NEWS

New Data Access Request form – applying for data easier than ever

Applications for administrative data for research just became much easier in British Columbia thanks to a collaborative effort  ... more

Few seats still available for summer workshops

There are still a few seats available for these summer workshops in Multilevel and Hierarchical Linear Modeling (July 5-9) and An Introduction to Bayesian Disease Mapping (July 29-30)  ... more

Admin Data 101 workshop now online!

This free workshop explains the basics of what administrative data are, where they come from, how they can be used for research, what the data produced for a research project actually look like and what skills are needed to work with them ... more

ARCHIVED NEWS

Privacy Policies and Procedures

Principles and policies for the protection of personal information


The principles outlined in this statement are based on the Canadian Standards Association’s Model Code for the Protection of Personal Information CAN/CSA-Q830-96 (the “CSA Code”).  This Model Code, as adapted for Population Data BC, offers a principled approach to the detailed requirements found in BC FIPPA.  This code is Schedule 1 to the federal Personal Information Protection and Electronic Documents Act and is included in this document as Appendix A.

Population Data BC follows these principles for the protection of Personal Information and the specific requirements set out under FIPPA in the handling of all Data it holds.  This document will be reviewed every two years to ensure that the principles and policies are relevant and reflect current legislation and best practice. Population Data BC’s privacy policy is presented below.

Principle 1:  Accountability

An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization’s compliance with the following principles.

Policies and procedures for ensuring the confidentiality and security of Data held at Population Data BC are strictly enforced.  The primary aim of these policies is to respect the privacy of users and the requirements of the providers of the Data, and to protect against loss, destruction or unauthorized uses.

Policies

Related Procedures

Policy 1.1

Population Data BC (UBC) resides under the legal umbrella of the University of British Columbia, which has ultimate legal accountability for it. Operations and facilities at Population Data BC’s other sites (i.e. SFU and UVic) will, in kind, come under the legal umbrella of their respective universities.

Procedure 1.1

  1. All legal contracts to which Population Data BC (UBC) is party will be reviewed by legal advisors of the University of British Columbia for compliance with applicable legislation and UBC policies. Legal contracts to which Population Data BC (SFU) and Population Data BC (UVic) are parties will be reviewed by legal advisors of their respective universities.

Policy 1.2

Population Data BC’s Executive Director has ultimate operational accountability and responsibility for Population Data BC’s operations and its compliance with these principles for the protection of Personal Information. The Executive Director is responsible to the Advisory Board and Governance Oversight Committee. Designated Population Data BC unit Leads have responsibility for the day-to-day management of various functions of Population Data BC and report to the Executive Director.

Procedure 1.2

  1. Population Data BC’s Systems and Security Manager is responsible for and oversees the physical and technical security measures in place to protect Data and reports to the Executive Director.
  2. The Privacy and Policy Lead (who also acts as the Privacy Officer) is responsible for, and oversees compliance with, privacy requirements and the development and management of privacy and security policies and procedures.
  3. Only a limited number of personnel are authorized to work with Data.
  4. All staff will be oriented in the principles of privacy and Data protection at Population Data BC and must sign a confidentiality agreement prior to gaining access to Data.

Policy 1.3

Population Data BC’s Privacy and Policy Lead (i.e., Privacy Officer) is responsible for management of privacy matters and privacy compliance within the organization.

 Procedure 1.3

  1. The Privacy Officer will:
  • Develop, review, and/or revise Population Data BC’s policies and procedures as necessary to ensure compliance with FIPPA and contractual privacy and security obligations of Population Data BC.
  • Provide privacy and information security training.
  • Ensure confidentiality agreements are in place for all staff and Researchers.
  • Respond to privacy-related developments and issues as they arise, including privacy complaints and requests for information access, and report issues and policy decisions to the Executive Director.

back to top

Principle 2:  Identifying purposes

The purposes for which personal information is collected shall be identified by the organization at or before the time the information is collected.

Population Data BC is a custodian of Personal Information previously collected by provincial ministries and other public body Data providers (the “Data Stewards”).  Population Data BC is permitted to link those Data for research purposes and to provide linkable Data for approved research projects. Population Data BC does not engage in primary collection of Data.

The following policies therefore relate to the identification of purposes for the use, disclosure and retention of secondary Data. 

Policies

Related Procedures

Policy 2.1

Data Stewards are responsible for ensuring that the legal authority exists for the collection of Personal Information.  Under section 33 of FIPPA, designated public bodies are permitted to disclose Personal Information to another public body (e.g., Population Data BC) where the information is necessary for the operations or functions of the receiving public body and for research or statistical purposes.

Procedure 2.1

  1. Information Sharing Agreements are signed with the Data Steward(s) outlining the terms and conditions binding upon Population Data BC in the holding, using, disclosing or retaining of Data received from the Data Steward(s) for authorized and legitimate research or statistical purposes.
  2. Population Data BC encourages Data Stewards to inform individuals that their Personal Information will be used for research and statistical purposes, under controlled conditions, as authorised by law.

Policy 2.2

Population Data BC houses and protects Data to support research in human health, well-being, and development that is in the public interest.

Procedure 2.2

  1. Population Data BC has the authority pursuant to FIPPA and related Information Sharing Agreements to engage in Data linkage for research and statistical purposes, and to disclose Data in the form of Research Extracts to Researchers in accordance with signed Research Agreements between Researchers and Data Steward(s).

Policy 2.3

Population Data BC only disclose Data in the form of Research Extracts to Researchers where the Data has been approved for disclosure by the appropriate Data Steward(s) and in accordance with a Research Agreement between the Researcher and Data Steward. Population Data BC, in effect, serves as an intermediary, facilitating the Data access process between Researchers and Data Stewards.

 

Procedure 2.3

  1. Population Data BC’s Researcher Liaison staff assists Researchers with preparation of the Data Access Request (DAR) and to define their cohort, if requested. The DAR requires the Researchers to specify exactly which Data files, years of Data, and Data fields in each Data file they require, and therefore discourages the inclusion of unnecessary information in Research Extracts prepared for research.
  2. A DAR must be approved by the appropriate Data Steward(s), and a Research Agreement based on that DAR must be signed between the Researcher and Data Steward before Population Data BC will begin preparation of a Research Extract.  Disclosure of the Research Extract to the Researcher will only occur in accordance with the terms and conditions of the Research Agreement signed between the Researcher and Data Steward(s).

Policy 2.4

Population Data BC retains the minimal amount of Personal Information in all Data files for its defined purpose. 

 

Procedure 2.4

  1. Identifiers are stored separately from Content Data.  
  2. Identifiers are used only for linkage.  After linkage is complete, the Identifiers are archived in a physically secure location.
  3. Identifiers such as names or Personal Health Numbers (PHNs) are replaced with study-specific ID numbers for all research Data extracted for purposes of an approved research project. Only the study-specific ID numbers are disclosed to Researchers along with the approved Content Data.

     


back to top

Principle 3: Consent

The knowledge and consent of the individual are required for the collection, use or disclosure of personal information, except when inappropriate.

The obligation for obtaining consent(s) rests with those public bodies (i.e. Data Stewards) and Researchers who originally collect the Data. Population Data BC does not perform any primary collection of Personal Information and is only engaged in secondary use or secondary disclosure of Personal Information initially collected by other public bodies or individuals.

Pursuant to section 33 of FIPPA, the designated public bodies are permitted to disclose Personal Information to Population Data BC. Pursuant to Section 35 of FIPPA, Population Data BC and Researchers with approved access to Data collected by the designated public bodies are not required to seek individual consent for the use of those Data for research and statistical purposes. 

Population Data BC relies on public bodies to collect Personal Information in a lawful manner and in accordance with the requirements of FIPPA. Where consent is required, Population Data BC relies on the public bodies overseeing the initial collection of Personal Information to have obtained the appropriate consent(s) required for collecting and using the Personal Information. Research ethics board review will confirm whether the consent(s) is/are appropriate for the requested uses of the Data.

back to top

Principle 4: Limiting collection

The collection of personal information shall be limited to that which is necessary for the purposes identified by the organization. Information shall be collected by fair and lawful means.

Population Data BC does not engage in any primary Data collection activities.  Population Data BC holds Data collected by other public bodies and relies on those public bodies to collect the information by fair and lawful means.

In Population Data BC’s role as a Data custodian, Population Data BC requests only Data fields that are necessary for the fulfillment of its role in developing a resource for research purposes.  In Population Data BC’s role as administrator of Data for research purposes, Population Data BC will assist Researchers in requesting particular Data files via the Data Access Request, conduct data preparation, and provide only those Data in a Research Extract that have been expressly approved by the Data Steward(s).

back to top

Principle 5: Limiting use, disclosure and retention

Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by the law.  Personal information shall be retained only as long as necessary for fulfillment of those purposes.

The following policies and procedures will be divided according to use, disclosure and retention.

Policies for use

Related Procedures

Policy 5.1

Population Data BC only uses and discloses the Data it holds for purposes authorised by the Data Stewards pursuant to signed Information Sharing Agreements, for:

  1. Providing Researchers with Research Extracts for approved Data Access Requests.

  2. Data linkage and related Data development projects.

All uses are for research and statistical purposes only and are compliant with FIPPA and other applicable legislation.

Procedure 5.1

  1. Data provided to Researchers must be in accordance with a signed Research Agreement between the Researcher and the Data Steward(s).

 

Policy 5.2

All Researchers who wish to access Data held by Population Data BC must submit a Data Access Request (DAR) specifically requesting those Data. Only Data deemed necessary by the Data Steward to meet the requirements of the proposed research will be approved for release to the Researcher.

Procedure 5.2

  1. The Researcher Liaison staff of Population Data BC works with Researchers and Data Stewards to facilitate the Data Access Request process by supporting Researcher(s) in the preparation of applications, ensuring all defined requirements are met, assessing completeness and clarity of the applications, and guiding Researchers throughout the process.
  2. If Researchers require additional or supplemental Data after receiving their initial Data, they will be required to submit an amendment to their DAR.

Policy 5.3

Population Data BC will consult with relevant privacy commissioners and/or other government officials/bodies responsible for privacy protection prior to undertaking any Data preparation that is deemed to be exceptional or precedent-setting in scope, scale, methods of linkage, procedures for obtaining consent, or other factors.

Procedure 5.3

  1. Population Data BC actively fosters open working relationships with external agencies that provide Data, the Office of the Information and Privacy Commissioner of BC (OIPC), and the Office of the Chief Information Officer (OIC).

Policy 5.4

Only a limited number of authorised personnel with restricted access are permitted to work with the Data. 

Procedure 5.4

  1. Information Sharing Agreements signed with Data Steward(s) specify only individuals in certain job roles that may access Data.  Only personnel in such roles may be granted restricted access to the Data.
  2. Access to Identifiers and Content Data is restricted (both physically and electronically) to designated personnel.
  3. Access to the high security Red Zone, where work on Data is performed, is restricted to personnel on an “as needed basis” only.

Policies for disclosure

 

Policy 5.5

Population Data BC will only disclose Data to Researchers where such disclosure has been authorized by the relevant Data Steward(s) in accordance with a Research Agreement signed between the Data Steward(s) and Researcher.

Procedure 5.5

  1. Population Data BC will review the Research Agreement and all related paperwork to ensure that only approved Data are disclosed and that all relevant conditions of disclosure have been met.

Policy 5.6

Population Data BC programmers will only extract Data once a signed Research Agreement has been received.  Population Data BC will only disclose the Data requested and approved by the Data Steward(s).

Procedure 5.6

  1. Once Population Data BC’s Researcher Liaison staff receive a signed Research Agreement, it notifies the Data Services Unit to begin Data preparation.
  2. Population Data BC programmers in the Data Services Unit will only prepare the Data approved in the Research Agreement and in accordance with the Research Agreement.

Policy 5.7

Population Data BC will inform Researchers of the correct use, storage, and destruction of Data, and of the requirements of publishing research using the Data.  These terms and conditions will also be stipulated in Research Agreements.

Procedure 5.7

  1. Population Data BC’s Researcher Liaison staff will discuss Data handling requirements with Researchers upon granting access to, or delivery of, the Data prepared for an approved research project and are also available for ongoing dialogue.
  2. Data, including Personal Information, are not to leave Population Data BC’s Secure Research Environment (SRE) unless they are aggregated.
  3. All material intended for publication involving the Data must first be reviewed and approved for publication by the appropriate Data Steward(s) prior to publication of the Researcher’s findings to ensure the anonymity of the Data. Material must be submitted to the Data Steward(s) at least 45 days prior to the intended publication date.  Cell sizes may not be less than five as per standard guidelines for aggregation of data.

Policies for retention

 

Policy 5.8

Research Extracts are stored centrally in Population Data BC’s Secure Research Environment (SRE), unless other provisions are expressly allowed by the Data Steward(s) and provided for in the Research Agreement. 

Procedure 5.8

  1. Only Researchers named on the Research Agreement are granted access to the Research Extract on the SRE.
  2. On a case-by-case basis and only as approved by the Data Steward(s), Researchers may be provided with the Research Extract in encrypted form on discs.  In this scenario, Data protection measures similar to those provided by the SRE may be required by the Data Steward(s) of the Researcher(s).

Policy 5.9

Where Researchers are provided a Research Extract on encrypted media as expressly provided for in a Research Agreement and authorized by the applicable Data Steward(s), they are required to return or destroy the Data at the completion of the research project in accordance with the Research Agreement.

 

Procedure 5.9

  1. Requirements for returning and/or destroying Data are discussed with Researchers upon delivery of Data and stipulated in the Research Agreement to which Researchers are party.
  2. The Researcher Liaison staff will remind Researchers of impending expiry dates in Researcher Agreements and requirements of proper destruction or return of Data.
  3. Where the Researcher Liaison staff becomes aware of a failure to return Data or other unauthorized retention or improper or inadequate destruction of Data by a Researcher, they will inform the applicable Data Steward(s) promptly.

Policy 5.10

Population Data BC retains Data provided by Data Stewards for research purposes for as long as specified in Information Sharing Agreement(s) with Data Stewards. Population Data BC will conduct periodic reviews to examine whether the Data disclosed to Population Data BC continues to be needed.  Where Population Data BC determines that certain Data are no longer needed, that Data will be securely destroyed as per the Information Sharing Agreement(s).

Procedure 5.10

  1. Information Sharing Agreements between Population Data BC and Data Stewards not only detail the uses and conditions under which Data are provided to Population Data BC, they also detail the conditions and requirements for Population Data BC’s storage,  retention, and destruction of Data.

 


back to top

Principle 6:  Accuracy

Personal information shall be as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used.

Population Data BC relies on the Data Stewards engaged in primary Data collection to ensure that Personal Information is accurate, complete and up-to-date at the time of collection.

Policies

Related Procedures

Policy 6.1

As Population Data BC Data holdings include only Data initially collected by other public bodies, those doing the primary Data collection are responsible for the accuracy of the Data collected.   Population Data BC will update its Data holdings upon receipt of updated Data from the Data Steward. Note: Data collected for research or statistical purposes are not subject to the same standards of accuracy, completeness, and current relevance as those applying to Data for clinical uses.

Procedure 6.1

  1. Data received by Population Data BC from Data Stewards are reviewed for completeness and consistency.
  2. Population Data BC endeavors to incorporate new Data files as soon as possible to provide the most recent available Data for research purposes.

Policy 6.2

Upon receipt of Data from Data Stewards, Population Data BC staff performs consistency and quality checks to ensure that the Data received are complete, and that the Data appear to be accurate.

Procedure 6.2

  1. Data received by Population Data BC from Data Stewards are reviewed for completeness and consistency.

  2. Population Data BC endeavors to incorporate new Data files as soon as possible to provide the most recent available Data for research purposes.

Policy 6.3

Prior to disclosure of Data in the form of a Research Extract to Researchers, Population Data BC reviews the Data for completeness and consistency and ensures that only approved Data are released.

Procedure 6.3

  1. Population Data BC’s Researcher Liaison staff performs a check of the Research Extract before delivery to Researchers. This check entails comparing the Research Extract against the Research Agreement to ensure only approved Data are released and that the requirements of the Research Agreement are met.
  2. Population Data BC’s Researcher Liaison staff maintains an on-going dialogue with Researchers to answer queries and remain informed about potential Data quality problems.


back to top

Principle 7: Safeguards

Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.

Population Data BC has established a high level of physical, technical, and organizational security for all Data in its custody, meeting or exceeding well-recognized ISO 27002 requirements for information security. In September 2009, an external third party consultant was engaged to conduct a systems and security review of Population Data BC information security practices and confirmed its security strengths and safeguards against ISO requirements. 

While Population Data BC differentiates between Data that include personally identifying information (or potentially personally identifying information) (i.e. Identifiers) and Data that do not (i.e. Content Data), all Data are considered to be highly sensitive and are protected with appropriate safeguards.

Policies

Related Procedures

Policy 7.1

Population Data BC will utilize stringent physical safeguards to protect against loss, theft, unauthorized access, disclosure, copying, use, or modification of Data.

 

Procedure 7.1

Population Data BC maintains a secure physical area with several layers of physical protection, including locked and alarmed premises, monitored electronic access to high security zones, video surveillance at entrances to high security zones, and a separately locked and alarmed server room within a high security zone.

Policy 7.2

Population Data BC will utilize stringent technological safeguards to protect against loss, theft, unauthorized access, disclosure, copying, use, or modification of Data.

Procedure 7.2

  1. Population Data BC protects all Data in a manner that is consistent with evolving best practices for managing sensitive Data.
  2. Population Data BC’s Red Zone network is logically moated. There is no direct connection from the Red Zone network to any other networks.  No Data are able to enter or leave the Red Zone without a two-step authentication process and an audit trail.
  3. Access to Population Data BC facilities, systems and networks will be logged electronically.  Logs are monitored on a regular basis for intrusion detection and attempts at unauthorized use.
  4. Access to Data will require two-factor authentication, granted only to specially authorised personnel on a “need to know” basis.
  5. Data are stored on an isolated computer network at Population Data BC, protected by firewalls.  Content Data and Identifiers are stored separately from each other in encrypted, logical areas, and accessed only by authorised programmers. Separate logins are required for each, thus creating an audit trail. 
  6. All information and Data are backed-up on secure servers and encrypted media, protected by locks and alarms within a high security zone.  Encrypted backup media are also stored in a secure off-site location, as per internal policies and procedures.

Policy 7.3

Population Data BC will utilize stringent organizational safeguards to protect against loss, theft, unauthorized access, disclosure, copying, use or modification of Data.

Procedure 7.3

  1. 1.    All Population Data BC personnel must undergo privacy and information security training, annually and upon being newly hired.
  2. Researchers must undergo privacy training prior to gaining access to a Research Extract.
  3. All Population Data BC personnel and Researchers must sign confidentiality agreements.
  4. Population Data BC personnel will have access to Data and to secured zones only on an “as needed” basis.  Only the Systems and Security Manager, and a small number of specially trained programmers involved in Data linkage, are authorised to handle the Data.  Separate logins are required for access to Identifiers and Content Data.
  5. Access to all Population Data BC systems leaves an audit trail, which is monitored on a regular basis.
  6. Researchers wishing to access Data must sign a Research Agreement binding them to conditions governing use of the Data, security arrangements, assurances regarding disclosure, and requirements to return/destroy any copies of the Data.  
  7. To deter loss, theft, copying, and unauthorised access, Researchers will typically be required to access Research Extracts on Population Data BC’s Secured Research Environment (SRE).  On a case-by-case basis and only as approved by the Data Steward(s), Researchers may be provided with the Research Extract in encrypted form on discs.  In this scenario, Data protection measures similar to those provided by the SRE may be required by the Data Steward(s) of the Researcher(s).
  8. If Population Data BC suspects a breach of the Research Agreement, Population Data BC will investigate and notify the relevant Data Steward(s).

Policy 7.4

Population Data BC enforces stringent safeguards for the transfer of Data, from both Data Stewards into Population Data BC’s secured facilities, and from Population Data BC to Researchers for approved research projects.

Procedure 7.4

  1. All Data transfers to Population Data BC will be via encrypted secure file transfers.
  2. Researcher access to Research Extracts will be via the SRE, with limited exceptions.  On a case-by-case basis and only as approved by the Data Steward(s), Researchers may be provided with the Research Extract in encrypted form on discs.  In this scenario, Data protection measures similar to those provided by the SRE may be required by the Data Steward(s) of the Researcher(s).


back to top

Principle 8: Openess

An organization shall make readily available to individuals specific information about its policies and practices relating to the management of personal information.

Population Data BC makes information about its policies and procedures relating to the management and protection of Personal Information readily available either on its website or upon request.

Policies

Related Procedures

Policy 8.1

Population Data BC makes information about its policies and procedures relating to the management and protection of Personal Information readily available on its website or upon request.  Enquiries are welcome.

 

Procedure 8.1

  1. Population Data BC provides information relating to Data security and privacy on its website. Details about Population Data BC Data holdings, including what they are and the purposes for which they may be used and/or accessed, are reported on Population Data BC’s public website. A webpage of frequently asked questions (FAQs) and responses are also available on this website. Links to resources such as the Office of the Information and Privacy Commissioner are also highlighted.
  2. Population Data BC’s Privacy Impact Assessment will also be made publically available upon request.
  3. Individuals who contact Population Data BC to make an enquiry will be directed to Population Data BC’s Privacy Officer, who will:

    a. Provide information on Population Data BC’s policies and procedures; and/or
    b. Direct the individual to other resources if necessary.

  4. All enquiries will be logged and assessed by Population Data BC’s Privacy Officer to guide development of further privacy documentation as required.
  5. Documentation relating to Data security and privacy will be reviewed and updated regularly or as required.


back to top

Principle 9: Individual Access

Upon request, an individual shall be informed of the existence, use and disclosure of his or her personal information and shall be given access to that information.  An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.

Data provided by Data Stewards and held by Population Data BC may only be used with approval by the Data Stewards for research purposes only.  Population Data BC cannot grant individuals access to this Data and will refer them to the Data Steward(s) responsible for the collection of the Data to process their request.

Policies

Related Procedures

Policy 9.1

Pursuant to Information Sharing Agreements with Data Stewards, all requests from individuals for access to any Data must be referred to the Data Steward as the original collector of the Data held by Population Data BC.  Because Population Data BC only holds and administers this Data for research purposes, it cannot grant individuals access to Personal Information within Data files provided by Data Stewards.  Only the relevant Data Stewards have this authority.

 

Procedure 9.1

If contacted by individuals requesting access to their Personal Information, or expressing concern about its accuracy, Population Data BC will inform individuals that they must directly contact the primary collection agency.  If the Data Steward has advised Population Data BC of the name or title and contact information of the official to whom such requests are to be made, Population Data BC will also provide that official’s name or title and contact information to the individual making the access request.


back to top

Principle 10: Challenging Compliance

An individual shall be able to address a challenge concerning compliance with the above principles to the designated individual or individuals responsible for the organization’s compliance.

An individual will be able to address a challenge concerning compliance with the above principles to the designated individuals accountable for Population Data BC’s compliance.

Policies

Related Procedures

Policy 10.1

Concerns regarding Population Data BC’s compliance with its privacy policy may be sent directly to the Privacy Officer of Population Data BC. All communication of this nature will be reviewed by the Executive Director, the Privacy Officer, and the Systems and Security Manager.  If deemed necessary, they will be brought to the attention of the Principal of UBC’s College for Interdisciplinary Studies (CFIS) and the Office of the University Counsel.  Where challenges are found to be justified, they will be addressed directly. This may include changing practices if needed.

Procedure 10.1

  1. All complaints will be logged and reviewed by the Privacy Officer to determine whether the complaint constitutes a breach or omission in Population Data BC’s policies and procedures, and to consider improvements in its processes.
  2. Should the Privacy Officer’s response not be satisfactory, complaints can be escalated to the Principal of UBC’s College for Interdisciplinary Studies or to the Office of the University Counsel.
  3. Population Data BC will work with the Office of the Information and Privacy Commissioner to improve Population Data BC’s policies and procedures where areas for improvement are identified.

Policy 10.2

Internal complaints about suspected breaches of Population Data BC’s privacy policies and procedures will be reviewed by Population Data BC’s Privacy Officer and the Executive Director.

Procedure 10.2

  1. Population Data BC personnel concerned about possible breaches of Population Data BC’s privacy policies and procedures can either directly inform Population Data BC’s Privacy Officer or  their direct supervisor, who will be responsible for bringing the matter to the attention of the Privacy Officer.
  2. The Privacy Officer will review the complaint and, where appropriate, strategies for improvement will be developed in consultation with the Executive Director and unit Leads. 


back to top

>> next section: Model code for the protection of personal information