Quarterly project update (December 2021)

Hello! 👋

In this news update: Introduction chapter online, a first version of the survey, several use cases found and intensifying internal collaborations.

Want to receive the (internal) monthly email update? Drop us a message!

What have we worked on?

👯 Project management

How to set up and maintain such a large project? We have been:

• learning how to involve the individual team members in a meaningful way.
• setting up a project plan and communications in the form of this website and monthly emails.
• looking to intensify collaboration with our stakeholders, such as IT experts and research engineers, university-wide privacy officers and information security experts. A path which we hope to continue in the new year!

🧠 Data Privacy Handbook

We are working on the Data Privacy Handbook chapter-by-chapter, where each 6 weeks we start a chapter. After writing and processing feedback, we publish the chapter. Feedback after publication is always very welcome!

So far, we have:

• A draft chapter outline for each chapter.
• 🎉 A published introduction chapter.
• A ready-for-review version of the GDPR chapter: a concise overview of the GDPR and how it applies to research data.
• A first rough draft of the Privacy and Security Assessment chapter, which we will continue to work on.

🔍 Survey

To investigate what researchers know, experience, and need in terms of data privacy, we will send out a questionnaire and interview a number of researchers. Before we can do this, a lot of preparatory work needs to be done:

1. What questions will we ask?
   With the team, we have established a question bank. The question bank has provided input for the first full version, which we are refining at the moment.
2. How are we handling the data during and after the survey?
   We are writing a Data Management Plan, a Legitimate Interest Assessment (for disseminating the survey) as well as an information letter and informed consent question (for collecting, storing and analysing the survey responses).
3. How are we going to reach as many researchers at Utrecht University (UU) as possible?
   This is currently in progress in collaboration with experts from Communications.

🛠️ Use Cases

Use cases are research projects with a data privacy-related issue that we can help solve in the form of workflows, tools, services, etc. We hope to document these in the Data Privacy Handbook for others to reuse.

We are currently working on (documenting) the following topics:

• Pseudonymising different types of data, e.g., behavioural data, MRI data, and video data.
• Investigating what is needed to share personal research data outside the European Union.
• Publishing metadata of a dataset that cannot be shared due to privacy reasons.
• Data minimisation in survey research.
• Investigating services that allow for safe analysis of personal data without direct access to the data (Code-to-data solutions).
• FAIRifying privacy-related tooling from the UU Research Engineering team.

Is your data privacy issue not in this list? We are still looking for new use cases!

💪 Dissemination

To bring the project results into practice, we need to create an implementation plan. This may include several outcomes, such as a reusable presentation, new workshops or adaptations to existing workshops or a new privacy support structure within the university.

⏭️ Next quarter

Next quarter, we will:

• Work on new chapters of the Data Privacy Handbook.
• Document and publish the first few use cases in the Data Privacy Handbook.
• Finish the preparations for the survey and send it out.
• Intensify our collaborations within and between departments at Utrecht University, as well as outside of the UU.

❓ Questions?

Questions or comments about this project? Want to collaborate or provide input? Awesome! Please feel free to drop Neha or Dorien a message via email or Twitter.