Researchers and partners using SILC facilities and services are committed to applying the ‘Guiding Principles for Data Linkage’ to their research project and continuing to engage with the public in a two-way process, ensuring citizens are well-informed and their opinions considered.
What are the Guiding Principles for Data Linkage?
The Guiding Principles for Data Linkage are designed to support the safe and appropriate use of data for research and statistical purposes. This ensures that data linkage is undertaken within a controlled environment and that the research carried out is legal, ethical, secure and efficient.
Before undertaking a data linkage project using SILC, researchers must consider and address the Guiding Principles as part of the application process, overseen by eDRIS. These are:
- Public Interest - Ultimately, any data linkage work must be in the public’s interest. That is to say, society may benefit from the findings of the work. Protection of privacy, efficient use of data, and scientifically sound and ethically robust research and statistics are all in the public interest.
- Governance and Public Transparency – Having accountable governance structures which are transparent to the public is essential to ensure that data is being accessed and linked in an appropriate and responsible manner. Clear decision making processes that are open will help to ensure the appropriate balance of privacy protection, efficient use of data and scientifically sound and ethically robust research and statistics.
- Privacy - The law does not give absolute value to privacy and therefore a balance is needed between respect for privacy, through the proportionate mitigation of risk, and the potential benefits to all through the use of data for statistical and research purposes. Methods for mitigating risks to privacy include anonymisation and security. Where data subjects consent to their personal data being shared or linked, privacy risk must still be considered. Particular attention should be given to:
a) Consent - Consent of data subjects is an important consideration, although it is not a necessary requirement for data linkage under the Data Protection Act. The consent principles should be departed from only where there is a strong justification and approval has been granted by an appropriate oversight body.
b) Anonymisation - There are degrees of data anonymisation and it may not be possible to completely remove the risk of re-identification. Nevertheless, data can be anonymised sufficiently (often referred to as pseudoanonymised) for data controllers to make a reasonable risk-based judgement that data can be shared. The anonymisation principles may have less importance if consent for linkage of non-anonymised data has been given or if linkage has been approved by an appropriate oversight body.
c) Security - Security of data transfer, storage and use is vital for the protection of privacy, especially where there is any risk of re-identification.
- Access and Personnel – Anyone who applies to access or link data using SILC facilities or the national safe havens (secure data access points) must have undergone appropriate training which is necessary to gain ‘approved researcher’ status. Further security measures can be taken to prevent any single person or organisation having unrestricted access to data, for example the establishment of an Access Control Policy or Data Access Agreement.
- Clinical Trials - Data linkage as a method to support or enhance clinical trials presents specific requirements which must be considered if appropriate to the project.
- Sanctions - Where organisations or individuals break the law, legal sanctions will apply. Additional sanctions should be considered where the Guiding Principles for Data Linkage are breached.
The Guiding Principles for Data Linkage should always be considered prior to undertaking any data linkage activity in Scotland.
Good practice examples of the Guiding Principles being applied are available