Privacy Implications of Research Data: A NISO Symposium

Working Group Connections LIVE!

About This Symposium

Even as the opportunities presented by offering access to and re-use of scientific data sets become more apparent, sharing human subject data in particular is hampered by lack of a framework to address privacy and security concerns. The Research Data Alliance (RDA) and the National Information Standards Organization (NISO) are working to address that challenge through a joint interest group building a global consensus framework that will support both privacy and scientific data sharing.

The generous support of the Sloan Foundation is enabling the RDA/NISO interest group to host a free public symposium in Denver on privacy implications of research data, gathering, sharing and reuse, as a stepping stone towards that goal.

Attendees will hear from experts on the following:

  • The feasibility of balancing research requirements with the need for privacy protections
  • The limits of anonymization in the context of personally identifiable information
  • The demands of security, privacy, and trust
  • Privacy, policy, and data governance in university research practice
  • Privacy and legal frameworks in the European Union

Output Paper

A narrative paper of the Symposuim is available!

A paper describing the symposium has been published. A copy of that paper is available here.

Event Sessions

8:30am - 9:00am Continental Breakfast

9:00am – 9:30am Welcome and Introduction to the Topic


9:30am – 10:30am Keynote: Can We Simultaneously Support Both Privacy and Research? Informed Consent and Data Sharing In a Mobile World


Mobile technologies have the potential to revolutionize both the way in which individuals monitor their health as well as the way researchers are able to collect frequent, yet sparse data on participants in clinical studies. In order for data from these devices to have maximal impact in a research setting however, the development of systems to collect, manage, and broadly share these data is essential. Possibly more important are the social constructs on which these systems need to be built to allow maximal utility to come from these data while minimizing adverse impact on individual participants. More specifically, the union of these systems and constructs must be an ecosystem build upon trust. We will present one such ecosystem focused on putting the participant at the center of the data collection: specifically by acknowledging possible risks to both individual participants as well as sub-populations of participants, providing opt-in settings for broad data sharing, and the development of an open research ecosystem built upon a social contract between researchers and research participants. A case study of one such mHealth study, leveraging Apple’s ResearchKit framework, will be presented and discussed.

10:30am-10:45am Group discussion of balancing privacy and research possibilities and identifying potential work topics for the RDA/NISO WG

10:45am – 11:15am Break

11:15am – 11:45am Expert Voice: Perfectly Anonymous Data is Perfectly Useless Data


Micah Altman

Director of Research and Head/Scientist, Program on Information Science for the MIT Libraries
Massachusetts Institute of Technology (MIT)

This 30-minute program segment is intended to present the needs of the research community for data that must include some degree of personally identifiable information. The talk is expected to touch on some of the following:
• Who Is Being Protected and from what risks?
• Observable behavior prevents complete protection; 
• Necessity of some identifiable elements in utilization of data (participant ids, demographic variables, dates, geographic location
• Potential Problems for Science Resulting from Shielded or Missing Data

11:45am – 12:00noon Group discussion of challenges related to anonymization of data to support privacy. Group consideration of the boundaries of anonymization guidance

12:00noon – 12:30pm Expert Voice: Security, Privacy and Trust


This segment of the program addresses three related issues arising in the context of housing and potential re-use of data across a range of information systems. Given these requirements, how can information systems and services adequately offer protection? The talk is expected to touch on some of the following points:
• Controlling Access to Data (Security)
• Place of Encryption in Open Science
• Trust Management / Information Assurance Policies
• Protections/Parameters for mining of personal data

12:30pm – 12:45pm Group discussion of security issues related to research data. Group discussion of overlap between purely security versus privacy issues, potential partnership with Data Security IG

12:45pm – 1:45pm Lunch (Provided)

1:45pm – 2:15pm Expert Voice: Privacy, Policy, and Data Governance in the University


Data about individuals are valuable institutional assets. Their value increases, both to the University and to external third parties, as they accumulate and can be reused and remixed in new ways. “Big data” and predictive analytics define a new generation of opportunities and risks across the institution, whether in student success, research, precision medicine, or administrative effectiveness. Risks of breach, misuse, or misinterpretation of information about our community also increase. Data that may not appear to be sensitive at the time of collection, such as student traffic to a course website, may become extremely rich when combined with other data such as a student’s grades, medical records, library usage, food purchases, and social media habits. Similarly, information that is nominally public, such as a faculty member’s bibliography of publications, can become extremely sensitive when combined with proprietary analytics used to rank individuals, departments, universities, and countries. As data, metadata, algorithms, and analytics are shared within and between universities, and with third parties, the complexity of data governance increases. UCLA, a long-time leader in privacy policy and in joint faculty-administrative governance of information technology services, will release the findings of the Data Governance Task Force in June, 2016. This talk will frame the implications of those findings for universities and higher education.

2:15 – 2:30pm Group discussion of privacy policy issues specific to research data and the relationship with the administrative governance of the academy

2:30 – 3:00pm Expert Voice: Security, Solidarity, Science and the rule of law: Open Science and privacy protection in transnational cooperation


Christoph Bruch

Senior Advisor for Strategy
Helmholtz Association of German Research Centres

Worldwide, research organizations and governments support the idea of open science. Data driven science and as part of that the making available of research data for reuse is one of the hallmarks of open science. There is also general agreement that privacy protection laws are a major limitation for sharing data. In an international context complexity is added by differences in the applicable law.

The long term study German National Cohort - supported by Helmholtz Association - has provoked discussions concerning the relation of public interest in research and privacy protection. The recent Court of Justice of the European Union ruling declaring invalid the EU Commission’s US Safe Harbour Decision is seen as a game changer by many in the international transfer of personal data stemming from persons in the EU.

The presentation will illustrate key principles of privacy protection in Europe which set the scope for transferring personal data internationally thereby focussing on the new EU data protection Directive and Regulation and the above mentioned ruling

3:00pm – 3:15pm Group discussion of the worldwide privacy framework issues. How should the IG deal with international nature of our work

3:15pm -- 3:45pm Afternoon Break

3:45pm – 4:30pm Roundtable Discussion (Moderated by Bonnie Tijerina, Data & Society Research Fellow, Data & Society Research Institute)


Additional Information


  • Registrants will receive detailed instructions about accessing the virtual conference via e-mail the Friday prior to the event. (Anyone registering between Monday and the close of registration will receive the message shortly after the registration is received, within normal business hours.) Due to the widespread use of spam blockers, filters, out of office messages, etc., it is your responsibility to contact the NISO office if you do not receive login instructions before the start of the webinar.

  • If you have not received your Login Instruction e-mail by 10 a.m. (ET) on the day before the virtual conference, please contact the NISO office at for immediate assistance.

  • Registration is per site (access for one computer) and includes access to the online recorded archive of the conference. You may have as many people as you like from the registrant's organization view the conference from that one connection. If you need additional connections, you will need to enter a separate registration for each connection needed.

  • If you are registering someone else from your organization, either use that person's e-mail address when registering or contact to provide alternate contact information.

  • Conference presentation slides and Q&A will be posted to this event webpage following the live conference.

  • Registrants will receive an e-mail message containing access information to the archived conference recording within 48 hours after the event. This recording access is only to be used by the registrant's organization.

For Online Events

  • NISO has developed a quick tutorial, How to Participate in a NISO Web Event. Please view the recording, which is an overview of the web conferencing system and will help to answer the most commonly asked questions regarding participating in an online Webex event.
  • You will need a computer for the presentation and Q&A.

  • Audio is available through the computer (broadcast) and by telephone. We recommend you have a set-up for telephone audio as back-up even if you plan to use the broadcast audio as the voice over Internet isn't always 100% reliable.

Please check your system in advance to make sure it meets the Cisco WebEx requirements. It is your responsibility to ensure that your system is properly set up before each webinar begins.