- 21 Dec 2021
Attendees and apologies
- Lorna McCall
- Robin Fallas
- Nora Kellock
- Alessia Morris
- Neil Rawlins
- Nicola Rinaldi
- David Faith
- David Gourlay
- Nicola Kerr
- John Thomson
- Craig McKendrick
- Christopher Murphy
- Alastair Rennie
- Carole Morris
Items and actions
Summary of actions arising
Action One (AR)
A paper to be presented at the next meeting regarding a RDS panel, ethics and independence
Welcomes and introductions
Minutes and actions from the last meeting
No Comments were received and all actions have been completed.
Roadmap: progress update (MacRoberts)
An update was received from MacRoberts. Three additional proposed trustees have been identified:
- Andrew Morris, Head of HDR-UK
- Professor Shannon Vallor, University of Edinburgh
- Giselle Cory, Datalink CEO
Future role of the group
It was agreed to maintain the monthly the current series of meetings (second Thursday of the month) throughout 2022 with the caveat that if there are no substantive items to be discussed or cannot be resolved by correspondence then the meeting be cancelled at short notice.
Support from MacRoberts: next steps
MacRoberts to produce a paper for the Trustees/Directors of RDS to consider whether MacRoberts should continue to be an external legal advisor to RDS. They could be instructed on ad hoc basis on more specialised and technical issues by RDS in-house solicitor. It was recognised that MacRoberts have been invaluable in the setup of RDS and a deep knowledge of the organisation and that further legal expertise would be required with regard to IG.
Information Governance Pathway Two: progress update - presentation from Alastair Rennie, RDS Chief Information Officer
A presentation update on IG Pathway Two was provided followed by a number of questions.
- RDS will make decisions, either as solo or joint data controller, which needs to be agreed. A paper is being drawn up and taken to data controllers
- it was noted that a lot of agreements and paperwork would be required for this
- it was noted there was a gap in the ‘five safes’ model shown as other, differing, legislation would place restrictions on data controllers
- it was stated that an assessment would be made with each data controller over which datasets can and cannot be used. Any constraints would be shown in the data catalogue
- a question was raised as to the approval process to access de-identified data
- it was noted that there was an element of streamlining at the front end and discussions with data processors to try and align this, but an acceptance that there was a lot of engagement to be done
- a question was raised regarding assessing data for metrics / disclosure of risk
- it was noted that the ultimate decision would be made by the data controller to evaluate the risk, although at a simpler level than that at PBPP
- it was asked whether a DSA would still be needed between RDS and researchers
- a user agreement would be the equivalent of or including a DSA, but this point needs further development. The idea is that this would be a standard agreement anyway
It was agreed the Legal Working Group would like to see more detail about this.
- it was asked how RDS would undertake the role of assessment as in taking the role of PBPP – how would this work, who would do this and would it be undertaken by internal or external staff
- RDS staff would be trained and do as a full time role from the risk level perspective. It would be a gatekeeping exercise similar to DataLoch
It was noted that pseudoanonymised data would be the same as using the NRS Master Index.
- a number of questions were raised regarding a RDS panel, including ethics, as PBPP sits independently, and also with RDS assessing applications going through its own business, where would the independence be. It was noted that the relationship was unclear and that further work on this was required
Action One: A paper to be presented at the next meeting regarding a RDS panel, ethics and independence
- MacRoberts noted that in the new phase of RDS IG would be a huge piece of work. The role of RDS as a controller / joint controller sounds possible, however the point of sole controllership would need to be teased out
Thanks were expressed on behalf of the University of Edinburgh to AM for getting RDS to the point it is currently at.
MacRoberts noted that whilst policies had been tailored to RDS, some further trustee input would be required in the new year.
Close and date of the next meeting confirmed as 13 January 2022 at 10:30am.