Principle 5: Limiting use, disclosure and retention

Printer-friendly version

Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by the law.  Personal information shall be retained only as long as necessary for fulfillment of those purposes.

The following policies and procedures will be divided according to use, disclosure and retention.

 

Policies for use

Related Procedures

Policy 5.1

Population Data BC only uses and discloses the Data it holds for purposes authorised by the Data Stewards pursuant to signed data sharing agreements, for:

  1. Providing Researchers with Research Extracts for approved Data Access Requests.
  2. Data linkage and related Data development projects.

  3. Provision of services under signed service agreements

All uses are compliant with FIPPA and other applicable legislation.

Procedure 5.1

  1. Data provided to Researchers must be in accordance with a signed Research Agreement between the Researcher and the Data Steward(s).

  2. Data disclosed in providing a service must be in accordance with a signed service agreement.

 

Policy 5.2

All Researchers who wish to access Data held by Population Data BC must submit a Data Access Request (DAR) specifically requesting those Data. Only Data deemed necessary by the Data Steward to meet the requirements of the proposed research will be approved for release to the Researcher.

Procedure 5.2

  1. The Data Access Unit staff of Population Data BC work with Researchers and Data Stewards to facilitate the Data Access Request process by supporting Researcher(s) in the preparation of applications, ensuring all defined requirements are met, assessing completeness and clarity of the applications, and guiding Researchers throughout the process.

  2. If Researchers require additional or supplemental Data after receiving their initial Data, they will be required to submit an amendment to their DAR.

Policy 5.3

Population Data BC will consult with relevant privacy commissioners and/or other government officials/bodies responsible for privacy protection prior to undertaking any Data preparation that is deemed to be exceptional or precedent-setting in scope, scale, methods of linkage, procedures for obtaining consent, or other factors.

Procedure 5.3

  1. Population Data BC actively fosters open working relationships with external agencies that provide Data, the Office of the Information and Privacy Commissioner of BC (OIPC), and the Office of the Chief Information Officer (OICO).

Policy 5.4

Only a limited number of authorised personnel with restricted access are permitted to work with the Data. 

Procedure 5.4

  1. Data sharing agreements signed with Data Steward(s) specify only individuals in certain job roles that may access Data. Only personnel in such roles may be granted restricted access to the Data.

  2. Access to Identifiers and Content Data is restricted (both physically and electronically) to designated personnel.

  3. Access to the high security Red Zone, where work on Data is performed, is restricted to personnel on an “as needed basis” only.

Policies for disclosure

 

Policy 5.5

Population Data BC programmers will only extract Data once a signed Research Agreement has been received.  Population Data BC will only disclose the Data requested and approved by the Data Steward(s).

 

Procedure 5.5

  1. Once Population Data BC’s Data Access Unit receives a signed Research Agreement, it notifies the Data Services Unit to begin Data preparation.

  2. Population Data BC programmers in the Data Services Unit will only prepare the Data approved in the Research Agreement and in accordance with the Research Agreement.

Policy 5.6

Population Data BC will only disclose Data to Researchers where such disclosure has been authorized by the relevant Data Steward(s) in accordance with a Research Agreement signed between the Data Steward(s) and Researcher.

Procedure 5.6

  1. Population Data BC will review the Research Agreement and all related paperwork to ensure that only approved Data are disclosed and that all relevant conditions of disclosure have been met.

  2. Population Data BC’s Data Access Unit staff performs a check of the Research Extract before delivery to Researchers. This check entails comparing the Research Extract against the Research Agreement to ensure only approved Data are released and that the requirements of the Research Agreement are met.

Policy 5.7

Population Data BC will inform Researchers of the correct use, storage, and destruction of Data, and of the requirements of publishing research using the Data. These terms and conditions will also be stipulated in Research Agreements.

Procedure 5.7

  1. Population Data BC’s Data Access Unit staff will discuss Data handling requirements with Researchers upon granting access to, or delivery of, the Data prepared for an approved research project and are also available for ongoing dialogue.

  2. Data, including Personal Information, are not permitted to enter or leave Population Data BC’s Secure Research Environment (SRE).

  3. All material intended for publication involving the Data must first be reviewed and approved for publication by the appropriate Data Steward(s) prior to publication of the Researcher’s findings to ensure the anonymity of the Data. Material must be submitted to the Data Steward(s) prior to the intended publication date. Cell sizes may not be less than five as per standard guidelines for aggregation of data.

Policies for retention

 

Policy 5.8

Research Extracts are stored centrally in Population Data BC’s Secure Research Environment (SRE), unless other provisions are allowed by the Data Steward(s) and provided for in the Research Agreement. 

Procedure 5.8

  1. Only Researchers named on the Research Agreement are granted access to the Research Extract on the SRE.

  2. On a case-by-case basis and only as approved by the Data Steward(s), Researchers may be provided with the Research Extract in encrypted form on discs.  In this scenario, Data protection measures similar to those provided by the SRE may be required by the Data Steward(s) of the Researcher(s).

Policy 5.9

Where Researchers are provided a Research Extract on encrypted media they are required to return or destroy the Data at the completion of the research project in accordance with Population Data BC's Project Closure Policy.
 

 

Procedure 5.9

  1. Requirements for returning and/or destroying Data are discussed with Researchers upon delivery of Data and stipulated in the Research Agreement to which Researchers are party, and in Population Data BC's Project Closure Policy.

  2. Data Access Unit staff will remind Researchers of impending expiry dates in Researcher Agreements and requirements of proper destruction or return of Data.

  3. Where the Data Access Unit staff becomes aware of a failure to return Data or other unauthorized retention or improper or inadequate destruction of Data by a Researcher, they will inform the applicable Data Steward(s).

Policy 5.10

Population Data BC retains Data provided by Data Stewards for research purposes for as long as specified in data sharing agreement(s) with Data Stewards. Population Data BC will conduct periodic reviews to examine whether the Data disclosed to Population Data BC continues to be needed.  Where Population Data BC determines that certain Data are no longer needed, that Data will be securely destroyed as per the data sharing agreement(s).

Procedure 5.10

  1. Data sharing agreements (Including Information Sharing Agreements, data directives and other data sharing agreements) between Population Data BC and Data Stewards not only detail the uses and conditions under which Data are provided to Population Data BC, they also detail the conditions and requirements for Population Data BC’s storage,  retention, and destruction of Data.

 

 


Page last revised: July 6, 2015