Following extensive public consultation, the Guiding Principles for Data Linkage were published in 2012, demonstrating the Scottish Government’s commitment to improving the decision making process for data users and data controllers in-line with increasing technical capacity. The Guiding Principles were developed to ensure that statistical and administrative data can be securely and efficiently linked for research and statistical purposes in the public interest. They support the legal, ethical and efficient use of data for linkage purposes within a controlled and secure environment.
Before undertaking data linkage using publicly-held data, researchers must consider and address the Guiding Principles:
1. Public Interest
Ultimately, any data linkage work must be in the public interest. That is to say, society may benefit from the findings of the work. Protection of privacy, efficient use of data and scientifically sound and ethically robust research and statistics are all in the public interest.
2. Governance and Public Transparency
Having accountable governance structures which are transparent to the public is essential to ensure that data is being accessed and linked in an appropriate and responsible manner. Clear decision making processes that are open will help to ensure the appropriate balance of privacy protection, efficient use of data and scientifically sound and ethically robust research and statistics.
The law does not give absolute value to privacy and therefore a balance is needed between respect for privacy, through the proportionate mitigation of risk, and the potential benefits to all through the use of data for statistical and research purposes. Methods for mitigating risks to privacy include anonymisation and security. Where data subjects consent to their personal data being shared or linked, privacy risk must still be considered. Particular attention should be given to:
Consent of data subjects is an important consideration, although it is not a necessary requirement for data linkage under the Data Protection Act. The consent principles should be departed from only where there is a strong justification and approval has been granted by an appropriate oversight body.
There are degrees of data anonymisation and it may not be possible to completely remove the risk of re-identification. Nevertheless, data can be anonymised sufficiently (often referred to as 'pseudonymisation') for data controllers to make a reasonable risk-based judgement that data can be shared. The anonymisation principles may have less importance if consent for linkage of non-anonymised data has been given or if linkage has been approved by an appropriate oversight body.
Security of data transfer, storage and use is vital for the protection of privacy, especially where there is any risk of re-identification.
4. Access and Personnel
Anyone who applies to access or link data via one of Scotland's national safe havens (secure data access points) must have undergone appropriate training which is necessary to gain ‘approved researcher’ status. Further security measures can be taken to prevent any single person or organisation having unrestricted access to data, for example the establishment of an Access Control Policy or Data Access Agreement.
5. Clinical Trials
Data linkage as a method to support or enhance clinical trials presents specific requirements which must be considered if appropriate to the project.
Where organisations or individuals break the law, legal sanctions will apply. Additional sanctions should be considered where the Guiding Principles for Data Linkage are breached.