Purpose of Use-Cases
The main goal of the ImPACT project is to reduce the friction involved in research that uses sensitive data (e.g., data containing personally identifying information, or data that has commercial value).
Friction—such as the lack of best practices for creating infrastructure that supports the protection of sensitive data, time-consuming email communication to coordinate sharing data, and opaque processes—slows time to discovery.
To address these issues and others that impede research, ImPACT teamed up with researchers who work with sensitive data. These researchers will use the ImPACT system and provide feedback on how well it supports them in their research and in overcoming the challenges they face with using sensitive data.
These researchers will enable the ImPACT project to tackle the following scenarios:
- Research projects involving multiple participants from different institutions performing collaborative analysis. Researchers at different institutions are subject to different identity management systems, have access to different computing networks and resources, and be responsible to different institutional review boards (IRBs). Coordination across these different systems can be tedious and time-consuming, making this type of scenario fertile ground for development of solutions aimed at easing and speeding up the administrative overhead of research projects.
- Research projects that require the use of multiple sensitive datasets. When one dataset is involved, there is one data provider from whom permission to use the data must be granted, one data use agreement outlining one set of stipulations for its protection, and one IRB reviewing the research for its compliance to ethical standards. When other datasets are added to the mix, complexity increases exponentially. Different data providers have different requirements a researcher must satisfy to obtain the data. Data use agreements and the stipulations they contain may vary from dataset to dataset. And the researcher and the IRB at his/her institution must contend with this variation in ensuring access is gained, data is protected, and research is ethically conducted. This variation and complexity invites solutions for simplifying and clarifying policies and procedures—an interest to the ImPACT project.
- Research projects involving data providers who are highly reluctant to expose their data. The researcher in this case never sees the data and must provide code to the data provider to run on the data. The data provider then sends the analysis results back to the researcher. This can involve many iterations for both parties which may lengthen the time to discovery. An already difficult situation, this scenario becomes unworkable when the researcher is working with multiple data providers who are unwilling or unable to share their data. By applying cryptographic techniques, like Secure Multi-Party Computations (SMC) this scenario provides an opportunity for ImPACT to reduce or eliminate frustration, complexity, and lengthy time-to-discovery.
- As a result of the research, the researcher creates new data or significantly alters existing data and wishes to make it available to other researchers. In this case, the researcher now dons the hat of data provider and the data becomes a form of intellectual property. The data-providing researcher may need to ensure certain protections before passing the data along, such as de-identifying the data or encrypting the data during transmission. The researcher will want to ensure that other users of the data also respect its privacy, perhaps wanting to approve certain uses of the data or require users to destroy the data after use. This type of scenario affords the ImPACT project the opportunity to address the needs of data providers and dig deeply into the myriad of protections needed for sensitive data of all kinds.
We continue to look for new use-case scenarios. Please contact us with any suggestions you have.