# Appendix: Risks from personal data exposure and how harms can be mitigated

Below are examples of potentially harmful impacts to people, organisations and society, and mitigating actions that could be taken.

{% tabs %}
{% tab title="Wellbeing/ safety/ autonomy" %}

#### Stakeholder impacted

Individuals

#### Type of risk

Wellbeing/ safety/ autonomy

**Potentially harmful impact(s)**

* Denied service based on health data
* Discriminated against or stigmatised
* Publicly exposed/ attacked

**Potential mitigating actions**

* Validate data input
* Data anonymisation
* Use synthetic data
  {% endtab %}

{% tab title="Data breach" %}
**Stakeholder impacted**

Your organisation

#### Type of risk

Data breach

**Potentially harmful impact(s)**

Fined for non-compliance with laws or regulations

**Potential mitigating actions**

* Data minimisation
* Validate data input
* Strong data governance framework (see the play ‘how to implement a data governance framework’)
  {% endtab %}

{% tab title="Brand reputation and loss of trust" %}
**Stakeholder impacted**

Your organisation

#### Type of risk

Brand reputation and loss of trust, eg through sharing personal data when you shouldn’t

**Potentially harmful impact(s)**

* Individuals unwilling to share data with you in future or participate in your health data activities
* Reduced willingness of partners to work with you

**Potential mitigating actions**

* Data minimisation
* Data anonymisation
* Use synthetic data
  {% endtab %}

{% tab title="Inequitable value distribution" %}
**Stakeholder impacted**

Communities, eg vulnerable groups facing health burden

#### Type of risk

Inequitable value distribution

**Potentially harmful impact(s)**

Widening of health inequalities

**Potential mitigating actions**

* Data minimisation
* Data anonymisation
* Use synthetic data

{% endtab %}
{% endtabs %}