Privacy Risk Assessment Methodology (PRiAM)Secure Society Health & Wellbeing
Organisations responsible for data protection must demonstrate that sharing data for research does not put individuals at undue risk of harm. Such harms relate to a person’s right to privacy – for example, they may involve someone’s identity being revealed or data being used unlawfully. Organisations aim to reduce harm through privacy risk management. Although best practice principles such as the ‘Five Safes’ are used, there is no standard privacy risk assessment approach. This leaves organisations to make their own choices about levels of risk and how they should be managed.
Personal data may be held by many organisations. Often, research requires combinations of data – for example, studying patients’ journey from hospital to recovery may involve combining medical data with data from social care, digital health applications and wearable technologies. With no standard risk assessment approach, it’s hard for multiple organisations to assess and manage risk consistently.
PRiAM aimed to deliver a way to assess privacy risks for data managed by multiple organisations. Engaging experts and members of the public in research use cases, a privacy risk assessment framework has been developed and demonstrated using a security decision support tool. The framework and evaluation of usability and efficiency has been published, ensuring widespread impact.
PRiAM is part of the DARE UK programme aiming to design and deliver a coordinated and trustworthy national data research infrastructure to support cross-domain research for public good.
The objectives are
You can find more information on the PRiAM project at DARE UK
IT Innovation provides overall leadership of PRiAM workign with the University of Warwick and Privitar Ltd