WORKSHOP Security challenges and solutions for sharing sensitive data in an open data environment

Co-chaired by Christian Ohmann and Wolfgang Kuchinke (ECRIN)

Ethical, legal and social implications (ELSI) relevant for research projects result in major challenges when dealing with privacy and data protection of sensitive data (e.g. patient-level data, health data) in the context of data sharing. The legal framework in Europe (consent, anonymisation, authorisation, research exemption) iscurrently under revision with adaptions of novel governance structures (e.g. honest brokers, trusted third parties) and new definitions of key terms (e.g. anonym,  identifiability).  Although many effective standard instruments (e.g. advancedanonymisation techniques, like k-anonymisation, statistical anonymisation) are available, even the most advanced anonymisation techniques are vulnerable to attacks and the risk of re-identification of patients remains and may even increase. A move from a dichotomous consideration (consent or anonymisation)to a risk-based approach with risk categories (e.g. no, low, high risk of identification)used inrisk assessments seems to be necessary (privacy impact assessment). The risk of re-identification is more controllable in a closed environment (governance)and recent IT developments (e.g. persistent identifiers)will help to improve traceability and transparency of data sharing and may support the identification of possible breaches of confidentiality. In our workshop, new models dealing with confidentiality and data privacy frameworks reflecting this risk-based approach will be discussed. Standardized techniques to develop secure frameworks for data sharing, such as risk and threat analysis and the assessment of countermeasures are explored and practical applications presented.

In summary, the workshop will give a formal and model-based approach for the access to and sharing of sensitive data in an open data environment (BioMedBridges), reflecting current challenges and latest solutions and be therefore relevant for all researchers that are interested in secure data sharing.

AGENDA

  • Formal confidential and data privacy frameworks. Presentation of the zone model of data privacy protection - W. Kuchinke (UDUS)
  • The role of anonymization for data protection - M. Sariyar, I. Schluender (TMF)
  • Sharing of sensitive data and biomaterials: From threat and risk analysis to countermeasures - F. Kohlmayer, R. Bild (TUM)
  • Issues with practical implementation of secure access to sensitive data - U. Sarkans (EMBL-EBI)