Joined-up data for better decisions: Guiding Principles for Data Linkage

INTRODUCTION

The principles presented in this document are designed to assist data controllers and other decision makers (e.g. ethics committees, privacy committees, data access panels) to adopt a common framework for decision-making and to take a proportionate approach to managing the risks inherent in any data linkage.

The principles are not rules and are not prescriptive. They are principles that we recommend are considered ahead of any data linkage activity and where they can guide deliberations on a given data linkage practice.

The principles are not a statement of legal rules. They flow from, but do not comprehensively restate or summarise:

• Human Rights Legislation
• The Data Protection Act
• Guidance issued by the Information Commissioner:
  • Guide to Data Protection
  • The Data Sharing Code of Practice
  • The Anonymisation Code of Practice ( being published on 20 or 22(?) of November)
• The Scottish Government Identity Management and Privacy Principles.

The added value of the principles lies in their guiding effect for decision-makers who must decide whether to approve data sharing or linkage. They provide a common framework for thinking about the kinds of issues in play and for justifying decisions about linkage or sharing. They operate most effectively when judgment must be exercised about whether linkage or sharing should take place. For example, a linkage might be perfectly lawful but there might still be reasons to ask on what basis it should take place, if at all. The principles assist these deliberative processes.

The principles are intended to promote the public interest in scientifically sound, ethically robust research while appropriately protecting privacy. They do not imply any changes to the legal requirements of data controllers under the Data Protection Act (summarised in Annex A) or any sector-specific legislation, and they do not alter the accountability of data controllers to existing regulatory bodies.

The only way to completely avoid risks to privacy from data linkage activity is to avoid data linkage activity. This would result in valuable research not being conducted. All or nothing approaches to risk management can be unhelpful. Rather, the principles presented here are intended to encourage a proportionate approach, whereby actions taken to reduce the risks to privacy are in proportion to those risks, factoring in the potential benefits of the research.

There are three central considerations that the principles aim to assist:

• do the potential public benefits from the research justify the risks to privacy?
• what can be done to mitigate the risks to privacy?
• what can be done to increase the public benefits of data linkage and sharing?

Consideration and proportionate application of the principles presented should help balance these considerations, increase the public benefits from data usage and mitigate risks to privacy. A common framework of reference for decision-making should help to promote consistency of decision-making and also to foster a degree of trust in the high levels of protection and transparency that the system delivers.

It is the very nature of principles that they do not specify exactly how they can be met. If this were so, they would be rules. Rather, principles must be considered and applied in the context of a particular project, with its particular objectives and particular risks. Examples of good practice in specific instances and suggestions for implementation will be provided in coming months.