May I have permission?
When Finns want to dance, they ask for permission. “Care to dance?” is another way of saying it. Dancing fluently with a partner requires not only the courage to let the music move you, but also sensitivity, a mutual understanding about the pattern of steps as well as trust. Even organisations cannot thrive without the trust of their stakeholders. Trust in organisations is encouraged by well-functioning structures, fair practices and joint rules that everyone is aware of. Operational transparency is particularly important in the work of the public authorities because trust is earned slowly but can be lost in an instant.
Here at Sitra’s Isaacus - Digital health HUB project, we are making preparations for establishing an actor that will focus on the compilation and coordination of well-being data. The project is being taken forward in close cooperation with the central actors. The Ministry of Social Affairs and Health is preparing new legislation. The project also involves a new kind of cooperation between authorities, which will in the future allow for the more efficient exploitation of Finland’s, in a global context, exceptionally comprehensive and high-quality social welfare and health sector data resources.
Data exploitation may sound scary but at its best it can mean new, more effective, targeted medicines when whole genome data sets will be available to predict the effects of medication. It can mean better diagnoses and more up-to-date information about the quality of care by different – public and private – actors. The goal is to establish rules and to create agile and safe frameworks that take the interests of the individual into account in the exploitation of data.
According to Sitra’s survey conducted by TNS Gallup in June 2016, Finns are willing to anonymously submit their social welfare, health and genetic data for the purpose of service development and scientific research. The survey examined citizen attitudes towards the secondary use of well-being data collected on Finns. Secondary use includes, among other things, research, statistical purposes, development and innovation activities, and knowledge management.
The survey results show that citizens are interested in the use of their social welfare and health data and support their use for development and research purposes. However, people also want to be informed about the use of their personal social welfare and health data. The most important issues that concern people are being able to see their own data and having the possibility to correct the data if necessary or even to forbid the use of the data.
Over 90% of the respondents felt that the following points were either important or very important:
• being able to see their own data
• being able to correct any errors in their own data
• wanting to see what purposes their own data would be used for and who would be using it
• being able to forbid the use of their own data.
Finns want to control the use of their own data through express consent. Nearly 90% of the respondents felt that it was important or very important that an individual should be able to decide what the data collected on them is used for, especially if the data can reveal the person’s identity.
The new actor must therefore be able to work transparently. An information security audit provides a holistic picture about the current state of data processing in an organization and an assessment about the realization of data protection, data security and privacy protection. It is essential that the new actor will, at the very least, conduct an information security audit of its operations. The EU’s Data Protection Directive (http://ec.europa.eu/justice/data-protection) will require a description of such issues. But this is just a starting point. A report prepared after the event is not Good audit trail afterwards is not sufficient when sensitive information is concerned. The citizen’s perspective and data protection issues must be taken strongly into consideration already in the planning of operations and operational practices.
The survey confirms that Finns have a high level of trust in the authorities. The police force is the most trusted authority, with 87% of the respondents stating that it is reliable or very reliable. There is also a high level of trust in the public social welfare and health care system (72%) and the Social Insurance Institution of Finland – Kela (69%). This is especially emphasized when the reliability of different actors is assessed as users of the individual’s data. A majority of the respondents also feel that it is important for an authority to oversee the use of data as well as the appropriateness of its use. “May I have permission?” is a question that does not necessarily need to be asked very often when the activities of the public authorities are well-planned and properly monitored, and as long as the rights of the citizen are respected, data protection is not endangered and the data is processed in safe operating environments in an ethical manner.
Finland’s data has been called our national pile of ore. Our national treasure needs to be protected and accumulated. This will only work by preserving the mutual trust of the different actors and operators. At its best, an ecosystem based on data enables significant benefits, and data mining and exploitation does not involve the same kinds of environmental risks as traditional mining operations. In this dance, you do not want to be out of step.