Categories of risks

Legal and ethical risks to people

Legal risks

Identify

Data you are sharing contains personal information that does not have a lawful basis for being stored or shared.

Reduce

You should always check you have a lawful basis for handling personal data.

Ask yourself: is the personal information necessary to deliver the service or could techniques like suppression or anonymisation be used?

Ethical risks

Identify

The collection, use or sharing of data could result in unethical outcomes, such as discrimination or exclusion. This can occur even if the collection, use, or sharing of data is lawful.

For example, an automated data model might make decisions about whether someone is eligible for benefits or subsidies, or what products they can be offered. 

Reduce

You are most likely to introduce discrimination when using a limited amount of biased data. You can remedy this by:

  • sharing data more widely - this will boost the variety of data available and potentially address biases
  • putting in place ethical codes of practice
  • publishing impact assessments
  • communicating openly
  • regularly reviewing practices

Graphic showing balanced scales