CYBERPSYCHOLOGY, BEHAVIOR, AND SOCIAL NETWORKING Volume 18, Number 1, 2015 ª Mary Ann Liebert, Inc. DOI: 10.1089/cyber.2014.1529

EDITORIAL

Sustainable Responsible Research and Innovation Through Secure, Private Data Brenda K. Wiederhold, PhD, MBA, BCB, BCN

A

s we wrote in this column in the last issue, responsible research and innovation (RRI) can be defined as that which:

cess of engaging stakeholders in order to consider how privacy might be impacted by the development of a new technology, product, service, project or policy and what measures could be taken to avoid or mitigate unwanted effects.’’9 Cited benefits of PIA include increased public trust, regulatory compliance, and risk avoidance. The EU recommended a PIA framework for radio frequency identification (RFID) tags, and Australia, Canada, New Zealand, the UK, and the United States have developed PIA policies and guidelines. The UK has outlined steps for conducting a PIA in its assessment template:

 is ethically acceptable,  is sustainable by avoiding significant adverse effects, and  drives towards the common good, i.e., societal desirability.1 Last month, we focused on RRI’s societal desirability and the fact that our behavior toward that end is shaped by social media. This second editorial in the series highlights safety (i.e., avoiding significant adverse effects) and security as RRI goals. Next month’s editorial will tackle the subject of ethics, including neuroethics, as an RRI component. Organizations such as the World Health Organization (WHO) and the National Research Council, respectively, have outlined a vision for responsible life science research for global health security2 and identified principles guiding research involving biological select agents and toxins.3 As safety and security apply to information and communications technology (ICT) research, these issues are primarily concerned with secure communication of data across networks, and data privacy, security, and ownership.4 For example, U.S. retailers such as Target that were the victims of hackers have provided 1 year of free credit monitoring for those credit card holders whose data were compromised. In the United States, medical data breaches are taken very seriously, with financial penalties of up to $1.5 million per incident and consequent destruction of an institution’s reputation.5 As a subset of ICT research, social media research tools used by sites such as Facebook allow researchers to study, for example, interactions between parents and children.6 Recommendations for RRI in ICT include standard setting, self-regulation, accountability, and third-party verification.7 According to a recent European Commission report, ‘‘Very strict EU data protection laws have triggered an industry of privacy enhancing and security technology. IBM’s privacy lab is located in Zu¨rich and some of the strongest groups in the world in privacy by design tools are located in Europe.’’8 A privacy impact assessment (PIA) tool is being developed under the PRESCIENT (Privacy and Emerging Sciences and Technologies) project funded under the EU’s Seventh Framework Programme for research and technological development. The researchers define PIA as ‘‘a pro-

1. 2. 3. 4. 5. 6.

Identify the need for a PIA .. Describe the information flows .. Identify the privacy and related risks .. Identify privacy solutions .. Sign off and record the PIA outcomes .. Integrate the PIA outcomes back into the project plan.10

As Chair of the Integrated Mission Group for Security’s cTA3 on ethics, society, and human factors (img-s.eu), I am dedicated to building world-class technology capabilities for cybersecurity. I invite CYBER readers to make a difference, contributing by whatever means available to you—making sure that stakeholders are involved in projects that could affect the security of their information, serving on a privacy and security task force at your institution, or double-checking your own social media privacy settings—to ensure that the new social realities we are creating through the use of technology are as secure as humanly possible. References

1. ProGReSS eNewsletter #1, August 2013, p. 6. www .progressproject.eu/progress-enewsletter/ (accessed Oct. 20, 2014). 2. World Health Organization. (2010) Responsible life science research for global health security. A guidance document. Document No. WHO/HSE/GAR/BDP/2010.2. Geneva: WHO Press. www.who.int/csr/resources/publications/ HSE_GAR_BDP_2010_2/en/ (accessed Nov. 4, 2014). 3. Committee on Laboratory Security and Personnel Reliability Assurance Systems for Laboratories Conducting Research on Biological Select Agents and Toxins, Board on Life Sciences, National Research Council. (2009) Responsible research with biological select agents and toxins. Washington, DC: The National Academies Press. www

1

2

4.

5.

6.

7.

EDITORIAL

.ncbi.nlm.nih.gov/books/NBK44956/pdf/TOC.pdf (accessed Nov. 4, 2014). Eden G, Jirotka M, Stahl B. (2014) Responsible research and innovation in ICT: summary of key issues, recommendations, challenges and enablers. A report from the Framework for Responsible Research and Innovation in ICT (FRRIICT) project (EPSRC Grant No. EP/J000019/1). Oxford, UK: Framework for Responsible Research and Innovation, Computer Science Department, University of Oxford, p. 21. http://responsible-innovation.org.uk/torrii/ sites/default/files/RRIinICT-landscapeStudy.pdf (accessed Nov. 8, 2014). Benton L. HHS raises the stakes for patient data breaches. Healthcare IT News, November 25, 2013. www .healthcareitnews.com/blog/hhs-raises-stakes-patient-databreaches (accessed Nov. 8, 2014). Jayson S. Social media raises privacy and ethical issues. USA Today, March 12, 2014. www.usatoday.com/story/ news/nation/2014/03/08/data-online-behavior-research/ 5781447/ (accessed Nov. 4, 2014). Von Schomberg R. (2011) Prospects for technology assessment in a framework of responsible research and innovation. In M Dusseldorp, R Beecroft, eds. Technikfolgen abscha¨tzen lehren: Bildungspotenziale transdisziplina¨rer Methoden. Wiesbaden: Vs Verlag. www.farinn.eu/pdf/ prospects-for-technology-assessment-in-a-framework-ofresponsible-research-and-innovation.pdf (accessed Nov. 4, 2014).

8. Directorate-General for Research and Innovation, Science in Society. (2013) Options for strengthening responsible research and innovation. Report of the expert group on the state of art in Europe on responsible research and innovation. Luxembourg: Publications Office of the European Union, p. 64. http://ec.europa.eu/research/science-society/ document_library/pdf_06/options-for-strengthening_en.pdf (accessed Nov. 8, 2014). 9. Wright D, Gellert R, Gutwirth S, et al. (2011) Precaution and privacy impact assessment as modes toward risk governance, In Von Schomberg R, ed. Towards responsible research and innovation in the information and communication technologies and security technologies fields. A report from the European Commission Services. Luxembourg: Publications Office of the European Union, p. 84. http://ec.europa.eu/research/science-society/document_ library/pdf_06/mep-rapport-2011_en.pdf (accessed Nov. 4, 2014). 10. Information Commissioner’s Office (ICO). (2014) Conducting privacy impact assessments. Code of practice. Version 1.0. Wilmslow, UK. http://ico.org.uk/for_organisations/ data_protection/topic_guides/*/media/documents/library/ Data_Protection/Practical_application/pia-code-of-practicefinal-draft.pdf (accessed Nov. 4, 2014).

Brenda K. Wiederhold Editor-in-Chief

Copyright of CyberPsychology, Behavior & Social Networking is the property of Mary Ann Liebert, Inc. and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use.