Policies on assertions and privacy are one of our 2018 roadmap projects, under our Trusted Assertions core strategy.
We have launched work to clarify what we mean by an “assertion”. The ORCID Registry enables trusted connections – assertions – between individuals (via their ORCID iD) and their activities and affiliations (via other identifiers and APIs). We make the source of each connection explicit, and the route and timing of the connection traceable. In our assertions policy, we are defining the components of an assertion: who are the parties involved, what do we mean by source, and what are the provenance requirements for adding information into an ORCID record. This work will be discussed by our Trust Working Group in March and April, and then we will roll out the draft policy for community comment. Our assertions policy is fundamental to a number of projects on our 2018 roadmap, including providing tools to users to pre-authorize record updates by trusted parties.
Following on work to update and expand our affiliations data model to accommodate service activities, professional awards, and memberships, we are now working to define a new section of the ORCID record, which will hold information about the resources researchers use to do their work, such as user facilities and special collections. This builds on the findings and recommendations of our User Facilities Working Group, which brought together publishers and facilities to better understand facilities research, publication, and reporting workflows; to define terms to enable conversation; and to identify opportunities for working together to streamline and, where possible, automate facilities impact reporting.
Following publication of the Working Group report, we have now cheered on two US Department of Energy laboratories (Oak Ridge and EMSL) as they tested the integration recommendations in their proposal workflows. We have also welcomed additional members of the research resources community with whom we are testing out a draft data model. Our goal is to reach consensus and incorporate the data model into a release candidate of our new v3.0 API.
Work continues on the organization identifier initiative. We co-hosted a stakeholder meeting in January, with DataCite and Crossref. From there, we three organizations were charged with developing a proposal to stand up a project to launch a community venture to host an open registry. The proposal and MOU will be released for public comment by early April. Pending comments, our goal is to start soliciting participation in April.
Getting Ready for GDPR
Researcher control and privacy are core principles for ORCID. We completed our annual privacy audit in December, and are finalizing an official translation of a legal review by the German ORCID consortium. We are also working to ensure compliance with GDPR, the EU General Data Protection Regulation (GDPR), which comes into effect on May 25, 2018. This is the most important change in data privacy regulation in 20 years. We have been following the evolution and implementation plan of the regulation closely. and are making progress on an organization-wide compliance project.
In addition to community feedback on the projects underway, we will be working on processes to embed organization identifiers into our membership and API credentialing processes. We’ll also be working to define policies for user pre-authorization of trusted parties. Watch this space for more!