Privacy contingency risks
| Element | Nature of risks | Level of risk* | Comments | Mitigating mechanisms | ||
| Low | Medium | High | ||||
| Individual data: pseudonym used for patients’ IDs + data aggregated (n = 5 patients per cell) | Individual privacy | × | Pose an indirect risk to individual’s privacy | Non-reversible de-identification | ||
| Pseudonym used for centres’ IDs | Non-individual privacy | × | Pose an indirect risk to centres’ privacy | Reversible de-identification + reporting system: percentage | ||
| Data transmission | Security measures | × | Pose an indirect risk to individual’s privacy | Encryption | ||
| Access to the BIRO network | Security measures | × | Pose an indirect risk to individual’s privacy | Secure applications;hacking tests | ||
| Global statistical analysis | Individual privacy + non-individual privacy + security measures | × | Pose an indirect risk to individual’s privacy and centres privacy | Non-reversible de-identification + encryption | ||
*Low, risk can materialise but mitigating factors exist; moderate, risk is likely to materialise if no corrective measures are taken; high, there is a high chance that negative effects will materialise if no corrective measures are taken.
BIRO, Best Information Through Regional Outcomes; ID, identification.
*Low, risk can materialise but mitigating factors exist; moderate, risk is likely to materialise if no corrective measures are taken; high, there is a high chance that negative effects will materialise if no corrective measures are taken.
BIRO, Best Information Through Regional Outcomes; ID, identification.