Encrypt personal and sensitive data when transferred to or
from any network-connected server. No de-identified data
should knowingly and purposely be re-identified, unless there
is a legitimate, lawful and fair basis as noted in Section 1. To
minimize the possibility of re-identification, it is recommended
that de-identified data not be analysed or otherwise used by the
same individuals who originally de-identified the data.
It is important to ensure that the measures taken to protect
privacy and ensure data security do not disproportionately
compromise the utility of the data for the intended purpose.
Such measures should be employed in such a way as to
maximize the positive impact expected from the data use and
to fulfill the purposes for which the data was obtained.
Data access should be limited to authorized personnel, based
on the “need-to-know” principle. Personnel should undergo
regular and systematic data privacy and data security trainings.
Prior to data use, vulnerabilities of the security system
(including data storage, way of transfer, etc.) should be assessed.
Data security measures should be assessed in light of the risks,
harms and benefits of data use, including as noted in Section 3.
When considering the risks associated with the vulnerability of
data security systems, it is important to consider factors such
as intentional or unintentional unauthorized data leakage or
breach: (i) by authorized personnel, (ii) by known third parties
who have requested or may have access, or may be motivated to
get access to misuse the data and information, (iii) by unknown
third parties (e.g. resulting from publishing data sets or the
results of an analysis).
Special attention should be paid when using cloud services,
especially with regard to the data security setup and physical
locations at which data is stored. Usage of non-cloud storage
should be considered for sensitive data. When third-party cloud
storage providers are used, potential risks and harms associated
with the use of such cloud storage, as detailed in Section 3,
should be both taken into account.
6. DATA RETENTION AND DATA
MINIMIZATION
Data access, analysis or other use should be kept to the minimum
amount necessary to fulfill its purpose, as noted in Section 2.
The amount of data, including its granularity, should be limited
to the minimum necessary. Data use should be monitored to
ensure that it does not exceed the legitimate needs of its use.
Any retention of data
8
should have a legitimate and fair basis,
including beyond the purposes for which access to the data
was originally granted, as specified in Section 1, to ensure that
no extra or just-in-case data set is stored. Any data retention
should be also considered in light of the potential risks, harms
and benefits as discussed in Section 3. The data should be
permanently deleted upon conclusion of the time period
needed to fulfill its purpose, unless its extended retention is
justified as mentioned in this Section above. Any deletion of
data should be done in an appropriate manner taking into
consideration data sensitivity and available technology.
7. DATA QUALITY
All data-related activities should be designed, carried out,
reported and documented with an adequate level of quality
and transparency. More specifically, to the extent reasonably
possible, data should be validated for accuracy, relevancy,
suciency, integrity, completeness, usability, validity and
coherence, and be kept up to date.
Data quality should be carefully considered in light of the risks
that the use of low quality data for decision-making can create
for an individual(s) and group(s) of individuals.
Data quality must be assessed for biases to avoid any adverse
eects, where practically possible, including giving rise to
unlawful and arbitrary discrimination.
9 It is important to emphasize that big data generated by the use of social media,
mobile phones, credit cards, etc. is usually owned by either the original author or
the digital service provider (e.g. social media platform, mobile phone company or
bank).
10 Usually, there will be an opportunity to obtain consent if the organization is the
original data collector. However, in situations where data is being obtained from a
third party data provider, checking whether a third party data provider has obtained
adequate consent (e.g. directly or indirectly through the online terms of use) or has
another legitimate basis for collecting and sharing the data is recommended when
conducting a due diligence exercise.
6 DATA PRIVACY, ETHICS AND PROTECTION: GUIDANCE NOTE ON BIG DATA FOR ACHIEVEMENT OF THE 2030 AGENDA