- What kind of data do you hold?
Population Data BC holds secondary data primarily for research purposes. Data comes from sources such as the BC Ministry of Health, the BC Ministry of Education and WorkSafeBC. Additional data sources are continually being added. In order to facilitate the greatest flexibility in terms of linkage and research questions, this data is typically at the most granular level possible, which is often individual-level.
While data may be individual-level, Population Data BC stores Identifiers such as Name, Address, Full Birth Date, separately from Content Data which includes items such as diagnosis code, start of a worker's compensation claim, or date of death. Identifiers are used for linkage purposes only. In this way, Population Data BC acts as a trusted third party for linkage.
- Why do you need to hold these data?
We hold these data in order to provide approved subsets of them to identified researchers for approved research projects. See more on the review and approval process. The data support unprecedented investigations into human development, health and well-being in BC by researchers. See more about the types of research that will be supported.
Physically storing the data within Population Data BC is necessary in order to conduct linkage as well as development of appropriate data extracts, standards and documentation.
- Do you have my personal information?
It is likely that we will hold personal information (or Identifiers) on every person in BC. This personal information is stored separately from content data, increasing the confidentiality of the information stored. We adhere to all relevant legislation regarding Personal Information, including the BC Freedom of Information and Protection of Privacy Act and the BC Statistics Act.
- Can one of your staff look up information on a specific person?
No, programmers sign a Confidentiality Pledge and receive comprehensive privacy training, both of which outline appropriate uses of data to which they have access. In addition, Identifiers (e.g. name, address, full birth date) are stored separately from Content Data. This means that even in the unlikely event of someone did try to look up an individual, because of the way our data is stored and encrypted, they would only be able to view address book type of information on a named individual - name, address, birth date.
- What do you do with my personal information?
Population Data BC uses Identifiers such as names and birth dates to link against a Population Directory so as to make divergent data sources linkable. Population Data BC does not store data in a linked format.
Content Data that is attributable to an individual is stored in a de-identified manner, and may be used for approved research purposes. Data is only ever reported publicly at an aggregate level, for example in research findings and other publications.
- Can I see what information you have about me?
No, even programmers authorized to work on individual-level data in our secure facility are not able to see this because Identifiers are separated from the Content Data soon after we receive the data from a data provider. We can, however, point you to the data provider who transferred your data to us, and you would be able to make a Freedom of Information request. They will be able to disclose what data they have of yours and therefore what will have been passed to Population Data BC.
- Will you be giving my personal information to researchers or other organisations?
We only disclose what has been approved for disclosure by the relevant data provider, and in accordance with the BC Freedom of Information and Protection of Privacy Act and the BC Statistics Act. Our practice is to not release Identifiers to researchers, who receive only the Content Data required for their research project.
- Can a researcher find out who I am or inadvertently publish information on me?
Researchers receive de-identified data, and the minimum set required for their research question. Through both their Research Ethics Board certificates and the research agreement with the data providers, researcher commit to upholding the non-identifiability of research outputs. In addition, researchers are required to abide by Statistics Canada standards on minimum cell size for disclosure. And prior to any publication of results, the output is reviewed by the relevant data provider who will check for inadvertent identifiability.
- What sort of security measures do you have in place to protect privacy?
The Canada Foundation for Innovation and BC Knowledge Development Fund infrastructure investment financed the development of a secure data facility and its operationalization at UBC. This facility involves a multi-zone environment, with the server room ("Purple Zone") embedded in a high security area ("Red Zone") embedded in a medium security area ("Yellow Zone.") The Yellow Zone is a semi-secure environment where researchers reside (this may be physical and may also be virtual.) The Red Zone is a highly secure environment with its own separate network, where named persons work on the individual-level data stored on servers in the Purple Zone.
- Additional elements of the physical security include:
- Special reinforcement in the walls of the Red Zone which extend through the false ceiling to the concrete pad above.
- High security, reinforced, tamper-proof doors.
- Alarm system in Red Zone (for non-business hours) with motion activation and door tampering sensors.
- Physical entry to Red and Purple Zones limited only to those with approved access, controlled by a fob
- Logging of all fob accesses
- Video monitoring of all entrance and egresses from Red and Purple Zone
- Red Zone computers used for handling the data held at Population Data BC have a moated network and have no hard drive or storage device.
- All stored data in Purple Zone is encrypted; physical removal of the disks will render them unreadable