Identifying risks in data

You can identify risks in data by asking the following questions.

1: Think about the sources of your data:

  • Do you have the rights to collect, access, use and share the data?
  • Is there any third party data in the data?
  • Is there an existing ethical or legislative context you need to consider (e.g. in country and funder policies)?
  • Is the data properly described, including its limitations, gaps, inconsistencies or biases?

2: Look directly at the data and establish:

  • Could the data directly, or indirectly, identify individuals?
  • Does the data contain sensitive information?
  • Does the data contain any confidential information?
  • Does the data contain free text fields? Have these been analysed in respect to the above?

3: Think about impacts (e.g. impacts of national security, organisations, people and society):

  • What are you trying to achieve by collecting, sharing or using data?
  • What positive impacts might there be?
  • What negative impacts might there be?