Overview of privacy policies and procedures
Population Data BC (PopData) is a pan-provincial, multi-institutional platform whose mission is to foster insights into human health, well-being, and development by advancing research through data and education. PopData has a physical presence at Simon Fraser University (SFU), University of Victoria (UVic), and University of British Columbia (UBC). Its UBC site holds individual-level Personal Information from provincial ministries and other public bodies. PopData does not have its own research agenda.
To date, data for research in human health, well-being, and development (at least within BC) have typically been available only within single sector(s) (e.g. health, education, or early childhood), and linkages have occurred only within a particular disciplinary area. A particular feature of PopData is the linkage of BC population data across various sectors, such as health, education, and early childhood, for research purposes only. Access to such data creates the potential for fundamental advances in understanding the complex interplay of influences on human health, well-being, and development. Such evidence can be used to inform future social policy and investment decisions. Facilitating access to such data for public-interest research purposes, while at the same time ensuring the protection of privacy and confidentiality of individuals about whom the data pertain, is the mandate of PopData.
PopData enters into separate Information Sharing Agreements, Data Directives or other data sharing agreements with government ministries and public agencies (collectively, the “Data Stewards”) for health information and other Personal Information on the population of British Columbia relating to human health, well-being and development. Personal Information which PopData holds from the Data Stewards under these agreements are referred to as “Data”. Each agency retains ownership of its particular Data set(s) and reviews and approves requests for access to its Data.
Privacy and security
Respecting personal privacy, safeguarding confidential information, and ensuring security are critical to PopData’s mandate. To this end, PopData has in place a privacy risk management framework that consists of many components, including confidentiality agreements, privacy training, a Privacy Impact Assessment, a public website with frequently asked questions and responses, accountability and advisory input, physical security, network security, and human resources controls, including the presence of a Privacy Officer. Other PopData privacy and security controls include:
- Keeping PopData’s privacy principles, policies, procedures and practices current and compliant with existing legislation
- Monitoring developments in privacy legislation, privacy enhancing technologies and public opinion, and adapting to conform as necessary
- Meeting and exceeding recognized standards of physical, technical, and procedural Data protection and security
- Fostering transparency and accountability and increasing awareness of PopData’s privacy principles, policies and procedures
- Fostering a culture of privacy at PopData
- Supporting staff in applying PopData’s privacy principles, policies and procedures
- Supporting controlled access to, and responsible use of, Personal Information under PopData’s management
PopData’s Privacy Officer has a number of designated roles and responsibilities, including:
- Developing and updating PopData’s privacy and security policies and procedures
- Responding to internal and external enquiries or complaints about PopData’s privacy and security policies and procedures
- Staying informed of relevant privacy and security developments.
- Providing privacy and information security training to new employees, Researchers, and other stakeholders, as necessary, and providing up-to-date annual organisational privacy and information security training
- Managing and reporting on privacy-related incidents