Building on Principles: The Case for Comprehensive, Proportionate Governance of Data Access

  • Kimberlyn M. McGrailEmail author
  • Kaitlyn Gutteridge
  • Nancy L. Meagher


The amount of data in the world is growing rapidly. Researchers and others see the value of these data to answer compelling questions, and sometimes this involves linking different data sets together. Good and long-standing processes for governing access to data exist, but these will be challenged with the amount and breadth of data researchers wish to use. In particular, it is increasingly clear that in this new world of data, data access governance cannot continue to rely on traditional approaches of de-identification, anonymization and individual consent. An alternative to these risk-minimization approaches is proportionate governance, a process that assesses potential risks and mitigations to those risks, including the potential public interest that is served by enabling research. We propose a flexible and adaptable proportionate governance framework that builds on existing models. Local adoption of this framework will require engagement with stakeholder to create consensus around principles, and implies broad commitment to the notion of a more open research culture.


Personal Information Data Access Safe Haven Governance Framework Scientific Merit 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



We are grateful to Dawn Mooney for the figures in this chapter, to Megan Engelhardt for help with formatting, and to two anonymous reviewers whose comments greatly improved the content and presentation of the material.


  1. 1.
    Anderson, N., Edwards, K.: Building a chain of trust: using policy and practice to enhance trustworthy clinical data discovery and sharing. In: Proceedings of the 2010 Workshop on Governance of Technology, Information and Policies, pp. 15–20. ACM, New York (2010)Google Scholar
  2. 2.
    Biesecker, L.G.: Hypothesis-generating research and predictive medicine. Genome Res. 23(7), 1051–1053 (2013)CrossRefGoogle Scholar
  3. 3.
    Brook, E.L., Rosman, D.L., Holman, C.D.: Public good through data linkage: measuring research outputs from the Western Australian data linkage system. Aust. N. Z. J. Public Health 32(1), 19–23 (2008)CrossRefGoogle Scholar
  4. 4.
    Canadian Institutes of Health Research.: CIHR best practices for protecting privacy in health research. (2005). Accessed 22 June 2015
  5. 5.
    Canadian Institutes of Health Research.: CIHR peer review manual for grant applications. (2009). Accessed 22 June 2015
  6. 6.
    Canadian Institutes of Health Research.: CIHR open operating grant program competitions - frequently asked questions (FAQ). (2014). Accessed 22 June 2015
  7. 7.
    Canadian Institutes of Health Research, Natural Sciences and Engineering Research Council of Canada.: Tri-council policy statement: ethical conduct for research involving humans. (2010). Accessed 22 June 2015
  8. 8.
    Cate, F. H., Cullen, P. & Mayer-Schnberger, V., 2013. Data Protection Principles for the 21st Century, Oxford: Oxford Internet Institute.
  9. 9.
    Chamberlayne, R., Green, B., Barer, M., Hertzman, C., Lawrence, W., Sheps, S.: Creating a population-based linked health database: a new resource for health services research. Can. J. Public Health (Revue Canadienne De Sant Publique) 89(4), 270–273 (1998)Google Scholar
  10. 10.
    Collins, P., Slaughter, P., Roos, N., et al.: Harmonizing research and privacy: Sandars for a collaborative future. Phase II final report: privacy best practices for secondary data use (SDU). (2006). Accessed 22 June 2015
  11. 11.
    Davidson, S., McLean, C., Treanor, S., et al.: Public acceptability of data sharing between the public, private and third sectors for research purposes. (2013). Accessed 22 June 2015
  12. 12.
    DenHoed, A.: Give Yourself Away - The New Yorker. (2014). Accessed 22 June 2015
  13. 13.
    Economic and Social Research Council: Big Data Investment: Capital funding - ESRC. (2013). Accessed 22 June 2015
  14. 14.
    Emam, K.E.: Methods for the de-identification of electronic health records for genomic research. Genome Med. 3, 25 (2011)CrossRefGoogle Scholar
  15. 15.
    Emam, K.E.: Re-identification risk assessment and anonymization process. (2013). Accessed 22 June 2015
  16. 16.
    Engle, E.: The history of the general principle of proportionality: an overview. Dartmouth Law J. 1, 11 (2012)Google Scholar
  17. 17.
    Enserink, B., Chin, G.: The end of privacy. Science 80(1), 490–491 (2015)CrossRefGoogle Scholar
  18. 18.
    Executive Office of the President.: Memorandum for the Heads of Executive Departments and Agencies 3-9-09. (2013). Accessed 22 June 2015
  19. 19.
    Faden, R., Beauchamp, T., King, N.: A History and Theory of Informed Consent. Oxford University Press, New York (1986)Google Scholar
  20. 20.
    Ford, D., Jones, K., Verplancke, J.P., Lyons, R., John, G., Brown, G., Brooks, C., Thompson, S., Bodger, O., Couch, T., Leake, K.: The SAIL Databank: building a national architecture for e-health research and evaluation. BMC Health Serv. Res. 9 (2009)Google Scholar
  21. 21.
    Fox-Brewster, T.: Londoners give up eldest children in public Wi-Fi security horror show. (2014). Accessed 22 June 2015
  22. 22.
    Fullerton, S., Anderson, N., Nicholas, R., Guzauskas, G., Freeman, D., Fryer-Edwards, K.: Meeting the governance challenges of next-generation biorepository research. Sci. Transl. Med. 2(15), 15cm3 (2010)Google Scholar
  23. 23.
    Godard, B., Schmidtke, J., Cassiman, J., Ayme, S.: Data storage and DNA banking for biomedical research: informed consent, confidentiality, quality issues, ownership, return of benefits. A professional perspective. Eur. J. Hum. Genet. 11(2), 88–122 (2003)CrossRefGoogle Scholar
  24. 24.
    Government of British Columbia, Ministry of Labour.: Citizens’ services and open government: data BC concept of operations. (2012). Accessed 22 June 2015
  25. 25.
    Gymrek, M., McGuire, A., Golan, D., Halperin, E., Erlich, Y.: Identifying personal genomes by surname inference. Science 339(6117), 321–324 (2013)CrossRefGoogle Scholar
  26. 26.
    Harmon, S., Graeme, L., Haddow, G.: Identifying personal genomes by surname inference. Sci. Public Policy 40(25), 1–9 (2013)Google Scholar
  27. 27.
    Hirschhorn, J., Daly, M.: Genome-wide association studies for common diseases and complex traits. Nat. Rev. Genet. 6(2), 95–108 (2005)CrossRefGoogle Scholar
  28. 28.
    Holman, C., Bass, A., Rosman, D., Smith, M., Semmens, J., Glasson, E., Brook, E., Trutwein, B., Rouse, I., Watson, C., de Klerk, N., Stanley, F.: A decade of data linkage in Western Australia: strategic design, applications and benefits of the WA data linkage system. Aust. Health Rev. (A Publication of the Australian Hospital Association) 32(4), 766–777 (2008)Google Scholar
  29. 29.
    Homer, N., Szelinger, S., Redman, M., Duggan, D., Tembe, W., Muehling, J., Pearson, J., Stephan, D., Nelson, S., Craig, D.: Resolving individuals contributing trace amounts of DNA to highly complex mixtures using high-density SNP genotyping microarrays. PLoS Genet. 4(8), e1000167 (2008)CrossRefGoogle Scholar
  30. 30.
    Howard, A.: Open data 500: proof that open data fuels economic activity - techrepublic. (2014). Accessed 27 Mar 2015
  31. 31.
    Human Genome Organisation (HUGO), Ethics Committee.: Statement on human genomic databases. Int. J. Bioeth. 14(3–4), 207–210 (2003)Google Scholar
  32. 32.
    Information Governance/Information and Transparency/13630.: Protecting personal health and care information: a consultation on proposals to introduce new regulations - GOV.UK. (2014). Accessed 27 Mar 2015
  33. 33.
    Institute on Governance.: Defining governance. (2015). Accessed 27 Mar 2015
  34. 34.
    Jones, K., Ford, D., Jones, C., Dsilva, R., Thompson, S., Brooks, C., Heaven, M., Thayer, D., McNerney, C., Lyons, R.: A case study of the Secure Anonymous Information Linkage (SAIL) Gateway: a privacy-protecting remote access system for health-related research and evaluation. J. Biomed. Inform. 50, 196–204 (2014)CrossRefGoogle Scholar
  35. 35.
    Jutte, D., Roos, L., Brownell, M.: Administrative record linkage as a tool for public health research. Annu. Rev. Public Health 32, 91–108 (2011)CrossRefGoogle Scholar
  36. 36.
    Kelman, C., Bass, A., Holman, C.: Research use of linked health data – a best practice protocol. Aust. N. Z. J. Public Health 26(3), 251–255 (2002)CrossRefGoogle Scholar
  37. 37.
    Khatri, V., Brown, C.: Designing data governance. Commun. ACM 53(1), 148–152 (2010)CrossRefGoogle Scholar
  38. 38.
    Kushida, C., Nichols, D., Jadrnicek, R., Miller, R., Walsh, J., Griffin, K.: Strategies for de-identification and anonymization of electronic health record data for use in multicenter research studies. Med. Care 50, 82–101 (2012)CrossRefGoogle Scholar
  39. 39.
    Lane, J., Schur, C.: Balancing access to health data and privacy: a review of the issues and approaches for the future. Health Serv. Res. 45(5), 1456–1467 (2010)CrossRefGoogle Scholar
  40. 40.
    Laney, D.: 3D data management: controlling data volume, velocity, and variety. Technical Report, META Group, Stamford. (2001)
  41. 41.
    Laurie, G., Sethi, N.: Towards principles-based approaches to governance of health-related research using personal data. Eur. J. Risk Regul. 4(1), 43–57 (2013)Google Scholar
  42. 42.
    Lin, Z., Owen, A., Altman, R.: Genomic research and human subject privacy. Science 305(5681), 183–183 (2004)CrossRefGoogle Scholar
  43. 43.
    Manitoba Centre for Health Policy – University of Manitoba.: Faculty of medicine – community health sciences – Manitoba centre for health policy. (2015). Accessed 27 Mar 2015
  44. 44.
    Manyika, J., Chui, M., Brown, B.: Big data: the next frontier for innovation, competition, and productivity –McKinsey & Company. (2011). Accessed 27 Mar 2015
  45. 45.
    Mayer-Schonberger, V., Cukier, K.: Big Data: A Revolution that Will Transform How We Live, Work, and Think. Houghton Mifflin Harcourt, Boston (2013)Google Scholar
  46. 46.
    Medical Research Council.: 20 million pounds for new health informatics research institute. (2013). Accessed 30 Mar 2015
  47. 47.
    MRC Success Rates.: Medical research council – our research. (2015). Accessed 27 Mar 2015
  48. 48.
    Narayanan, A.: No silver bullet: de-identification still does not work. (2014). Accessed 27 Mar 2015
  49. 49.
    NIH Success Rates.: NIH research portfolio online reporting tools (RePORT). (2015). Accessed 27 Mar 2015
  50. 50.
    Nuffield Council on Bioethics.: The collection, linking and use of data in biomedical research and health care: ethical issues. (2015). Accessed 27 Mar 2015
  51. 51.
    O’Doherty, K., Burgess, M., Edwards, K., Gallagher, R., Hawkins, A., Kaye, J., McCaffrey, V., Winickoff, D.: From consent to institutions: designing adaptive governance for genomic biobanks. Soc. Sci. Med. 73(3), 367–374 (2011)CrossRefGoogle Scholar
  52. 52.
    O’Driscoll, A., Daugelaite, J., Sleator, R.: “Big data”, Hadoop and cloud computing in genomics. J. Biomed. Inform. 46(5), 774–781 (2013)Google Scholar
  53. 53.
    OECD.: OECD principles and guidelines for access to research data from public funding. (2007). Accessed 27 Mar 2015
  54. 54.
    OECD.: OECD guidelines on human biobanks and genetic research databases. (2009). Accessed 27 Mar 2015
  55. 55.
    OECD.: The 2013 OECD privacy framework. (2013). Accessed 27 Mar 2015
  56. 56.
    OECD.: Strengthening health information infrastructure for health care quality governance: good practices, new opportunities and data privacy protection challenges. (2013). Accessed 27 Mar 2015
  57. 57.
    Pencarrick-Hertzman, C., Meagher, N., McGrail, K.: Privacy by design at population data BC: a case study describing the technical, administrative, and physical controls for privacy-sensitive secondary use of personal information for research in the public interest. J. Am. Med. Inform. Assoc. 20(1), 25–28 (2012)CrossRefGoogle Scholar
  58. 58.
    People Are Willing to give away their personal data for a Cinnamon Cookie. Accessed 27 Mar 2015
  59. 59.
    Ploem, M., Essink-Bot, M., Stronks, K.: Proposed EU data protection regulation is a threat to medical research. Br. Med. J. 346, f3534 (2013)CrossRefGoogle Scholar
  60. 60.
    Population Health Research Network.: Our funders. (2011). Accessed 30 Mar 2015
  61. 61.
    Research Councils UK.: RCUK common principles on data policy. (2014). Accessed 6 Mar 2015
  62. 62.
    Roder, D., Fong, K., Brown, M., Zalcberg, J., Wainwright, C.: Realising opportunities for evidence-based cancer service delivery and research: linking cancer registry and administrative data in Australia. Eur. J. Cancer Care 23(6), 721–727 (2014)CrossRefGoogle Scholar
  63. 63.
    Rothstein, M.: Is de-identification sufficient to protect health privacy in research? Am. J. Bioeth. 10(9), 3–11 (2010)CrossRefGoogle Scholar
  64. 64.
    Schneeweiss, S.: Methods for developing and analyzing clinically rich data for patient-centered outcomes research: an overview. Pharmacoepidemiol. Drug Saf. 21(1), 1–5 (2012)CrossRefGoogle Scholar
  65. 65.
    Sethi, N.: Public acceptability of data sharing between the public, private and third sectors for research purposes. (2013). Accessed 27 Mar 2015
  66. 66.
    Sethi, N., Laurie, G.: Delivering proportionate governance in the era of eHealth. Med. Law Int. 13(2–3), 168–204 (2013)CrossRefGoogle Scholar
  67. 67.
    Stanley, F.: Data for Health. Future Leaders, Sydney (2014)Google Scholar
  68. 68.
    Statistics Canada.: The research data centres program. (2009). Accessed 27 Mar 2015
  69. 69.
    Stenbeck, M., Allebeck, P.: Do the planned changes to European data protection threaten or facilitate important health research? Eur. J. Public Health 21(6), 682–683 (2011)CrossRefGoogle Scholar
  70. 70.
    Stevens, L., Laurie, G.: The administrative data research centre Scotland: a scoping report on the legal & ethical issues arising from access & linkage of administrative data. Technical Report ID 2487971, Social Science Research Network (2014)Google Scholar
  71. 71.
    Suissa, S., Henry, D., Caetano, P., Dormuth, C., Ernst, P., Hemmelgarn, B., Lelorier, J., Levy, A., Martens, P., Paterson, M., Platt, R., Sketris, I., Teare, G., Canadian Network for Observational Drug Effect Studies (CNODES): CNODES.: The Canadian network for observational drug effect studies. Open Med. (A Peer-Reviewed, Independent, Open-Access Journal) 6(4), 134–140 (2012)Google Scholar
  72. 72.
    Sweeney, L.: Matching known patients to health records in Washington state data. CoRR abs/1307.1370 (2013).
  73. 73.
    The Academy of Medical Sciences.: A new pathway for the regulation and governance of health research. URL (2011). Accessed 27 Mar 2015
  74. 74.
    The Financial Services Authority.: Principles-based regulation: focusing on the outcomes that matter (2007). Accessed 27 Mar 2015
  75. 75.
    The Scottish Government.: Joined-up data for better decisions: guiding principles for data linkage. (2012). Accessed 27 Mar 2015
  76. 76.
    World Medical Association.: WMA declaration of Helsinki – ethical principles for medical research involving human subjects. (2013). Accessed 27 Mar 2015
  77. 77.
    Wu, X., Zhu, X., Wu, G.D., Ding, W.: Data mining with big data. IEEE Trans. Knowl. Data Eng. 26, 97–107 (2014)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Kimberlyn M. McGrail
    • 1
    • 2
    Email author
  • Kaitlyn Gutteridge
    • 2
  • Nancy L. Meagher
    • 2
  1. 1.Centre for Health Services and Policy Research, School of Population and Public HealthUniversity of British ColumbiaVancouverCanada
  2. 2.Population Data BCUniversity of British ColumbiaVancouverCanada

Personalised recommendations