Data protection and data and safety management

Data protection consists of a framework of security measures designed to guarantee that data are handled in such a manner as to ensure that they are safe from unforeseen, unintended, unwanted or malevolent use. This is the technical term to ensure data privacy which involves the right of any individuals to expect that personal information collected about them will be processed securely and will not be disseminated in any form without their written consent.

Newborn wrapped in towel

We recognize that work involving data bases of human information, electronic, or other information must adhere to the law laid down in the European directive 95/46 CE and will also follow the law no 78-17 from the 6th January 1978 (modified law 94-548, on the 1st July 1994, decree no 78-774, from the 17th July, 1978, modified, decree no 95-682 from the 9th May, 1995).  The most recent data protection and privacy ethical guidelines developed by the expert Working Party established by Article 29 of Directive 95/46/EC will be followed. This group is the independent EU Advisory Body on Data Protection and Privacy. Its tasks are laid down in Article 30 of Directive 95/46/EC and in Article 15 of Directive 2002/58/EC. Therefore, we will strive to ensure that appropriate measures are taken to ensure that data protection, confidentiality and anonymity are maintained by all partners.

Local, national and international rules covering data protection will be strictly followed (Commission Working Staff Document the application of Commission Decision 2002/2/EC of 20 December 2001 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data provided by the Canadian Personal Information Protection and Electronic Documentation Act). This activity will be ensured through the activity of WP05 and WP12.

All data will be stored in encrypted and pass-word locked files, whilst transmission of information via electronic means will be performed using encrypted data files. Data will be secured according to national and European regulations: names will not be listed nor any set of demographic data which would allow identification of specific participants. Data will be stored in Boole Centre in UCC. The architecture of the system is based around industry standard highly redundant components. Access is managed using file servers with redundant components. The data is stored on an enterprise class storage system, on a RAID (Redundant Array of Independent Disks) with hot spares. All components within the storage system are redundant. Power and cooling to the rack, as well as networking within the rack  containing the storage system are also all redundant, with multiple paths/circuits. Multiple copies of the data are kept on the storage system, with a daily and weekly backup schedule.  Access is controlled through multiple firewalls, and also by using SSH and SSL to identify persons accessing the system and to encrypt all data transmissions to and from the storage system. The Boole Centre only stores anonymised data, and no personally identifying information is stored on BCRI servers. Disclosure of information from the study to third parties will be limited to those, undertaking legitimate peer review of the scientific and ethical aspects of the study. High priority will be assigned to participant confidentiality and welfare. Parents and guardians will be permitted to request removal of the coded data from the study and this will be stated in the consent form.