Privacy Implications of Research Data: A NISO Symposium Sponsored by the NISO-RDA Joint Interest Group

NISO on the Road

Event Sessions

Recording of Morning Session #1 (Content starts at 12:42)


Recording of Morning Session #2


Recording of Afternoon Session #3


Recording of Afternoon Session #4


Welcome and Introduction to the Topic


Keynote: Can We Simultaneously Support Both Privacy and Research? Informed Consent and Data Sharing In a Mobile World


Mobile technologies have the potential to revolutionize both the way in which individuals monitor their health as well as the way researchers are able to collect frequent, yet sparse data on participants in clinical studies. In order for data from these devices to have maximal impact in a research setting however, the development of systems to collect, manage, and broadly share these data is essential. Possibly more important are the social constructs on which these systems need to be built to allow maximal utility to come from these data while minimizing adverse impact on individual participants. More specifically, the union of these systems and constructs must be an ecosystem build upon trust. We will present one such ecosystem focused on putting the participant at the center of the data collection: specifically by acknowledging possible risks to both individual participants as well as sub-populations of participants, providing opt-in settings for broad data sharing, and the development of an open research ecosystem built upon a social contract between researchers and research participants. A case study of one such mHealth study, leveraging Apple’s ResearchKit framework, will be presented and discussed.

Followed by a group discussion of balancing privacy and research possibilities and identifying potential work topics for the RDA/NISO WG

Expert Voice: Perfectly Anonymous Data is Perfectly Useless Data


Micah Altman

Director of Research and Head/Scientist, Program on Information Science for the MIT Libraries
Massachusetts Institute of Technology (MIT)

This 30-minute program segment is intended to present the needs of the research community for data that must include some degree of personally identifiable information. The talk is expected to touch on some of the following:
• Who Is Being Protected and from what risks?
• Observable behavior prevents complete protection; 
• Necessity of some identifiable elements in utilization of data (participant ids, demographic variables, dates, geographic location
• Potential Problems for Science Resulting from Shielded or Missing Data

Followed by a group discussion of challenges related to anonymization of data to support privacy. Group consideration of the boundaries of anonymization guidance

Expert Voice: Security, Privacy and Trust


This segment of the program addresses three related issues arising in the context of housing and potential re-use of data across a range of information systems. Given these requirements, how can information systems and services adequately offer protection? The talk is expected to touch on some of the following points:
• Controlling Access to Data (Security)
• Place of Encryption in Open Science
• Trust Management / Information Assurance Policies
• Protections/Parameters for mining of personal data

Followed by a group discussion of security issues related to research data. Group discussion of overlap between purely security versus privacy issues, potential partnership with Data Security IG

Expert Voice: Privacy, Policy, and Data Governance in the University


Data about individuals are valuable institutional assets. Their value increases, both to the University and to external third parties, as they accumulate and can be reused and remixed in new ways. “Big data” and predictive analytics define a new generation of opportunities and risks across the institution, whether in student success, research, precision medicine, or administrative effectiveness. Risks of breach, misuse, or misinterpretation of information about our community also increase. Data that may not appear to be sensitive at the time of collection, such as student traffic to a course website, may become extremely rich when combined with other data such as a student’s grades, medical records, library usage, food purchases, and social media habits. Similarly, information that is nominally public, such as a faculty member’s bibliography of publications, can become extremely sensitive when combined with proprietary analytics used to rank individuals, departments, universities, and countries. As data, metadata, algorithms, and analytics are shared within and between universities, and with third parties, the complexity of data governance increases. UCLA, a long-time leader in privacy policy and in joint faculty-administrative governance of information technology services, will release the findings of the Data Governance Task Force in June, 2016. This talk will frame the implications of those findings for universities and higher education.

Followed by a group discussion of privacy policy issues specific to research data and the relationship with the administrative governance of the academy

Expert Voice: Security, Solidarity, Science and the rule of law: Open Science and privacy protection in transnational cooperation


Christopher Bruch

Senior Advisor for Strategy
Helmholtz Association of German Research Centres

Worldwide, research organizations and governments support the idea of open science. Data driven science and as part of that the making available of research data for reuse is one of the hallmarks of open science. There is also general agreement that privacy protection laws are a major limitation for sharing data. In an international context complexity is added by differences in the applicable law.

The long term study German National Cohort - supported by Helmholtz Association - has provoked discussions concerning the relation of public interest in research and privacy protection. The recent Court of Justice of the European Union ruling declaring invalid the EU Commission’s US Safe Harbour Decision is seen as a game changer by many in the international transfer of personal data stemming from persons in the EU.

The presentation will illustrate key principles of privacy protection in Europe which set the scope for transferring personal data internationally thereby focussing on the new EU data protection Directive and Regulation and the above mentioned ruling

Followed by a group discussion of the worldwide privacy framework issues. How should the IG deal with international nature of our work

Roundtable Discussion (Moderated by Bonnie Tijerina, Data & Society Research Fellow, Data & Society Research Institute)