Professional Documents
Culture Documents
Trusted Data Use 2017
Trusted Data Use 2017
Trusted Data Use 2017
August 2017
A Path to
Social Licence
Guidelines for Trusted Data Use
1 1
August 2017
2
Summaryfor
A Path to Social Licence | Guidelines | August
June 2017
2017
Trusted Data Use
Introduction
3
August 2017
4
A Path to Social Licence | Guidelines for Trusted Data Use
7
HIGH
VERY
6 COMFORTABLE
5
COMFORTABLE
4
TRUST
UNCOMFORTABLE
3
2 VERY
UNCOMFORTABLE
1
LOW
1 2 3 4 5 6 7
LOW BENEFIT HIGH
55
August 2017
PROTECTION
4. Is my data secure?
CHOICE
66
A Path to Social Licence | Guidelines for Trusted Data Use
Displaying the answers to the eight How organisations should use the
key questions Guidelines
The Transparent Data Use dial focuses on the eight key What are
questions and provides an easy way for organisations Who will
the benefits
and who will
benefit?
to display (online or on paper) information and for be using
my data? What will
my data be
people to engage with it. Each segment should be able VALUE used for?
Organisation answers
Will I be
to be “clicked through” (or opened up, if a paper version asked for
the eight key questions
about data use
consent? TRANSPARENT
ICE
is used) to reveal the answers from the organisation DATA USE Is my data (proposed or current)
CHO
secure?
ON
BUILD YOUR DIAL
for the particular data use being considered. Where
TI
C
PRO TE
TI
PUBLISH
AND SHARE
YOUR DIAL
What are
the benefits
and who will
Who will
benefit?
be using
my data? What will
my data be
VALUE used for?
Will I be
asked for
consent? DATA USE
ICE
Is my data
CHO
ON
secure?
TI
C
TE
PRO
Could my
data be Will my
sold? data be
Can I see and anonymous?
correct data
about me?
If YES If NO
7
August 2017
• be novel for the community it will affect Most organisations will already have mechanisms to
• have a substantial impact on whānau, hapū, iwi or engage with communities and stakeholders. Ways to
Māori communities engage with communities include:
• have a potential impact on Pasifika
• establishing a panel of community representatives who
• have a disproportionate impact on people from small provide ongoing checks on data use
communities or people identifying as disadvantaged
• have an impact on vulnerable groups such as minors • using existing stakeholder engagement channels,
including social media and digital platforms.
• have the potential to have a serious impact on people’s
lives (for example, decisions about access to social
housing or mortgages)
88
A Path to Social Licence | Guidelines for Trusted Data Use
9
August 2017
Future uses Give people the ability to opt out of direct marketing and
advertising that uses their data. Make information about
this option easy to find and make it easy to opt out.
State clearly if the data might be used for other purposes
in the future and, if so, what other purposes.
If it isn’t possible to be precise about possible future 3. Who will be using my data?
uses, assure the person that they will be asked to give
consent to that use before it occurs. People want to know who will be using or sharing their
data.
10
A Path to Social Licence | Guidelines for Trusted Data Use
• which types of personnel will have access to the data (for example, where names are converted into unique
and their credentials (for example, their training, that numbers), data being analysed at an aggregated,
there were referee checks, and that they have signed rather than individual, level, and adding ‘noise’
declarations of confidentiality) • controls on who will be able to access the data and for
• the access rules and protocols in place and the what purposes
consequences for staff who break them • assurances about sharing the data – with whom and
• security arrangements that prevent unauthorised for what purpose
access to the data. • assurances about linking the data with other datasets
and steps to minimise the risk of re-identification
Tell people what you will do if there is a data breach.
• assurances that the people accessing the data are
Ideally, you should inform the people affected as soon
prohibited from attempting to identify individuals
as possible to give them the best opportunity to protect
themselves. • a date for the destruction of data after use.
11
August 2017
people with the data it holds about them. • to be notified before any new data use or sharing occurs
Explain any circumstances in which data held about • time limits on permission
an individual will not be provided. Rather than list
• to be able to withdraw consent in the future.
the exceptions in the Privacy Act 1993, explain the
circumstances in which your organisation will not
It is common for consent to be asked for as part of long,
provide data.
legalistic statements of terms and conditions. These are
frequently skipped over by people wanting to access the
Clients’ ability to ask that their data be service or product on offer, raising the question of whether
transferred ‘consent’ in these circumstances is genuine or informed.
12
A Path to Social Licence | Guidelines for Trusted Data Use
In most cases, it is desirable to explicitly ask for consent If the data you collect from customers could be sold in
to use data about individuals, even when the data is an identified form, seek consent unless the sale is part of
anonymised. the sale of a business as a going concern.
Ask people to give consent through a positive action If a business is being sold as a going concern, advise
(for example, by ticking a box or clicking an ‘I agree’ customers and provide an opportunity for them to opt
statement). out of the customer database.
Where people are in vulnerable situations (for example, For further information on the background of this guide
a person using a rape counselling service or a women’s please refer to our Background doc here:
refuge), it is especially important to limit the initial data https://trusteddata.co.nz/wp-content/uploads/2017/08/
collection to the minimum needed for service delivery. Background-Trusted-Data.pdf
Issues of data use and consent should be addressed at a
later stage such as when the client has finished with the
service and can feel free to refuse the request.
13
August 2017
What are
the benefits
and who will
Who will
benefit?
be using
my data? What will
my data be
VALUE used for?
Organisation answers
Will I be
asked for
the eight key questions
consent? TRANSPARENT about data use
ICE
secure?
ON
EC
PROT
Could my
data be Will my
sold? data be
Can I see and anonymous?
correct data
about me?
VALUE
DATA
OICE
USE
ON
CH
TI
EC
PROT
If NO
If YES
PUBLISH
AND SHARE
YOUR DIAL
What are
the benefits
and who will
Who will
benefit?
be using
my data? What will
my data be
VALUE used for?
Will I be
asked for
consent? DATA USE
OICE
Is my data
CH
secure?
ON
TI
C
TE
PRO
Could my
data be Will my
sold? data be
Can I see and anonymous?
correct data
about me?
If YES If NO
14
A Path to Social Licence | Guidelines for Trusted Data Use
What are
the benefits
and who will
Who will
benefit?
be using
my data? What will
my data be
VALUE used for?
Will I be
asked for
consent? TRANSPARENT
ICE
secure?
ON
TI
E C
PR OT
Could my
data be Will my
sold? data be
Can I see and anonymous?
correct data
about me?
15
August 2017
16