Appendix: Risks from personal data exposure and how harms can be mitigated
Below are examples of potentially harmful impacts to people, organisations and society, and mitigating actions that could be taken.
Stakeholder impacted
Your organisation
Type of risk
Data breach
Potentially harmful impact(s)
Fined for non-compliance with laws or regulations
Potential mitigating actions
Data minimisation
Validate data input
Strong data governance framework (see the play ‘how to implement a data governance framework’)
Stakeholder impacted
Your organisation
Type of risk
Brand reputation and loss of trust, eg through sharing personal data when you shouldn’t
Potentially harmful impact(s)
Individuals unwilling to share data with you in future or participate in your health data activities
Reduced willingness of partners to work with you
Potential mitigating actions
Data minimisation
Data anonymisation
Use synthetic data
Last updated
Was this helpful?