Data Release - Trust, Identity, Privacy and Security
Lead Research Organisation:
Swansea University
Department Name: College of Science
Abstract
The Open Data Initiative (ODI) demonstrates that there is a growing ambition from government to publish internal data as open data sets. (See https://data.gov.uk). Data custodians, particularly large governmental organisations such as the DVLA and HMRC, have a legal duty, enforced by the Information Commissioner's Office (ICO), and social duty of care to the public, to ensure that privacy is not breached by the release of data as open data sets. These large organisations face an increasingly difficult task in establishing whether the release of data will result in enough data being open to triangulate individuals and destroy privacy.
Our research takes a collaborative approach uniquely combining formal methods, counter-fraud, data mining and data visualization to produce new tools, methodologies and theory for working with data release. We will produce tools that allow interactive analysis of data sets to determine if data release can combine with existing data to triangulate personal data. We will take a new approach of using formal notions about data, memorandums of understanding (of data use) and criteria of control to auto-generate software tools that allow the user to manipulate, investigate and analyse data sets for potential unintended consequences if released.
We will undertake empirical studies with data keepers, data users and members of the public to inform data policies surrounding release of data and integrate this within our toolsets and methodologies.
Our research takes a collaborative approach uniquely combining formal methods, counter-fraud, data mining and data visualization to produce new tools, methodologies and theory for working with data release. We will produce tools that allow interactive analysis of data sets to determine if data release can combine with existing data to triangulate personal data. We will take a new approach of using formal notions about data, memorandums of understanding (of data use) and criteria of control to auto-generate software tools that allow the user to manipulate, investigate and analyse data sets for potential unintended consequences if released.
We will undertake empirical studies with data keepers, data users and members of the public to inform data policies surrounding release of data and integrate this within our toolsets and methodologies.
Planned Impact
This project aims to expand the fundamental theoretical and practical research in the area of Data Sharing - Trust, Identity, Privacy and Security. In addition to the significant scientific impact of the work, the introduction of new techniques, approaches and algorithms will produce societal and economic impact.
It has been identified that a large number of government services could be delivered digitally and result in very large efficiency savings of between £1.7 and £1.8 billion per year, despite this, the vast majority of public service delivery is via paperwork. Government policy is now to change this to digital by default. There is also a clear argument for releasing public data so that commercial companies can create added value by developing apps that can harness the data or utilise the data in existing apps. But there can also be unintended consequences. Therefore, we must strike a correct balance that ensures data releases are safe, secure and do not break privacy and trust, but also provide enough data to produce economic benefits.
Our research will provide visualization tools, policies, theoretical and scientific methodologies, and analytical tools for determining any potential privacy issues with data release. All of these research outputs will be of benefit to local government, government and other institutions that release data concerning individuals.
It has been identified that a large number of government services could be delivered digitally and result in very large efficiency savings of between £1.7 and £1.8 billion per year, despite this, the vast majority of public service delivery is via paperwork. Government policy is now to change this to digital by default. There is also a clear argument for releasing public data so that commercial companies can create added value by developing apps that can harness the data or utilise the data in existing apps. But there can also be unintended consequences. Therefore, we must strike a correct balance that ensures data releases are safe, secure and do not break privacy and trust, but also provide enough data to produce economic benefits.
Our research will provide visualization tools, policies, theoretical and scientific methodologies, and analytical tools for determining any potential privacy issues with data release. All of these research outputs will be of benefit to local government, government and other institutions that release data concerning individuals.
Organisations
Publications
Ali M
(2019)
Clustering and Classification for Time Series Data in Visual Analytics: A Survey
in IEEE Access
Ali M
(2021)
Concurrent time-series selections using deep learning and dimension reduction
in Knowledge-Based Systems
Alqahtani A
(2018)
A Deep Convolutional Auto-Encoder with Embedded Clustering
Alqahtani A
(2021)
Neuron-based Network Pruning Based on Majority Voting
Beggs E
(2022)
A model of systems with modes and mode transitions
in Journal of Logical and Algebraic Methods in Programming
Chen, L-T
(2019)
An algebraic theory for data linkage
Hou T
(2020)
Industrial espionage - A systematic literature review (SLR)
in Computers & Security
Johnson K
(2017)
Recent Trends in Algebraic Development Techniques
Ren H
(2022)
GRNN: Generative Regression Neural Network-A Data Leakage Attack for Federated Learning
in ACM Transactions on Intelligent Systems and Technology
Tsang G
(2020)
Harnessing the Power of Machine Learning in Dementia Informatics Research: Issues, Opportunities, and Challenges
in IEEE Reviews in Biomedical Engineering
Tsang G
(2021)
Modeling Large Sparse Data for Feature Selection: Hospital Admission Predictions of the Dementia Patients Using Primary Care Electronic Health Records.
in IEEE journal of translational engineering in health and medicine
Wang V
(2023)
People watching: Abstractions and orthodoxies of monitoring
in Technology in Society
Wang V
(2021)
'I am not a number': Conceptualising identity in digital surveillance
in Technology in Society
Wang V
(2020)
Exploring the extent of openness of open government data - A critique of open government datasets in the UK
in Government Information Quarterly
Wang V
(2017)
Surveillance and identity: conceptual framework and formal models
in Journal of Cybersecurity
Wang Victoria
(2019)
The barriers to the opening of government data in the UK: A view from the bottom
in Information Polity
| Description | For Open Government Data (OGD) to fulfil its purpose, it ought to be assessible by, and useful to, ordinary citizens. We developed an OGD assessment tool called the ordinary citizen test. We conducted a review of the extent of openness of OGD released by the UK government on data.gov.uk. We discovered that only a small minority of datasets on the data.gov.uk website is actually open data. https://doi.org/10.1016/j.giq.2019.101405 |
| Exploitation Route | When releasing open data, the releasing party should make the data readily available at a granular level, timely, structured with open machine readable formats, cost free and open (without barrier). |
| Sectors | Digital/Communication/Information Technologies (including Software),Government, Democracy and Justice |
| Description | Data release. Releasing specific data fields as part of open data sets which in themselves are not regarded as identifiers, can combine with other open data to identify individual data records. Although we are working on software tools and methodologies to help identify and quantify such attributes, raising awareness of this issue in a specific case has led to a public change where open data has been generalised to avoid this. Real-time contractual monitoring with suppliers. We identified a problem where a contract is signed for a period of time with a company, but that company can undergo significant events such as a turnover of more than 50% of directors (or even 100% in a few cases) or change of significant control. Without real-time monitoring, such events can go unnoticed over the long period of contract. Awareness of these types of events can allow policies concerning risk to be defined, e.g., flag when more than 50% of directors change since the contract was signed. Some specific examples were - a contract specified UK based companies for GDPR compliance, but the company in question had a change of persons of significant control which resulted in ownership transferring to Luxembourg. In another case, more than 50% of directors changed, but examining the directors suggested the company was passing from parents to children (who were already working for the company) on retirement. Of these two, the former example could be more serious (including reputationally) than the latter. Visualisation of the data allowed exploration of the data to a level where first awareness of such events could be raised, and secondly formation of policies surround such changes could be established. Reputation. The above examples indicate reputational risk where contracts could be signed with companies with unclear structures. A further unclear structure identified included circular ownership, i.e., where Company A significantly controls B, which significantly controls C, which significantly controls A, resulting in a structure where there is no clear ultimate person of significant of control. As above, once identified, awareness of the problem can be used to define policies which can be monitored using Companies House updates. Openness of Open Government Data We raised awareness of the challenges of effectively using open government data set by examining a sample consisting of the most popular data sets and a further random selection from the government data website. The largest problems identified were, lack of recency, the data is aggregated rather than being accessible at a granular level, or the data is unstructured (leading to problems of reusability). This highlighted, at the time of the survey, that based on the sample, only around 13% of the open government data sets would be useful and useable according to the open data set tests. The two terms open government information and Open Government Data (OGD) are often used interchangeably. Whilst the barriers to open government information have been substantially reduced, the barriers to OGD persist. Even the most enthusiastic responsible individuals face considerable obstacles in publishing OGD. A key barrier to OGD in the UK is its impression management strategy based on information rather than data orientation. |
| First Year Of Impact | 2017 |
| Sector | Government, Democracy and Justice,Transport,Other |
| Impact Types | Policy & public services |
| Description | Trade Finance Fraud Detection Project in Dual-Use Goods with Machine Learning and Visual Analytics, (Innovate UK, 104413) |
| Amount | £377,711 (GBP) |
| Funding ID | 104413 |
| Organisation | Innovate UK |
| Sector | Public |
| Country | United Kingdom |
| Start | 09/2018 |
| End | 11/2019 |
| Description | Data Governance Conference: GDPR and the road ahead |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Industry/Business |
| Results and Impact | The value of good data governance underpins the General Data Protection Regulation, or GDPR. Due to popular demand we are revisiting our Data Governance Conference, taking a closer look at the regulation and asking, what does good data governance actually look like? This conference will emphasise the importance of boards grasping the significance of data governance, and will reflect upon how compliance presents opportunities, not just obligations. We will also address the importance of not just complying in time for implementation, but ensuring that the right strategies are in place to ensure compliance continues once implemented. |
| Year(s) Of Engagement Activity | 2018 |
| URL | https://www.icsa.org.uk/events/conferences-and-summits/data-governance-conference-2018 |
| Description | Data Release: Trust, Identity, Privacy and Security |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | Regional |
| Primary Audience | Study participants or study members |
| Results and Impact | Victoria Wang gave a talk titled - Data Release: Trust, Identity, Privacy and Security. |
| Year(s) Of Engagement Activity | 2016 |
| Description | Developing approaches to prevent involvement in cyber crime |
| Form Of Engagement Activity | A formal working group, expert panel or dialogue |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Policymakers/politicians |
| Results and Impact | This is a workshop organised by the Home Office and National Crime Agency to discuss with invited academics about some possible effective measures to support and further the 'Prevent' aspect of the 4Ps' Home Office Serious and Organised Crime Strategy (2013). Dr. Victoria Wang is an invited participant of the event. This event is by invitation only. |
| Year(s) Of Engagement Activity | 2017 |
| Description | Engaging with the National Cyber Security Strategy: Working in Partnership to Reduce Risk in the Digital Age |
| Form Of Engagement Activity | A formal working group, expert panel or dialogue |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Policymakers/politicians |
| Results and Impact | With General Data Protected Regulation anticipated for Local Authorities in May of next year, and the renewed comprehensive strategy on national cyber security moving into maturity, this symposium will provide businesses, local authorities, industry regulators, intelligence agencies, police, technology specialists, academics and other key stakeholders with a timely and invaluable opportunity to engage with the Governments pursued policies, collectively enhance our defences to malicious actors and address the root causes of vulnerability to cyber threats. |
| Year(s) Of Engagement Activity | 2017 |
| URL | https://www.publicpolicyexchange.co.uk/events/HE23-PPE |
| Description | ICSA Data Governance Conference: Risks and opportunities of GDPR |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Industry/Business |
| Results and Impact | Whether you are a listed business, a small private company, public sector or not-for-profit, the need for good and effective data governance has never been greater. The value of good data governance underpins the General Data Protection Regulation, or GDPR. In ICSA's latest technologies conference, we take a closer look at the regulation and ask, what does good data governance actually look like? We emphasise the importance of boards grasping the significance of data governance, and reflect upon how compliance presents opportunities, not just obligations. Small group workshops will also offer delegates the chance to share and get advice on the unique challenges they face. |
| Year(s) Of Engagement Activity | 2017 |
| URL | https://www.icsa.org.uk/events/conferences-and-summits/data-governance-conference |
| Description | NHS Hackathon Cardiff 2017 |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Professional Practitioners |
| Results and Impact | Dr Ric Colasanti attended the NHS Hack Day in Cardiff January 2017 http://nhshackday.com/previous/events/2017/01/cardiff/ The aim is to utilise expertise about Data Visualisation and Data mining to help transform the NHS. Ric also made contact with Ross Jones of data.gov at the event. |
| Year(s) Of Engagement Activity | 2017 |
| URL | http://nhshackday.com/previous/events/2017/01/cardiff/ |
| Description | Panel memeber of 16th Noord InfoSec Dialogue |
| Form Of Engagement Activity | A formal working group, expert panel or dialogue |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Professional Practitioners |
| Results and Impact | I am a panle member of the 16th Noord InfoSec Dialogue. |
| Year(s) Of Engagement Activity | 2017 |
| URL | https://www.noord-group.com/noord-infosec-dialogue-0 |
| Description | The Cyber Security Summit |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Policymakers/politicians |
| Results and Impact | The Cyber Security Summit Manchester will welcome cyber security and ICT professionals from across central government, local government, law enforcement, the NHS and wider public sector, to tackle key issues at the heart of UK public sector and discover, determine and deliberate the latest developments, strategies and technologies available to successfully defend organisations online. Keeping up to pace with the scale, complexity and ever-changing threat we face. |
| Year(s) Of Engagement Activity | 2017 |
| URL | http://www.cybersecurityconference.co.uk/people |
| Description | The Police Foundation - 'To what extent should we police the internet?' |
| Form Of Engagement Activity | A formal working group, expert panel or dialogue |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Professional Practitioners |
| Results and Impact | This session of the Oxford Policing Policy Forum focuses on the ethics of policing the internet. This is an Invitation Only event. |
| Year(s) Of Engagement Activity | 2018 |
| Description | Trust, Identity, Privacy and Security (TIPS) in the Digital Economy Workshop (RCUK; EPSRC) - Current TIPS 1 projects elevator pitches |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Professional Practitioners |
| Results and Impact | Trust, Identity, Privacy and Security (TIPS) in the Digital Economy Workshop (RCUK; EPSRC) - Current TIPS 1 projects elevator pitches (Victoria Wang pitched for the Swansea_Portsmouth team project on data release) and future funding call discussions (the forthcoming TIPS 2 funding call) |
| Year(s) Of Engagement Activity | 2017 |
| URL | http://www.paccsresearch.org.uk/event/tips-workshop/ |