Getting the most out of data without compromising confidentiality and privacy is tricky. It presents some genuinely difficult judgments as organisations weigh the risks and benefits, and is an area where society needs to catch up with changing technology.
They documented their approach to these responsible data issues as part of their report on the project, published by Nesta:
“Throughout the project we were acutely aware of the sensitive and personal nature of the data we were working with. We were often dealing with data about vulnerable individuals – whether that was sick children in the Shooting Star Chase data or homeless people in St Mungo’s Broadway’s case – the work required both an awareness of data protection laws, as well as an emotional sensitivity to the stories in the data.
- “DataKind UK has established structures to support charities that take part in DataDives. During the DataDive weekends the charities worked with their Data Ambassadors to anonymise the datasets before opening them up to the room of data scientists.
- We asked the DataDive participants to sign non–disclosure protocols. We also asked that they not publish or share the data with anyone outside of the venue and to delete it once the event was over
- Citizens Advice was particularly worried about sharing the EBEF (online requests) data as it had small amounts of profile information, along with free text fields which are harder to clean and fully anonymise.
- However, Citizens Advice mitigated the risk by sharing that data in a strictly regulated environment (participants could only access the data using an SSH tunnel) and decided that the benefits – being able to learn what was in the free text fields – outweighed the potential risks.
“The St Mungo’s Broadway project presented a particularly challenging data management problem. Linking up St Mungo’s Broadway data with Citizens Advice data meant sharing their data in its raw form to match up individual records by name, data of birth and national insurance number.
- “In order to minimise the risk they established a protocol for how to share the data, and ultimately they decided that the results would be worth it.
- To begin with, St Mungo’s Broadway asked Citizens Advice to sign a data–sharing agreement.
- St Mungo’s Broadway then shared the relevant data on a secured pen drive with one Citizens Advice staff member who matched up the data, reanonymised it and deleted St Mungo’s Broadways original raw data.
“As organisations collect individual level data they ask people to complete a data consent form. The form outlines the specific uses to which personal information will be put, one of which is usually analysis
and service improvement. With St Mungo’s Broadway the implicit assumption is that the analysis they conduct using individual level data is done internally. This was the first time that they had interpreted
consent in a different way, and raises questions about the correct wording of consent for future projects.”
Read the full report: