Table 1.
Template for optimal governance.
| Question | Key consideration(s) involved |
|---|---|
| Who are the key stakeholders and are they satisfied? (Are the right people engaged at an early enough stage in the governance process?) | Identifying and engaging with the various stakeholders within a regulatory framework means that buy-in and cooperation is much more likely, despite apparently conflicting interests. |
| In what ways does any model under consideration reflect a proportionate approach to governance? | Proportionality should be a key feature of any governance system, legally, ethically and practically. It avoids excessive and overly cumbersome procedures whilst paying due regard to real risks and seeking appropriate measures where fundamental obligations must be met. |
| Do all parties involved understand the implications of a particular model? | A major criticism of the current landscape is its complexity and the confusion that it generates amongst researchers and data controllers. Ensuring that all actors fully understand their obligations and are confident in exercising them is paramount to an effective governance system. |
| What vetting and training methods will be implemented by any model? | It is important to ensure that appropriate methods for ensuring that only adequately qualified individuals gain access to, and/or have responsibility for, data. This implies a need for effective training and accreditation in any governance regime. |
| Is there accountability within the model and who is accountable at each stage? | This requires articulation of key roles and responsibilities within the framework and proportionate sanctions to be in place for non-fulfilment. |
| How is the model monitored/regulated? | This implies overview of key legislative provisions, guidelines and oversight practices. |
| How does the model fare when subject to a Privacy Impact Assessment (PIA)? | It is recommended by the Information Commissioner’s Office that organisations carry out PIAs to identify privacy risks to individuals’ personal information in order to identify failures/strengths of a governance system in handling risks appropriately. It can encourage proportionate rather than conservative approaches towards risk. |
| How does the model reflect public expectations and impact on public confidence? | Engaging with the public, particularly in an initiative that involves sensitive personal information is key. Taking account of public expectations in a governance model can engender public confidence, even when this does not mean that all views become part of the model. |
| How does the current and proposed model sit within the legal order? | Compatibility of governance model with legal requirements and, even further, whether or not the model impedes/facilitates/makes optimal use of the legal provisions. |