Print bookPrint book

Module 6 Handbook

Site: CABI Academy
Course: Data Sharing Toolkit Learning Materials
Book: Module 6 Handbook
Printed by: Guest user
Date: Sunday, 29 September 2024, 12:31 PM

Table of contents

Introduction

This handbook is designed to help you to answer the Module 6 activity questions.

You are likely to find concerns about data security and privacy, and a mis-trust in data or others use of data, to be some of the biggest barriers to delivering FAIR and safeguarded data within investments.

It is critical that you understand risks and can evaluate real and perceived impacts in order to overcome these barriers. This will help you increase confidence in wider sharing of data while minimising harmful impacts.

This module will enable you to:

  • identify risks and impacts of sharing or not sharing
  • analyse likelihood and severity
  • identifying risks in data
  • manage risk

Terminology and control of risks

Terminology

To decide how you are going to minimise a risk, you first need to define some key elements. These are:

  • An action: the thing we want to do
  • concern: something that might go wrong
  • cause: the reason it might go wrong
  • An impact: the result if it goes wrong

All of these together make up the risk.

What can you control?

Many risks start as concerns about something that hasn’t yet happened.

You need to evaluate these concerns to identify if they are:

  1. Genuine
  2. Likely
  3. Severe

You can then address the causes and take appropriate action to minimise negative impact.

The impact is the only element of the risk that is NOT directly under your control. 

Graphic with text and warning Action-Concern-Cause-Impact!

Analysing likelihood and severity

To assess if something is a real risk it is important that you evaluate the likelihood and the severity of the impact.

You can do this by completing a risk matrix and assign a risk score. For those concerns that rate above a certain level you should then consider introducing minimising actions.

When completing the risk matrix you should remember:

  1. Likelihood and severity scores can differ vastly even with the same risk impact. For example, "damage to organisation's reputation" could vary dependent on the nature of the risk and its context in the organisation.
  2. Severity can vary widely depending on the organisation's attitude towards the risk. For example, is sharing poor quality data, which can often be likely due to errors in the manner of its collection, actually high in severity?

What are the risks of NOT sharing data?
  • discrimination against people or groups
  • damage to organisations reputation
  • organisation being fined for breaking the law

When building a risk assessment you should always consider the impact of both sharing and not sharing data and take a balanced approach.

Risk matrix (severity x likelihood)

Categories of risks

You can categorise the potential real impacts of using data, and their solutions, in to the following:

  • Legal and ethical risks to people
  • Commercial risks
  • Reputation risks
  • Wider economic, societal and environmental risks

Find out more about each next.

Legal and ethical risks to people

Legal risks

Identify

Data you are sharing contains personal information that does not have a lawful basis for being stored or shared.

Reduce

You should always check you have a lawful basis for handling personal data.

Ask yourself: is the personal information necessary to deliver the service or could techniques like suppression or anonymisation be used?

Ethical risks

Identify

The collection, use or sharing of data could result in unethical outcomes, such as discrimination or exclusion. This can occur even if the collection, use, or sharing of data is lawful.

For example, an automated data model might make decisions about whether someone is eligible for benefits or subsidies, or what products they can be offered. 

Reduce

You are most likely to introduce discrimination when using a limited amount of biased data. You can remedy this by:

  • sharing data more widely - this will boost the variety of data available and potentially address biases
  • putting in place ethical codes of practice
  • publishing impact assessments
  • communicating openly
  • regularly reviewing practices

Graphic showing balanced scales

Commercial risks

Affiliation risks

Identify

A company you do not wish to be associated with is making use of your data or services

Reduce

Make clear in your licensing that use of your data does not act as an endorsement and that your trademarks and logos are not to be used.

Revenue risks

Identify
Being more open may mean changes to an organisation's revenue model.

Reduce
You can view this change as an opportunity.
You could consider additional revenue streams through offering support and consultancy services to those who use it commercially.
It may be a requirement of funder policies to be open with data, so this improves your opportunity to receive revenue via this route.

Imitation risks

Identify
Other organisations offer similar products and services to your own, potentially reusing your own shared data. 

Reduce
You should consider if this actually has an impact on your revenue.
Imitation may be a sign of success and lead to sustainability, widespread adoption of good practices, and opportunity for innovation. This can be especially true of work designed to benefit society and the environment, such as agricultural services.
Alternatively, you can apply for patents on products and services to protect your revenue, as opposed to restricting access to data.

Copycat risks

Identify

A deliberate and targeted attempt to masquerade as another organisation, e.g. to sell fake goods and services. 

Reduce

Make clear in your licensing that use of your data does not act as an endorsement and that your trademarks and logos are not to be used.

Graphic showing coins within action-concern-cause-impact frame


Reputation risks

Data quality risks

Identify

Data that can affect your reputation:

  • is inaccurate
  • contains personal information
  • not updated regularly
  • too suppressed

This can undermine the strategic benefits of publishing open data and may contradict legal or other policy requirements.

Potential users may not see you as a credible publisher and in turn avoid using your data and/or services.

Reduce

Develop a robust data management plan that includes being as open as possible with data. Your plan should detail:

  • quality control mechanisms
  • time schedules
  • processes that ensure data is as open and accessible as possible
  • channels of communication with consumers

Mis-use risks

Identify

Mis-trust in data, others’ use of data, or drawing ‘incorrect’ conclusions that might be attributed to the publisher. There is a perception that this will lead to reputational and potentially commercial damage.

Reduce
Ask yourself how you battle misrepresentation or misuse?

People cannot refute claims of false analysis unless the data is available for others to analyse themselves. If you share data as openly as possible it can fight misuse and misrepresentation rather than lead to more of it!

Wider economic, societal and environmental risks

Identify

1: The release of data can result in wider harmful impacts on society, the economy or the environment. 

For example, publishing data that highlights the location of key food production and storage areas for internal use and export could make those locations a target in times of conflict.

2: The restriction of data can result in wider harmful impacts on society, the economy or the environment. 

For example, not sharing data on crop disease can result in the disease becoming widespread before anyone is even aware it exists.

In this example, however, releasing the data may result in commercial harm. The choice of which risk is greater is often complex. 

Reduce
  • Put in place, or uphold existing and widely accepted ethical codes of practice
  • Communicate openly
  • Regularly review practices

Identifying risks in data

You can identify risks in data by asking the following questions.

1: Think about the sources of your data:

  • Do you have the rights to collect, access, use and share the data?
  • Is there any third party data in the data?
  • Is there an existing ethical or legislative context you need to consider (e.g. in country and funder policies)?
  • Is the data properly described, including its limitations, gaps, inconsistencies or biases?

2: Look directly at the data and establish:

  • Could the data directly, or indirectly, identify individuals?
  • Does the data contain sensitive information?
  • Does the data contain any confidential information?
  • Does the data contain free text fields? Have these been analysed in respect to the above?

3: Think about impacts (e.g. impacts of national security, organisations, people and society):

  • What are you trying to achieve by collecting, sharing or using data?
  • What positive impacts might there be?
  • What negative impacts might there be?

Strategies to help minimise risks

You can take many actions to help minimise risks, including:
1. Increase data literacy

Work with your stakeholders to increase data literacy in key areas such as:

  • data collection
  • handling personal and sensitive data
  • rights and permissions
2. Implement a data management plan

If you develop a good data management plan it can support the safeguarding of data. Your plan should set out the processes that support the policies including:

  • how to store and share data 
  • data lifecycle and retention/deletion requirements 
  • when and how risks, legal requirements and ethical practices are reviewed
  • how data users and external stakeholders are supported

    Use this guide to help you develop a data management plan.

    3. Use a variety of data licenses and data sharing agreements

    You do not need to license all data the same way. Different versions of the same dataset can exist at different places on the data spectrum.

    For example, if it is necessary to share a dataset containing personal data:

    • use a data sharing agreement,
    • make an anonymised version of the same dataset openly available in parallel
    4. Document and communicate openly
    You can lower risk by documenting and publishing:
    • policies and processes
    • impact assessments
    • known data quality issues
    • limitations of the data

    Being open and welcoming feedback are essential to help you build a healthy ecosystem around the data.

    Tools, guides and case studies

    You can use the following tools and guides to help minimise harmful impacts from data sharing:

    Summary

    You can find all the key points from this Module in the Cheat Sheet: Minimising harmful impacts from data

    Don't forget to complete Module 6 activity questions to review your knowledge of this topic.