Towards Privacy by Design. Key issues to unlock science

Towards Privacy By Design Key issues to unlock science.

Symposium: Designing and Shaping Open ScienceAmsterdam, April 5 2016Marlon Domingus

1. Attitude and Trust2. The Researcher3. Maturity Models as Time Machines4. New Roles and Collaborations5. Context and Framing

Key issues

Attitude

Source: https://cybersponse.com/data-breaches-by-the-numbers

Trust

Academia

Industry

Society

Responsible Research and Innovation

Good Citizenship

Corporate Social Responsibility

Soft Law:Code of

Conduct,Guidelines,

...

Hard Law:Privacy Law, Patent Law,

…

Hard Law:Contracts,Agreements,

...

The researcher in context

European Code of ConductNational Code of Conduct

University Policy- Research Integrity- Open Access, RDM

Discipline Specific Code of Conduct

The researcher in context: soft law

European Funding RequirementsNational Funding Requirements

Discipline Specific

Requirements

University Requirements

Publisher’s

Requirements

The researcher in context: requirements

University A, Country A

T1: researcher works at University A, co-operates with University B and C

University B, Country A

collaboration University C, Country B

collaboration

The researcher (& infrastructure) in context

University A, Country A

University B, Country A

University C, Country Bcollaboration

collaboration

T2: researcher works at University B, co-operates with University C, D and ET3: …

collaboration

The researcher (& infrastructure) in context

Researcher Mobility

Academia

Industry

Society

Responsible Research and Innovation

Good Citizenship

Corporate Social Responsibility

Legal and Moral Requirements

Research Cycle

Transparency, Guidelines, Services, Infra, …

The researcher in context

11

Source: https://www.monash.edu/__data/assets/pdf_file/0010/385309/sensitive-decision-tree.pdf

Example

12

It took some time and effort, but now we have Open Access and Open Science.

How did we get here?

2020 Hindsight

14

Legal Research Support Maturity Model

Level 1 Level 2 Level 3 Level 4 Level 5

Initial Development Defined Managed Optimised

Process is disorganised & ad hoc

Process is under development Process is standardised, communicated

Process is managed, measured Focus is on continuous improvement

Institutional policies & procedures

Policies & procedures may be undeveloped, not up to date, and/or inconsistent.

Policies & procedures are developed & harmonised. Basic understanding of the gaps in the policies & guidelines.

Policies & procedures are promulgated & absorbed into behaviours.

Policies & procedures accepted as part of the culture & subject to audit.

Policies & procedures are subject to review & improvement.

Legal Research Support

Legal support services are disorganised, research contracts and agreements are legally ad hoc supported, inconsistent and poorly publicised.

Investment in legal expertise. Legal services identified & staffed. Responsibilities are defined. Documentation & awareness programs developed.

Co-operation between legal experts & widespread availability of well documented services. Common knowledge available of all relevant legal research support topics.

Widespread take up of legal services at an early stage in the research project. IPR and Privacy are acknowledged as critical to the institutional mission.

Researcher’s feedback, research project’s lessons learned as well as analysis of awarded grant are used to update & improve legal research support services.

IT infrastructure IT infrastructure provision is patchy, disorganised & poorly publicised & not supporting the whole research cycle.

Funds are invested in technology & skills. Responsibilities are defined. Processes are established, defined & documented. Awareness of the different IT infra needs during the research cycle.

Management shows active support. Facilities are well defined & communicated, standardised & integrated. The main aspects of the research cycle are supported in the IT infra. Key privacy aspects are secured in the IT infra.

Infrastructure facilitates whole research cycle as well as special requests for Research IT infra. Management actively engaged. Documentation kept up to date. Privacy By Design implemented.

Concerted efforts to maintain, update & publicise infrastructure. Metrics & feedback used to optimise services. Research IT staff hired for tailored research support.

Based on the ANDS RDM Framework: http://ands.org.au/guides/capability-maturity

15

example

Source: https://www.aicpa.org/InterestAreas/InformationTechnology/Resources/Privacy/GenerallyAcceptedPrivacyPrinciples/DownloadableDocuments/AICPA-CICA-Privacy-Maturity-Model-ebook.pdf

Chief Information Security OfficerData Protection OfficerIntegrity OfficerEthical Committee…

New roles and collaborations

Context and Framing

Further Information

drs. Marlon Domingusproject manager Research Data ManagementErasmus University Rotterdam

  +31 10 4088006domingus@ubib.eur.nl