Glossary of terms

Anonymisation – the process of removing personal identifiers from a dataset to minimise the risk of disclosure. Anonymisation, like consent, is a device for respecting the privacy of individuals.

Approved researcher - a researcher who has completed the necessary training and is currently registered to gain access to datasets within SHIP.

Archiving data - the SHIP Safe Haven provides an archiving service for all linked datasets so that researchers can return to the dataset for an agreed specified period of time following the initial analysis.

Authorisation- authorisation involves decision-making by a trusted third party, such as the Privacy Advisory Committee, Research Ethics Committees and Caldicott Guardians, to permit the use of patient-identifiable data for research and other purposes without consent.

Consent- this refers to the action of a data subject agreeing to the use of their personal identifiable data.

Data access application form - this is a standard format form for making a data access request via SHIP

Data Controller a person or body who in fact and in law is in a position to determine the access to and uses of a given dataset.

Data Linkage - using numerical or text identifiers to establish the connections between records in the same or different databases.

Data Processor- a natural or legal person who processes data on behalf of the data controller.

Data Sharing- an agreed disclosure which takes place in the context of a relationship circumscribed by a data sharing agreement.

Data Sharing Agreement – a legally binding agreement describing the terms and conditions of disclosure of specific data in the context of a relationship between organisations. The agreement must be co-signed by a representative of the researcher's institution.  The co-signatory must have the authority to take the necessary responsibility on behalf of their institution.

Data Subject- the individual to whom the data in question relates.

Havenera person responsible for managing a safe haven.

Indexing Servicea group responsible for adding a variable to records within a dataset so that each individual can be uniquely identified. CHI is commonly used as an indexing variable.

Memorandum of Understanding - a document describing a bilateral or multilateral agreement between parties that may have the legally binding power of a contract.

Person Identifiable Information/Data- any information relating to an identified or identifable natural subject ('data subject').

Privacy risk category- the category assigned to a data access application after the SHIP Research Co-ordinator has carried out the SHIP triage process.

Project Management System – a database used to track the management and approvals of projects in the Safe Haven.

SHIP Data Analyst- an individual at the SHIP Safe Haven who co-ordinates the Safe Haven and organises data provision, disclosure control and data release in the context of the Safe Haven. If data is being accessed through a Safe Haven the SHIP research Co-ordinator will release the requested dataset to the SHIP Data Analyst for the researcher to use in the Safe Haven.

Safe Haven - “[an] environment for population based research and statistical analysis in which the risk of identifying individuals is minimised”.  (Walport and Thomas Report) i.e. a place where research can be done on sensitive data such that the risk of disclosure is reduced by controlling who can have access, what data they can analyse and what outputs can be taken away.  A safe haven may be accessed physically or virtually but a key characteristic is that researchers can only keep their results and even the results are screened to ensure no disclosive data is released.

SHIP Research Co-ordinator a person responsible for liaising with researchers to provide advice about datasets and assistance with SHIP processes (e.g. researcher approval, data access, statistical disclosure control of research results).

SHIP triage process-  the process carried out by the SHIP Research Co-ordinator after a researchre has submitted their data access application to them and after the data controller has set any conditions for access. The Research Co-ordinator will examine any privacy risks which could arise from the proposed data access and use and will assign a privacy risk category to the application accordingly. The fewer concerns that are raised, the lower the privacy risk category that will be assigned.

Statistical Disclosure Controlstatistical processes applied to a dataset to render it non-disclosive.