Sharing health and social care data is essential to the delivery of high quality health care as well as disease surveillance, public health, and for conducting research. However, these societal benefits may be constrained by privacy and data protection principles. Hence, societies are striving to find a balance between the two competing public interests. Whilst the spread of IT advancements in recent decades has increased the demand for an increased privacy and data protection in many ways health is a special case. UK are adopting guidelines, codes of conduct and regulatory instruments aimed to implement privacy principles into practical settings and enhance public trust. Accordingly, in 2015, the UK National Data Guardian (NDG) requested to conduct a further review of data protection, referred to as Caldicott 3. The scope of this review is to strengthen data security standards and confidentiality. It also proposes a consent system based on an "opt-out" model rather than on "opt-in.Across Europe as well as internationally the privacy-health data sharing balance is not fixed. In Europe enactment of the new EU Data Protection Regulation in 2016 constitute a major breakthrough, which is likely to have a profound effect on European countries and beyond. In Australia and across North America different ways are being sought to balance out these twin requirements of a modern society - to preserve privacy alongside affording high quality health care for an ageing population. Whilst in the UK privacy legal framework remains complex and fragmented into different layers of legislation, which may negatively impact on both the rights to privacy and health the UK is at the forefront in the uptake of international and EU privacy and data protection principles. And, if the privacy regime were reorganised in a more comprehensive manner, it could be used as a sound implementation model for other countries.
The development within the area of information and communications technology (ICT) has been rapid during the last couple of decades. Advancements in mobile technology, such as smartphones and other portable devices with embedded sensors, rapid expansion of communications infrastructure, and increased spectrum utilization, has had a major impact on civilian society, but increasingly also on professional organizations such as the Swedish Armed Forces. While this technology allows for enhanced capabilities in the areas of command and control, situational awareness, and information management, it also leads to new challenges in such areas as cyber security and privacy. For armed forces in many parts of the world, being able to deploy in new types of missions, such as humanitarian assistance and response operations due to natural or man-made disasters, is an increasingly sought-after capability. Such operations commonly require collaboration amongst several heterogeneous organizations, which in turn requires technical as well as organizational interoperability. While the actors must be able to share certain information efficiently, with regards to integrity and availability, sensitive or classified information must be safeguarded in terms of confidentiality. This thesis is concerned with studying emerging ICT for use on the battlefield of tomorrow, investigating how it can lead to more effective operations, and what preconditions that must be met in order for the technology to be of utility for inter-organizational collaboration. In particular, the thesis studies how an acceptable level of information security can be upheld in interconnected tactical communications networks. It is found that Mobile Ad-hoc Networks, Software-Defined Radio and Cognitive Radio are emerging technologies that, while still immature, can contribute to improved capabilities for communications, command and control, and information collection. Furthermore, Hastily Formed Networks is found to be an effective framework for collaboration between heterogeneous actors. However, in order for emerging ICTs to provide military utility, several non-technical requirements must be met. These include usability, trust, legality, cost, and verifying that the technology is in accordance with current military doctrine. Antagonistic as well as unintentional threats must also be mitigated, including information leaks caused by cyberattacks or insiders, and possible consequences of reduced user privacy. Besides to the Swedish Armed Forces, this thesis should be of interest to armed forces of comparable countries, and for professional organizations faced with similar challenges. Among the drawn conclusions, the thesis recommends continuously evaluating emerging ICT in support of new capabilities, through academic research as well as internal concept development. Adopting an incremental and modular process is also recommended when developing or procuring new ICT systems, instead of making long-term investments in proprietary technology. Furthermore, a focus should be put on promoting military requirements in future civilian ICT standards. In this way development costs can be reduced, while facilitating tactical use of commercial off-the-shelf products. Regarding information security in tactical networks for inter-organizational collaboration the thesis concludes that employing best-effort methods could allow for efficient information exchange between actors, while upholding acceptable risk levels regarding data leakage. ; Informations- och kommunikationsteknik (IKT) har under de senaste årtiondena varit under stark utveckling. Ökad tillgänglighet av mobil teknik, såsom smarta mobiltelefoner och andra bärbara enheter med inbyggda sensorer, kraftig utbyggnad av kommunikationsinfrastruktur samt framsteg inom spektrumeffektivitet, har haft en stor betydelse för civilsamhället samt i ökande grad även för insatsorganisationer såsom Försvarsmakten. Tekniken bidrar till ökad förmåga till ledning, situationsuppfattning och informationshantering, men medför samtidigt flera utmaningar inom områden som cybersäkerhet och personlig integritet. Nya uppgifter som parallellt kommit i fokus för försvarsmakter i många länder inkluderar förmågan att kunna delta i stödjande insatser i samband med naturkatastrofer, terrorattacker, eller att kunna erbjuda humanitärt bistånd i internationella miljöer. Sådana insatser kräver vanligtvis samverkan mellan många olika heterogena organisationer, vilket medför ett behov av såväl teknisk som organisatorisk interoperabilitet. Viss information måste kunna delas effektivt mellan de ingående aktörerna med avseende på riktighet och tillgänglighet, samtidigt som känsliga uppgifter måste skyddas avseende sekretess. I denna avhandling studeras taktiskt användande av framväxande IKT på morgondagens slagfält, hur tekniken kan bidra till mer effektiva operationer, samt vilka förutsättningar och krav som måste uppfyllas för att tekniken ska kunna vara till nytta vid interorganisatorisk samverkan. Särskilt undersöks möjligheten att upprätthålla en acceptabel nivå av informationssäkerhet i gemensamma taktiska sambandssystem, samtidigt som dessa kan användas effektivt under påfrestande förhållanden. Avhandlingen finner att tekniker som mobila ad hoc-nätverk, mjukvarudefinierad radio och kognitiv radio, trots att de ännu är omogna, kan komma att bidra till förbättrade eller helt nya förmågor inom bland annat samband, ledning och informationsinhämtning. Vidare dras slutsatsen att ramverket Hastily Formed Networks är effektivt för samverkan mellan heterogena aktörer. För att framväxande IKT ska kunna vara av militär nytta krävs dock att flera icke-tekniska krav kan mötas. Dessa inkluderar användbarhet, tillit, legalitet, kostnad, samt att tekniken ligger i linje med rådande militär doktrin. Såväl antagonistiska som oavsiktliga hot måste samtidigt hanteras, såsom informationsläckor orsakade av cyberattacker eller insiders, samt konsekvensen av en minskad personlig integritet för användarna. Avhandlingen förväntas vara av intresse för såväl Försvarsmakten som organisationer med liknande förutsättningar i Sverige och jämförbara länder. Som slutsats rekommenderas i avhandlingen att framväxande IKT till stöd för nya förmågor kontinuerligt utvärderas genom såväl akademisk forskning som intern konceptutveckling, samt att en inkrementell och modulär modell bör väljas vid utveckling och anskaffning, snarare än att göra omfattande investeringar i proprietär teknik. Fokus bör även vara på att tidigt få med militära krav i civila IKT-standarder. På så vis kan utvecklingskostnader reduceras, samtidigt som militär användning av kommersiellt tillgängliga produkter förenklas. En slutsats gällande informationssäkerhet är att man med metoder som baseras på så kallad "best-effort" kan effektivisera utbytet i ett gemensamt informationssystem, samtidigt som risken för dataläckage kan behållas på en acceptabel nivå. ; PAPERS APPENDED TO THE THESIS. Paper I: M. Asplund, S. Nadjm-Tehrani & J. Sigholm (2009) "Emerging information Infrastructures: Cooperation in Disasters," in Setola, R. and Geretshuber, S. (eds.) Lecture Notes in Computer Science (LNCS): Vol. 5508, Critical Information Infrastructures Security , pp. 258-270, Springer Verlag, Berlin Heidelberg. Paper II: E. Törnqvist, J. Sigholm & S. Nadjm-Tehrani (2009) "Hastily Formed Networks for Disaster Response: Technical Heterogeneity and Virtual Pockets of Local Order," in Proceedings of the 6th International Conference on Information Systems for Crisis Response and Management (ISCRAM2009) , Gothenburg, Sweden, May. Paper III: J. Sigholm (2010) "Reconfigurable Radio Systems: Towards Secure Collaboration for Peace Support and Public Safety," in Proceedings of the 9th European Conference on Information Warfare and Security (ECIW 2010) , pp. 268-274, Thessaloniki, Greece, July. paper IV: J. Sigholm & D. Andersson (2011) "Privacy on the Battlefield? Ethical Issues of Emerging Military ICTs," in Proceedings of the 9th International Conference of Computer Ethics: Philosophical Enquiry (CEPE 2011) , pp. 256-268, Milwaukee, WI, U.S.A., June. Paper V: J. Sigholm & M. Raciti (2012) "Best-Effort Data Leakage Prevention in Inter-Organizational Tactical MANETs," in Proceedings of the 31st IEEE Military Communications Conference (MILCOM 2012) , pp. 1143-1149, Orlando, FL, U.S.A., November. Paper VI: J. Sigholm (2013) "Non-State Actors in Cyberspace Operations," Journal of Military Studies , National Defense University, Finland and Finnish Society of Military Sciences, vol. 4, no. 1, March.
ABSTRACT
IntroductionFor several years, Population Data Linkage initiatives around the world have been successfully linking population‐based administrative and other datasets and making extracts available for research under strong confidentiality protections1. This paper provides an overview of current approaches in a range of scenarios, then outlines current relevant trends and potential implications for population data linkage initiatives.MethodsApproaches to protecting the confidentiality of data in research can also reduce the statistical usefulness, and the trade‐off between confidentiality protection and statistical usefulness is often represented as a Risk‐Utility map [2, 3, 5, 7]. Positioning the range of current approaches on such a Risk‐Utility map can indicate the relative nature of the trade‐off in each case.Such a Risk‐Utility map is only part of the story, however. Each approach needs to be implemented with appropriate levels of governance, information technology security, and ethical oversight. In addition, there are several changes in the external environment that have potential implications for population data linkage initiatives.Results and DiscussionCurrent approaches to protecting the confidentiality of data in research fall into one of two classes. The first class comprises approaches that anonymise the data before analysis, namely:
Removal of identifying information such as names and addresses
Secure data centres on‐site at the custodian premises
Public use files made widely available
Synthetic data files made widely available
Open data files published on the internet
The second class comprises approaches that anonymise the analysis outputs, namely:
Virtual data centres that are on‐line versions of secure data centres [8]
Remote analysis centres where users can request analyses but cannot see data.
Many such initiatives implicitly or explicitly use criteria that have been recently captured in the Five Safes model [3]. However, changes in the external environment may add potential implications to address [6].First, there is a rapid increase in scenarios for data use, many of which involve multiple datasets from multiple sources with multiple custodians. This raises the question of whether there should be centralised data integration versus a proliferation of ad‐hoc decentralised but inter‐related initiatives. In any case, harmonised and shared governance will be essential. Next, the public are becoming increasingly informed and are increasingly exercising their privacy preferences in selecting between competing service providers. It is likely that the public will demand that initiatives move beyond education gain acceptance to a model of full partnership.ConclusionsWhile Population Data Linkage initiatives have been successful to date, changes in the external environment have potential implications such as a need for harmonised and shared governance, as well as full partnership with the public. Meeting the future challenges will require sophistication in the selection, design and operation of approaches to protecting the confidentiality of data in research. Useful frameworks in this context include [1, 4]. Importantly, it is necessary to have a range of approaches in order to adequately meet the needs of a range of different scenarios.AcknowledgementsThis work was partially supported by a grant from the Simons Foundation. The author thanks the Isaac Newton Institute for Mathematical Sciences, University of Cambridge, for support and hospitality during the programme Data Linkage and Anonymisation, which was supported by EPSRC grant no EP/K032208/1.
1For a list of administrative data linkage centres around the world, see www.ipdln.org/data‐linkage‐centres
Key References[1] Desai T, Felix Ritchie F, Welpton R. Five safes: designing data access for research. Preprint 2016.[2] Duncan G, Elliot M, Salazar‐Gonzàlez JJ. Statistical Confidentiality. Springer: New York, 2011.[3] El Emam K. A Guide to the De‐identification of Health Information. CRC Press: New York, NY, 2013.[4] Elliot M, Mackey E, O'Hara K, Tudor C. The Anonymisation Decision‐Making Framework. http://ukanon.net/wp‐content/uploads/2015/05/The‐Anonymisation‐Decision‐making‐Framework.pdf[5] Hundepool A, Domingo‐Ferrer J, Franconi L, Giessing S, Nordholt E, Spicer K, deWolf PP. Statistical Disclosure Control, Wiley Series in Survey Methodology. John Wiley & Sons: United Kingdom, 2012.[6] O'Keefe CM, Gould P, Chipperfield JO. A Five Safes perspective on administrative data integration initiatives, submitted.[7] O'Keefe CM and Rubin DB. Individual Privacy versus Public Good: Protecting Confidentiality in Health Research, Statistics in Medicine 34 (2015), 3081‐3103. DOI: 10.1002/sim.6543[8] O'Keefe CM, Westcott M, O'Sullivan M, Ickowicz A, Churches T. Anonymization for outputs of population health and health services research conducted via an online data centre, JAMIA in press.
Unlike the author's economic rights, the authorship of a work as well as other moral rights should not necessarily be classified as a kind of intellectual property. If literature presents the problems of copyright as an element of intellectual property, this is done in reference to economic rights. The issues connected with moral rights appear then as the background condition for economic rights to arise. However, according to the will of the legislator, the nature of these rights was formed in a different way. While economic rights are a kind of intellectual property, the authorship of a work should rather be viewed as a phenomenon at the intersection of the right to privacy (particularly at the stage of an already established but not yet completed work) and the right to freedom of expression (from the moment of the exercise of other moral rights and the moment of taking a decision to make a work public under the author's own name). The right to withhold authorship cannot be interpreted as the right to change the author by agreement of the interested parties.