGED YOUR PROJECT DESIGN/APPROACH BASED ON THE IDENTIFIED RISKS/HARMS? DO YOU THINK YOU WILL NEED TO PERFORM A MORE DETAILED ASSESSMENT IF THE RISKS AND HARMS ARE HIGH?

12 THANK YOU!

Download ppt "New Data Innovation Projects: Data Privacy and Data Protection"

Similar presentations

R.K. Baxi Professor Medical College, Baroda. Ensure Purpose of research is towards betterment of all Research is conducted with professional fair treatment.

R.K. Baxi Professor Medical College, Baroda. Ensure Purpose of research is towards betterment of all Research is conducted with professional fair treatment.
The Role of the IRB An Institutional Review Board (IRB) is a review committee established to help protect the rights and welfare of human research subjects.

The Role of the IRB An Institutional Review Board (IRB) is a review committee established to help protect the rights and welfare of human research subjects.
VOLUNTARY PRINCIPLES ON SECURITY & HUMAN RIGHTS. What are the Voluntary Principles? Tripartite, multi-stakeholder initiative Initiated in 2000 by UK Foreign.

VOLUNTARY PRINCIPLES ON SECURITY & HUMAN RIGHTS. What are the Voluntary Principles? Tripartite, multi-stakeholder initiative Initiated in 2000 by UK Foreign.
DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
University Research Ethics Committee Workshop on procedure and data protection issues 30th May 2008.

University Research Ethics Committee Workshop on procedure and data protection issues 30th May 2008.
BIOMETRICS, CCTV & DATA PROTECTION By Drudeisha Madhub Data Protection Commissioner Date: 09.07.14.

BIOMETRICS, CCTV & DATA PROTECTION By Drudeisha Madhub Data Protection Commissioner Date:
 There is no such thing as a child-neutral policy  Every policy positively or negatively affects the lives of children  To comply with the CRC, the.

 There is no such thing as a child-neutral policy  Every policy positively or negatively affects the lives of children  To comply with the CRC, the.
Getting data sharing right for every child

Getting data sharing right for every child
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.

ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
Use of Children as Research Subjects What information should be provided for an FP7 ethical review?

Use of Children as Research Subjects What information should be provided for an FP7 ethical review?
© CSR Asia 2010 ISO 26000 Richard Welford CSR Asia www.csr-asia.com.

© CSR Asia 2010 ISO Richard Welford CSR Asia
8 Criteria for IRB Approval of Research 45 CFR 46.111(a)

8 Criteria for IRB Approval of Research 45 CFR (a)
Property of Common Sense Privacy - all rights reserved 01875340890 THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Health & Social Care Apprenticeships & Diploma

Health & Social Care Apprenticeships & Diploma
Finance and Governance Workshop Data Protection and Information Management 10 June 2014.

Finance and Governance Workshop Data Protection and Information Management 10 June 2014.
Amicus Legal Consultants THE DEPLOYMENT OF SPECIAL INVESTIGATIVE MEANS IN PROACTIVE ANTI-CORRUPTION INVESTIGATIONS.

Amicus Legal Consultants THE DEPLOYMENT OF SPECIAL INVESTIGATIVE MEANS IN PROACTIVE ANTI-CORRUPTION INVESTIGATIONS.
The Data Protection Act 1998 The Eight Principles.

The Data Protection Act 1998 The Eight Principles.

Similar presentations

Ads by Google