[Discussion]: DESIGN PRINCIPLE: Maintaining public trust

[machintim]

Summary

Propose a principle around public trust to run across the architecture

Source

No response

Detail

This aligns with the DARE federation paper and the SATRE work on public engagement. That openness are key to public trust and this should be considered across as part of the design across the entire TRE architecture.

This should include a statement, rationale and implications.

Intended Output

No response

Who can help

@harisood - can you tag Katie? I don't know her username

[harisood]

@katie-rds! This info is also available on the Teams in Files -> Resources -> Team details

[manics]

How much does this overlap with https://github.com/sa-tre/satre-specification/issues/101 ?

[harisood]

Closely - I think this might be how the outputs from the Collab Cafe influence the specification

[harisood]

First attempt from @Katie-RDS:

TREs should build and maintain public trust by protecting privacy, keeping data secure and being transparent about their work.

Rationale

Public engagement work has indicated there is public support for TRE’s and the use of data to improve services and advance research as long as it is regulated, ethical and in the public benefit. Maintaining public trust in TRE’s to hold and use data is essential to prevent public backlash or resistance to the use of data. Involving members of the public in the decision making of the TRE help ensure the TRE is acting in public good. Being transparent about the data held and the projects or organisations who access the data helps maintain that trust.

Implications

• TREs should follow the Five Safes framework and make their adherence to the framework publicly accessible information.
• TREs should allow access to data for projects that are in the public benefit.
• TREs should publish information on the projects or organisations which access data held within the TRE.
• Public Involvement and Engagement activities should be carried out and inform the work of the TREs.

[manics]

Could we change the first line to TREs holding public data should build and maintain public trust by protecting privacy, keeping data secure and being transparent about their work. and make the implications conditional on holding public data?

[Katie-RDS]

Could we change the first line to TREs holding public data should build and maintain public trust by protecting privacy, keeping data secure and being transparent about their work. and make the implications conditional on holding public data?

I think the implications are definitely true for data held about members of the public so I'm happy with this edit. I think it would be interesting to discuss around how much needs to apply to other types of data and how TRE's define themselves?

[Katie-RDS]

I looked at various existing documents but this came most directly from the Goldacre Review https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/1067057/executive-summary-goldacre-review-using-health-data-for-research-and-analysis.pdf, The Adalovelace Report https://www.adalovelaceinstitute.org/evidence-review/public-attitudes-data-regulation/ and UK Heath Data Report https://ukhealthdata.org/wp-content/uploads/2020/04/200430-TRE-Green-Paper-v1.pdf

[harisood]

Thoughts and updates from the Collaboration Café:

Statement

TREs should build and maintain the trust of data subjects and any other impacted individuals, groups and organisations by protecting privacy, keeping data secure and being transparent about their work.

• This should be broadened out to communities and society

Rationale

Maintaining trust in TREs to hold and use data is essential to prevent backlash or resistance to the use of data. This can include maintaining the trust of members of the public who are impacted by research, as well as the trust of commercial data providers.

In the case of public sector data, public engagement work has indicated there is widespread support for the use of regulated and ethical TREs working for the public benefit. Consulting impacted parties, including the public, can help show that a TRE is acting in their benefit. Being transparent about the data held and the projects or organisations who access the data can also help maintain trust.

can help show that a TRE is acting in their benefit

• This phrasing makes it sound performative rather than emphasising they should have real impact. Could it be updated to 'can help ensure TREs are being used for positive, impactful and agreed-upon purposes'?

Implications (additional ones)

• TREs should make information on the projects or organisations which access their data available to impacted parties
• Access to public sector data should be reviewed by a panel and follow governance to ensure projects using this data are in the public benefit and provide clarity around commercial access
• TREs should should be clear on infrastructure including ingress/accreditation
• TREs should have processes in place for rigorously investigating and reporting incidents such as data leaks including processes required by the Information Commissioner’s Office

impacted parties

and publicly