Public dialogue on data sharing outside of the public sector in Scotland

Appendix A: Original ethical guidelines produced by the panel

When using citizen's data, the public sector should manage the PURPOSE by:

• Ensuring the purpose for using the data is clearly defined and used only for that purpose. Timescales for use should be clearly defined.
• Having a clearly agreed justification for using citizens' data (i.e. if there is a clear public benefit) and ensuring that only data that is necessary for the project is used.
• Ensuring that data are not used solely^[3] (directly or indirectly) for profit by private sector organisations. The public sector should ensure that it and private sector partners only use data proportionate to the specific purpose it was collected for.
• Not using data outside the scope of any consent that applies to the data.
• Not sharing data beyond the agreed organisations. If more organisations are included later in a project, they should go through an ethical assessment.

When using citizen's data, the public sector should ensure TRANSPARENCY by:

• Making clear what data are being used and for what purpose.
• Making clear which organisations can access the data, and why.
• Specifying how long data will be stored for before deletion.
• Ensuring the public can easily access information about the project, including: what data are being used and for what purpose, how long data are stored before they are deleted, and a summary of findings or impact of project (where it is legally possible to do so and where individuals are not identified).

The public sector should ensure the use of citizen's data is in the PUBLIC BENEFIT by:

• Clearly defining and explaining what the public benefit is.
• Considering whether the public benefits of using the data clearly outweigh the risks. Any potential harms from use of the data need to be analysed and weighed against the benefits.
• Considering negative impacts to the public and/or the environment or economy, with possible longer term impacts also considered. Projects that benefit or make a positive impact on a small number of people can be in the public benefit, provided they do not negatively impact others, the environmental or the economy.
• Ensuring that identifiable data are only used if it meets the standard of achieving public benefit.

When using citizen's data, the public sector should ensure there is ACCOUNTABILITY by:

• Clearly documenting the process used to decide whether the project should go ahead (to an agreed formal structure
• Ensuring there is a hierarchical organisation chart to show who is responsible/accountable for each aspect/stage of the project.
• Seeking approval and oversight from an independent panel on whether a data project should go ahead or not, including whether public benefits outweigh risks. The panel should make decisions based on what is in the best interests of the public and there should be no declared conflicts of interest on the panel.
• Consulting members of the public on the acceptability of the use of the data (for determining principles but not to decide if a project should go ahead or not – this is the role of the independent panel).
• Ensuring an ethical assessment is carried out once the scope of the project is known.
• Taking responsibility when something goes wrong and stopping the project if necessary.
• Ensuring there is independent oversight from a third party (e.g. Information Commissioners Office and DIN) for projects involving the private sector, with clear sanctions for misuse (criminal and civil).

When using citizen's data, the public sector should ensure DATA QUALITY by:

• Establishing and publishing a minimum quality standard for data projects (that includes consideration of how much data is needed). The extent to which data projects meet the threshold for data quality must be checked and continually assessed by the team delivering the project. If there is involvement from the private sector, these checks should be made by someone from government/public sector.
• Using up to date data that matches the agreed purpose and specific scope.
• Ensuring data are held securely for an agreed period after a project to allow for quality checking.
• Determining who can access the data and monitoring who has accessed the data.

When using citizens' data, the URGENCY should be considered, by:

• Defining what constitutes an emergency. Any impacts of flexing guidelines in this context should be assessed continually, as far as practical, and after the fact (including any lessons learned).
• In an emergency situation, such as where there is threat to life, it may be necessary for data to be used that was not part of the original scope. Considering whether the public benefits of using the data clearly outweigh the risks.
• In the event of an emergency the use of identifiable data can be justified. If the private sector is involved, there should be clear rules about what private sector organisations do with data after an emergency including when they are deleted.
• In an emergency situation, it may be necessary for the timescales for data retention and deletion to be reviewed and extended.