Data Awareness and Legal Considerations

This module delves into various types of data, the sensitivity of different data types, data access, legal aspects, and data classification. Explore aggregate data, microdata, methods of data collection, identifiable, pseudonymised, and anonymised data. Learn to differentiate between individual health records, tax records, survey data, and administrative data. Enhance your understanding of data privacy and protection through examples and key concepts.

• Data awareness
• Legal considerations
• Data types
• Data collection methods
• Data privacy

brockway_m Follow

Uploaded on Oct 04, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

Presentation Transcript

1. Data Awareness and Legal Introduction

2. Introduction In this module, we will talk about: Different types of data Why some data types are more sensitive than others How access to data types varies The law and data access How we classify data

3. Types of Data: Aggregate and Microdata MICRODATA or individual level data is information at the level of individual respondents. Survey Data Census Data Information about age, home address, educational level, employment status, and many other items. Microdata Aggregate Data AGGREGATE DATA Aggregate data are data that have been combined together. When data are aggregated, groups of observations are replaced with summary statistics based on those observations.

4. Types of Data: Methods of Data Collection Observations Traditional Method Online Face to Face Surveys Interviews Case Studies Data Collected about people when they interact with Public Services Health Records Tax Records Registries Energy Data Administrative Focus Groups

5. Types of Data: Identifiable, Pseudonymised and Anonymised IDENTIFIABLE DATA Include all the data; can be used to directly identify an individual. PSEUDONYMISED DATA Includes most of the data; techniques have been applied to protect confidentiality to some extent; can potentially be used to indirectly identify an individual ANONYMOUS Techniques have been applied to the data to protect confidentiality to a greater extent

6. Name That Source Match the examples to the data key words on the right. There will be more than one key word associated with each example below. A B Aggregate Aggregate Aggregate An individual health record with NHS ID and full date of birth C An individual tax record, with generated IDs, banded age, rounded income and rounded tax amounts D Microdata Microdata Microdata Survey Survey Administrative Administrative Administrative Administrative Pseudonymised Pseudonymised Number of students gaining A*- C grades, at GCSE, 2010-2017 10% of respondents admitted to trying cannabis as a teenager Anonymous Anonymous Anonymous Identifiable Identifiable

7. The Data Access Spectrum more control, more security, more detail Source Restricted Access File Web Scientific Use File Public Use File Pseudonymised / de-personalised Most data Some rounding etc. Some limitations Personally identifiable All data Direct IDs included Anonymous Anonymous Often aggregated (grouped) Major treatment De-identified Fewer variables Extensive rounding etc. Major limitations All data No perturbation No direct IDs Accessed via a Safe Setting fewer restrictions, easier access, less detail From Ritchie, 2006, Understanding Patient Data

8. The Data Access Spectrum more control, more security, more detail Source Restricted Access File Web Scientific Use File Public Use File Residual Risk fewer restrictions, easier access, less detail From Ritchie, 2006, Understanding Patient Data

9. The Data Access Spectrum Legal Considerations Safe Project? Source Restricted Access File Web Scientific Use File Public Use File Not personal data under GDPR: No legal basis required No safeguards required May be personal data under GDPR: Requires a legal basis Article 6 Health data is a Special Category Article 9 Processing must comply with Article 5 May require safeguards Consider the common law duty of confidentiality Generally not used for research or analysis

10. Assign the Classification Use the examples provided in the Assign the Classification Task document. Where would you place these datasets on the Data Access Spectrum?

11. Legal Bases Processing of personal data under the GDPR is allowed if there is a legal basis to do so under Article 6. There are six legal bases outlined in Article 6, three of which are often used for research: 6.1(a) Consent the Data Subject has consented for their data to be used; 6.1(e) Public Task the processing is in order to perform a task in the public interest, or the controller has official authority to do so; 6.1(f) Legitimate Interest the controller has a legitimate reason to process the data, and that reason is not overwritten by the interests of the Data Subject. When processing Special Category data, a legal basis is also needed under GDPR Article 9. There are ten legal bases outlined in Article 9, two of which are often used for research: 9.2(a) Consent the Data Subject has consented for their data to be used; 9.2(j) Statistical or Archival Purposes processing is necessary in the public interest or for scientific/historical research purposes.

12. Appendix: Legal Gateways, Useful Definitions Common Law: The law derived from decisions of courts and case law, rather than Acts of Parliament or other legislation. Confidentiality: Ensuring that information is not made available or disclosed to unauthorised individuals, or organisations. Implied consent: An unwritten agreement between the patient and health and social care professionals that provide their care that allows their data to be shared as long as it is relevant for their care. Data Protection Act (2018): The main UK legislation which governs the handling and protection of personally identifiable data relating to living people only. This Act incorporates the GDPR. Duty of Confidentiality: A duty of confidentiality arises when one person discloses information to another in circumstances where it is reasonable to expect that the information will be held in confidence. Explicit consent: A freely given, specific, informed and unambiguous indication of the individual s wishes e.g. regarding data use.

13. Assessments for this module SDAP: Safe Analyst Training - Data Awareness and Legal Introduction