# Appendix: Risks from personal data exposure and how harms can be mitigated Below are examples of potentially harmful impacts to people, organisations and society, and mitigating actions that could be taken. {% tabs %} {% tab title="Wellbeing/ safety/ autonomy" %} #### Stakeholder impacted Individuals #### Type of risk Wellbeing/ safety/ autonomy **Potentially harmful impact(s)** * Denied service based on health data * Discriminated against or stigmatised * Publicly exposed/ attacked **Potential mitigating actions** * Validate data input * Data anonymisation * Use synthetic data {% endtab %} {% tab title="Data breach" %} **Stakeholder impacted** Your organisation #### Type of risk Data breach **Potentially harmful impact(s)** Fined for non-compliance with laws or regulations **Potential mitigating actions** * Data minimisation * Validate data input * Strong data governance framework (see the play ‘how to implement a data governance framework’) {% endtab %} {% tab title="Brand reputation and loss of trust" %} **Stakeholder impacted** Your organisation #### Type of risk Brand reputation and loss of trust, eg through sharing personal data when you shouldn’t **Potentially harmful impact(s)** * Individuals unwilling to share data with you in future or participate in your health data activities * Reduced willingness of partners to work with you **Potential mitigating actions** * Data minimisation * Data anonymisation * Use synthetic data {% endtab %} {% tab title="Inequitable value distribution" %} **Stakeholder impacted** Communities, eg vulnerable groups facing health burden #### Type of risk Inequitable value distribution **Potentially harmful impact(s)** Widening of health inequalities **Potential mitigating actions** * Data minimisation * Data anonymisation * Use synthetic data {% endtab %} {% endtabs %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://open-data-institute.gitbook.io/data-governance-playbook/play-eight-managing-risks-when-handling-personal-data/appendix-risks-from-personal-data-exposure-and-how-harms-can-be-mitigated.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.