In an era of accelerating advances in data collection and analysis, realizing the full potential of open science depends on balancing data accessibility and privacy. As we move towards a more open scientific environment, the amount of sensitive data being shared is rapidly increasing. Open science offers the opportunity to accelerate scientific discovery, but it also poses risks to privacy if not managed correctly.
Building on existing data and privacy initiatives, the White House and federal science agencies should work together to develop and implement clear standards for research data privacy throughout the data management and sharing lifecycle.
detail
Federal agencies’ open data efforts are a milestone in the transition to open science. They foster collaboration, transparency, and innovation in the U.S. scientific ecosystem and have the potential to lead to a new era of discovery. However, the transition to open data also raises privacy challenges, as openly sharing research data can expose personal and sensitive information without appropriate care, methods, and tools. Addressing this challenge requires new policies and technologies that enable open data sharing while protecting individual privacy.
The U.S. government has demonstrated a strong commitment to addressing data privacy challenges in a variety of scientific and technological contexts. This effort is supported by laws and regulations such as the Health Insurance Portability and Accountability Act and the Human Subjects Research Regulations (e.g., Title 45, Code of Federal Regulations, Part 46). These regulations provide a legal framework to protect sensitive and personally identifiable information. This is extremely important in the context of open science.
The White House Office of Science and Technology Policy (OSTP) is leading the National Strategy to Advance Privacy-Protecting Data Sharing and Analytics to accelerate the development of these technologies, equitably maximize their benefits, and ensure trust. We aim to facilitate and reduce risk. The National Institutes of Health (NIH) operates an internal privacy program that is responsible for protecting sensitive and personally identifiable information within NIH operations. The National Science Foundation (NSF) complements these efforts with a multidisciplinary approach through programs such as the Secure and Trusted Cyberspace Program, which helps design, build, and operate cyber systems, protect existing infrastructure, and We aim to develop new ways to motivate and educate individuals about security. .
Given the unique challenges in the open science context and the broader implications of open data efforts across the scientific ecosystem, there is a need for clear policies and frameworks that promote the efficient sharing of scientific data while protecting privacy. Further development is still needed. Working collaboratively across the federal government will ensure these policies are adaptable, comprehensive, and tailored to the rapidly evolving landscape of scientific research and data technology.
Recommendations
To clarify standards and best practices for research data privacy:
- The National Institute of Standards and Technology (NIST) needs to build on its existing research data framework and develop a new framework that focuses specifically on research data privacy and addresses the unique needs of open science communities and practices. there is. This provides researchers with a clear roadmap for implementing privacy-preserving data sharing in their research.
- This framework should incorporate privacy by design principles to ensure that privacy is an integral part of the research life cycle, rather than an afterthought.
- This framework must be updated regularly to keep pace with changes in state, federal, and international data privacy laws and new privacy protection methodologies. This allows us to remain relevant and effective in an evolving data privacy environment.
To ensure best practices are used in federally funded research, do the following:
- Funding agencies such as NIH and NSF should work with NIST to develop and implement training for applicants and reviewers on data management and sharing plans. This training will provide both parties with knowledge of best practices for privacy-preserving data sharing in open science and ensure that data privacy measures are effectively integrated into research workflows.
- Government agencies should further establish programs that promote privacy education, as recommended in the OSTP National Strategy.
- Open data privacy training can be further integrated into an agency’s existing Responsible Research Conduct requirements.
To foster continuous improvement of data privacy technologies:
- Science funding agencies need to increase funding for field-specific research and the development of privacy-preserving methods for sharing research data. Such efforts will foster innovation in areas such as cryptography and secure computing, and lead to the development of new technologies that can expand the scope of open and secure data sharing.
- To further stimulate innovation, these institutions can also host privacy/security innovation contests to encourage researchers and developers to create and implement cutting-edge solutions.
To promote coordination between government agencies:
- OSTP should establish a National Science and Technology Council Subcommittee on Research Data Privacy within its Scientific Committee. This subcommittee should work closely with the Office of Management and Budget and leverage its expertise in overseeing federal information resources and implementing data management policies. This collaboration will ensure a coordinated and consistent approach to addressing data privacy issues in open science across various federal agencies.
To learn more about the importance of making science open and read the rest of the published memo, visit the Open Science Policy Sprint landing page.