PRIVACY POLICIES AND PROCEDURESDefinition of terms“Advisory Board” refers to the board overseeing Population Data BC from a strategic and operational perspective, reporting to the Governance Oversight Committee. “Breach” or “Breach of Security” refers to any unauthorized access, collection, use, modification, disclosure, destruction, disposal, storage, or loss of information or property held by, in the custody of, or belonging to Population Data BC, and includes unauthorized access to Population Data BC premises. “CHSPR”: Centre for Health Services and Policy Research. “Confidential Information” refers to all information held by, in the custody of, or belonging to Population Data BC that is not in the public domain. “Content Data” refers to the data held by Population Data BC that contain person specific information which may be disclosed in the context of a research project. These may include data that are also considered an Identifier. Examples include educational attainment scores, hospital discharge codes, or compensation claim codes. “Content Data Group” refers to a logical unit of, and thus technical separation of, Content Data. The boundaries may vary. At UBC, because of the secure environment within Population Data BC, all Content Data is expected to be handled together as a single Content Data Group. Management of a given CDG may be done by subset of Population Data BC itself (i.e. UBC’s Data Services Unit or Population Data BC - SFU,) or by an external public entity. “Content Data Group ID” refers to a generated number that is unique to an individual in a specific Content Data Group. “Data” refers to any information used for research or statistical purposes, including Personal Information, which is disclosed to Population Data BC by Data Stewards under a data sharing agreement such as an Information Sharing Agreement (ISA), data directive or other data sharing agreement. “Data Access Request” refers to the formal application document for data through Population Data BC. Components of this application form include information on the researchers, the research questions, the proposed methodology, and details of the proposed cohort and data requested. “Population Data BC Cost Recovery Estimate” refers to the cost recovery estimate provided by Population Data BC and signed by the Researcher, covering costs relating to data application coordination, data preparation and checking, and provision of approved data. "Data Sharing Agreement" refers to a legal agreement (such as an Information Sharing Agreement (ISA), data directive or other data sharing agreement) that allows for the periodic transfer of data between a Data Steward and Population Data BC and holding of the data by Population Data BC. “Data Steward” refers to a public body that has ultimate responsibility for a given data source. In practice, an individual is typically named as having the authority to approve or reject research requests involving that data, typically called “the / a Data Steward.” “FIPPA” refers to British Columbia’s Freedom of Information and Protection of Privacy Act [RSBC 1996]. “Geomatics” refers to the discipline of gathering, storing, processing, and delivery of geographic information, or spatially referenced information. “High Security Zones” refer to the Red and Purple Zones. “ID Matrix” refers to the mapping that Population Data BC maintains between IDs from all Content Data Groups to each other. The ID Matrix does not contain any Personal Information. “Identifier Management Unit” is a unit within Population Data BC that is responsible for collecting, holding, and linking Identifiers. This unit is part of the Data Services Unit. “Identifier” or “Identifier Data” refers to information that identifies an individual or for which it is reasonably foreseeable in the circumstances that it could be utilized, either alone or with other information, to identify an individual. (Ontario PHIPA 2004, C.3, Sched. A.s.4 (2)). In the case of Population Data BC, Identifiers describe individuals and are used to facilitate linkage, and include fields such as name, date of birth, 6-digit post code, and Personal Education Number. A “Lead” is a manager of Population Data BC. The Leads of Population Data BC include the following:
- Lead, Systems and Security (commonly referred to as Systems and Security Manager) “Linkage” or “Probabilistic Linkage” involves connecting records referring to the same individual across different sources. Identifiers such as names, birth dates and postal codes are used to create the best matches between known information and new information. “Linkage ID” refers to a generated number that is unique to an individual referenced during linkage resolution. “Management” refers to Population Data BC’s Executive Director and unit Leads “Medium Security Zone” refers to the Yellow Zone. “Partners” or “Collaborators” refers to the following organizations: “Password” or “Passphrase” refers to a sequence of characters that allows entry into a restricted system. “Personal Information” means recorded information about an identifiable individual other than contact information (Schedule 1 of BC Freedom of Information and Protection of Privacy Act 1996.) “Personnel” or “personnel” refers to all persons who work for Population Data BC, including employees, contractors, consultants, temporaries and other workers at Population Data BC, regardless of the amount of time they have been or will be working with Population Data BC. For greater clarification, this shall include Management and staff. “Population Data BC - Researcher Services Agreement” refers to a formal agreement signed between Population Data BC and the Researcher prior to receipt of data, outlining terms and conditions of Research Extract provision and use of the Secure Research Environment. “Population Directory” refers to a table that Population Data BC maintains that includes all the individuals about whom Population Data BC has information. This includes Personal Information such as name, address, date of birth, and other relevant Identifiers. This table is updated with receipt of each new data extract and is the basis for record linkages. It is expected that the Population Directory will cover the entire BC population. “Project Member” refers to the Researcher(s) and other individuals specifically identified in an approved Data Access Request as requiring access to the Research Extract; an individual who has completed and signed a confidentiality pledge under the Research Agreement. “Purple Zone” is the highly secure, restricted physical environment where all Population Data BC servers are located. This resides within the Red Zone; however, access controls for this area are even more limited. “Record ID” refers to a generated number unique to each record received from a Data Steward. “Red Zone” in physical terms is a highly secure space accessible only to named persons who work on the individual-level data on “Red Zone” terminals. In network terms, it is the moated environment that is present within the physical Red Zone, unconnected to the outside world. “Research Agreement” refers to an agreement between a Researcher and Data Steward(s) for the use of specific fields of data for specific research projects and outlining obligations associated with that access. “Data Extract” or “Research Data Extract” refers to data that are extracted in conjunction with an approved Data Access Request and Research Agreement for the purpose of disclosure to a Researcher. “Researcher” refers to a person who is a student, teacher or researcher either enrolled at or employed by any of the following institutions: a) universities as defined in the Universities Act, R.S.B.C. 1996, c. 468, b) colleges, university colleges, and Provincial institutes as defined under the Colleges and Institutions Act, R.S.B.C. 1996, c. 52, c) the open university continued under the Open Learning Agency Act, R.S.B.C. 1996, c. 409, d) Royal Roads University continued under the Royal Roads University Act, R.S.B.C. 1996, c. 409, e) any other institutions offering public post-secondary education services that may be described in the statutes above, and f) other comparable institutions in other jurisdictions worldwide. “Secure Research Environment” refers to a study-specific space on a central server at Population Data BC, where Research Extracts are stored and analyses can be done remotely using Virtual Private Networking. “Study ID” refers to a person specific number, unique to each Research Extract and appended to each record within a Research Extract. “Trusted Third Party for Linkage” or “TTPL” refers to an independent, neutral body that does not have stewardship over the data being linked, as referenced in the September 2005 Canadian Institute for Health Research’s Privacy Best Practices (http://www.cihr-irsc.gc.ca/e/29072.html). Population Data BC is such a TTPL. “University” shall mean the university at which the functions or activities are undertaken and enforced. “Video Surveillance” refers to the use of cameras and associated technologies to create recorded images of physical activity. “Yellow Zone” in both physical and network terms refers to the semi-secure environment where Population Data BC staff and external Researchers work. Programmers may have a Yellow Zone networked computer within the Red Zone that allows them to connect to the internet or email. |