Secure data storage

We have been operating successfully for over 20 years and are trusted by many data providers, including federal and provincial government.

We operate one of the most secure data centres in Canada, meeting and exceeding all relevant legal, ethical, recommended best practice, and regulatory or legislative guidelines for data protection and privacy. A full suite of tried-and-tested security and privacy policies and procedures clearly define our operations.

The UBC Office of University Counsel, the BC Office of the Chief Information Officer and the BC Office of the Information  and Privacy Commissioner have reviewed our policies and procedures. We have successfully completed external audits from the BC Ministry of Health, Grant  Thornton and Deloitte.

Secure Research Environment (SRE)

CaraSpace

How are data protected?

Physical measures

Population Data BC’s secure data facility is a multi-zone environment, with the server room (“Purple Zone”) embedded in a high security area (“Red Zone”) embedded in a medium security area (“Yellow Zone.”)

Elements of the physical security include:

  • Special reinforcement in the walls which extend through the false ceiling to the concrete pad above
  • High security, reinforced, non-fishable doors
  • Alarm system (for non-business hours) with motion activation and door tampering sensors
  • Physical entry limited only to those with approved access, controlled by a fob
  • All fob accesses are logged
  • Video surveillance at the entrance / exit of Red and Purple Zones
  • “Red Zone” networked computers, those that have access to data including Personal Information, whether Identifiers or Content Data, have no hard drive or other storage devices

Technical measures

Our information security measures are fully compliant with recognised ISO/IEC 27002 requirements. Network controls include:

  • Firewall protection
  • Access to Red Zone network, which holds the data, requires dual-factor authentication and is restricted to named personnel
  • All access is logged and audited
  • Content data and identifying data are stored separately in encrypted logical areas
  • Red Zone networks are logically moated and have not direct connection to outside networks
  • All stored data, including Personal Information are encrypted

Procedural measures

  • Only named researchers have access to data
  • Everyone on the research team signs a confidentiality pledge
  • Data can only be used for the requested purpose
  • Privacy training for researchers is mandatory
  • Pre-publication transcripts are reviewed by data providers
  • Data extracts are destroyed upon project closure

 


                University of British Columbia, 201-2206 East Mall, Vancouver BC V6T 1Z3
                

                Contact us

Sign up for e-news and keep up to date with what's new at PopData, including the latest data updates and upcoming workshops.

Follow us on Twitter and check out our YouTube ChannelTwitter icon YouTube icon 

Copyright 2024· All rights reserved