• Ensure consistency with the DMP-PII and the purpose for which prior informed consent has been obtained
  • Revaluate likelihood of (re-)identification and risk of harm, particularly if it involves a public data-set containing PII (as above)
  • Ensure PII is stored securely to protect privacy (as above)
  • Minimize use of PII and risk of disclosure through pro-privacy access controls and analytical tools (as above)

  • Don’t transfer data containing PII unless have explicit consent
  • Don’t transfer data containing PII in the absence of a data sharing agreement identifying aspects such as purpose and scope of use, privacy protections measures, confidentiality and any limitations)
  • Don’t reuse or transfer PII until any inconsistencies with the DMP-PII and/or purpose compatibility have been resolved (e.g. through updated ethics review or consent from participant)