Public Acceptability of Cross-Sectoral Data Linkage

EXECUTIVE SUMMARY

Introduction

The Scottish Government is working with a wide range of partners to establish a collaborative strategic framework that will facilitate cross-sectoral data linkages for research and statistical purposes. In March 2012, it published the consultation document, A Scotland-wide Data Linkage Framework for Statistics and Research (Scottish Government 2012), which sets out its proposed strategy and a set of 'Guiding Principles' for linkage.

In parallel with, and to supplement the findings of, the consultation, the Government had a number of meetings and discussions with stakeholders. It also commissioned Ipsos MORI Scotland, along with Professor Sarah Cunningham-Burley and Dr Claudia Pagliari from the Centre for Population Health Sciences at the University of Edinburgh, to undertake a series of public deliberative events. This report presents the findings of the events.

The overall aim of the events was to explore the views of the public on the acceptability of linking personal data for statistical and research purposes, thereby identifying particular sensitivities and potential barriers to public confidence and exploring mechanisms for overcoming concerns.

Research methodology

The study was conducted using deliberative methods in recognition of the complexity and potential unfamiliarity of the topic, and thus the need for participants to be appropriately informed in order to meaningfully consider the relevant issues.

Three half day workshops were held; in Stirling, Inverness and Glasgow, between 26 May and 9 June 2012, with participants recruited to be broadly representative of the Scottish population.

Thirty participants were recruited for each workshop with the aim of ensuring that around 25 attended on the day. In the event, twenty-four attended the Stirling workshop, 22 attended the Inverness workshop and 27 the Glasgow workshop. Attendees were representative of the wider pool of recruits.

Key findings

General attitudes to organisations holding and using data about individuals

When participants were asked how they felt about organisations holding information about them, they tended to begin by expressing concerns about an encroaching " big brother" or "surveillance society" and/or about the amount of data on individuals that is collected and used in the commercial sphere.

The term "big brother" society was used to refer generally to the large amount of data that is collected on individuals (across both the public and commercial spheres), and also to a proliferation of surveillance mechanisms such as CCTV, electronic tagging and mobile phone tracking. The overall feeling was that the monitoring and recording of different aspects of people's lives has gone "a bit far", compromising privacy.

Most participants were acutely aware and strongly critical of the tendency for commercial actors to sell individuals' details to each other for use in targeted marketing campaigns. Several also expressed concern about the growing ease with which such actors can "profile" individuals by drawing on data from multiple and diverse sources, including social networking sites like Facebook. There was a perception that this provides fertile ground for scams, fraud and identity theft.

Spontaneous detailed comments about the holding of personal information by public bodies were sometimes slower to emerge - or at least less well formed - than those relating to commercial actors. Nevertheless, when prompted for their views, virtually all participants engaged keenly with the subject.

Many said that they generally trusted public bodies more than commercial organisations with their personal data. The NHS tended to be seen as particularly trustworthy due to the fact that health professionals are expected to abide by a moral code of conduct as part of their job and, more generally, to serve or help the public.

Still, among a significant minority of participants, there was scepticism around the extent to which public bodies could be trusted to look after data and use it appropriately. This was in part fuelled by high profile cases of data losses and data breaches, and a perception that some public bodies are active in selling data to commercial organisations.

Many participants were also conscious of the fallibility of information technology and the difficulty of creating entirely "fool proof" security systems and procedures. There was particular concern about the potential for hacking, which tended to reflect personal experiences of fraud and other scams in the commercial domain, as well as media stories of security breaches in large organisations, such as LinkedIn¹. Other participants spoke less about the fallibility of systems and more about security risks arising from the "human factor" in public bodies; specifically, the potential for "human error" in data handling and for officials to behave indiscreetly, unscrupulously or corruptly.

While most participants acknowledged that public bodies need to hold data on individuals, some contended that they do not always seem to make effective use of the information they have, in contrast, others felt that decision makers can place too great an emphasis on numerical data and 'statistics', which can lead to the crude categorisation of individuals or groups and result in labelling, stigmatisation and discriminatory treatment. It was also felt that reliance on descriptive statistics could lead to policies and spending plans that fail to reflect the myriad of ways in with social and other problems are experienced across the population.

Unprompted views around cross-sectoral data linkage

Unprompted views around cross-sectoral data linkage were sought prior to an informational presentation about the proposed Data Linkage Framework.

While virtually all participants recognised potential benefits of data linkage, most also had questions and concerns about it. It was commonly felt that linkage could lead to increased negative "labelling" of people. More specifically, there was concern about the potential for labels to carry across sectoral boundaries and result in individuals or groups experiencing discriminatory treatment or stigma in multiple spheres.

Concern was similarly expressed over the possibility of linked data being used for commercial or political purposes. There was a strong consensus that such uses would not be acceptable.

A number of participants contended that linkage would increase the likelihood of data security breaches, both because more people would have access to more data, and hackers would be able to obtain a significant amount of information about individuals "in one hit". Often these concerns were based on a mistaken assumption that linkage would result in the creation of one super-database of information that would be 'warehoused' for use by multiple organisations.

Such concerns were also often premised on an assumption that the data would include individuals' names and other personal information. When participants were reminded that this would generally not be the case, many immediately became more comfortable with, or indeed positively disposed towards, the idea of linkage.

However, a small number of participants were keen to emphasise that, even with anonymisation, there would be the potential for groups to be negatively profiled and labelled. Other, particularly IT literate, participants contended that anonymised data could always be linked back to personal identifiers, by anyone with the necessary knowhow.

The Data Linkage Framework

Participants broadly supported the overarching objectives of the Data Linkage Framework. However, they had specific concerns on which they sought reassurance, which tended to centre around the questions of:

• who would oversee the operation of the Framework
• who would have access to linked data, and specifically whether this would include commercial companies
• how individuals' privacy would be protected
• how the data would be kept secure
• where overall accountability would lie if linked data was lost or stolen

These concerns were discussed in relation to data linkage generally and there was little explicit differentiation between particular sector-to-sector linkages, despite prompting by the group facilitators.

Perceptions of the draft Guiding Principles were somewhat mixed. On one hand, there was a view that the Principles go some way to addressing the main areas of concern and provide reassurance that data linkage will be carried out appropriately and securely. On the other hand, the Principles were commonly considered to be too "vague" and therefore open to interpretation and manipulation by vested interests.

Participants identified a number of safeguards that could be implemented to maximise public confidence in the Framework. These included:

• a requirement that anyone applying to use linked data must provide a strong justification to a commission or panel as to why their research is in the public interest
• publishing all processes and procedures surrounding data linkage, as well as details of who is undertaking research using linked data
• establishing an oversight body, comprising highly qualified professionals and, potentially, lay members, with responsibility for granting or refusing data linkage requests, ensuring that the Principles are upheld, and administering sanctions
• establishing accountability by placing data linkage under ministerial remit or the auspices of an independent professional or senior civil servant
• ensuring that explicit consent is obtained for uses of data containing names or other direct identifiers and that, in the process, clear parameters are set around what is being consented to (i.e. the type of research)
• requiring that consent for the uses of data containing names or other identifiers be obtained from data subjects themselves or from their next of kin, and preventing any oversight body from granting proxy consent
• ensuring all electronic systems used by individuals and organisations with access to linked data meet a minimum security requirement that is reviewed and updated frequently
• ensuring all researchers and officials with access to linked data are appropriately vetted through mechanisms such as: a certified training course; an accreditation scheme; or an assessment scheme similar to Disclosure Scotland.
• imposing strict sanctions on individuals and/or organisations responsible for any breaches of the Principles and specifying the range of possible sanctions within the Principles

There was broad support for the objectives of Beyond 2011², which did not raise any new privacy issues. Generally 10 years was considered too long a gap between censuses and several participants questioned whether the census represents value for money given that the data soon becomes obsolete.

There was a strong appetite for ongoing public engagement in the development of the Framework and in particular for media advertising campaigns; the distribution of informational leaflets; and the establishment of a dedicated website that could serve as a 'one stop shop' for everything members of the public might want to know about data linkage.