Transparency principlesThis document summarises the South London Partnership’s (SLP) InnOvaTe Project Transparency Principles by which the programme will be governed.
Principle 1 – Citizen Control
We will not store any personal data unless the specific use case necessitates this.
In the rare case where we will need to store personal data, we will be clear about what data we are going to hold, why we are holding it, what we are going to do with the data and when we will dispose of it.
In the majority of cases, personal data will not be stored. If we collect personal data then it will only be used to support those individuals it pertains to and not be shared or used by other services.
Principle 2 – Build Public Trust
The programme will strive to raise awareness regarding its existence and the benefits that the Internet of Things (IoT) can offer. We will be very clear with the public about the types of data we’ll collect, why it is being collected, and how the data will be used. We are committed to adhering to TRUST Principles that underpin the program and provide best practice.
Principle 3 – Data Ownership
The SLP boroughs will collectively own all of the data generated, and contracts will not be entered into with suppliers where this is not the case.
Principle 4 – Partner Selection
The InnOvaTe Project will ensure that its values are embedded into its tender process, such that all suppliers are clear regarding their commitments & obligations. This will be in terms of data ownership / security, and how it shall be handled in line with the Data Protection Act (2018).
Principle 5 – Sharing Information
For non-personal data, we will operate on an open data basis where we will share data internally, between boroughs or with other interested parties such as Breathe London, LOTI or the GLA if it is in the interest of the greater good. We will not share data for commercial purposes.
An evaluation partner has been engaged to document the findings, and to explore the opportunities for wider sharing at a national and global level. This will include whether our ‘open data’ policy should be developed further.
Principle 6 – Secure and private
When a Borough proposes a use case, it needs to set out how the IoT infrastructure will be designed and maintained to ensure the highest level of security. In any funding bid, there will need to be reference to relevant technical security standards that will be followed. In particular, there needs to be clarity about which teams will take responsibility for ensuring ongoing security and privacy of the technical infrastructure and data. In terms of data, the bid will need to set out how the use case will fulfil all its obligations in terms of data privacy, as set out under the GDPR, DPA 2018 regulations.