Our privacy officer works to ensure we follow our privacy policies, data privacy best practices, and are in compliance with the legislation by which we are bound; (PHIPAA) requires us to “protect personal health information by adopting information practices that include reasonable administrative, technical and physical safeguards that ensure the confidentiality, security, accuracy and integrity of the information.”
While we do not collect data, we ensure that data in our custody is only accessed by specific identified people for a pre-defined, approved purpose. A rationale must be provided for any variables accessed.
Approved users can only access the minimum number of variables needed to answer their approved research question.
All approved users are assigned a project folder in a secure environment that is limited only to the information for which they’ve been approved.
Any changes to the approved data access request is subject to the amendment process which also must be approved before changes are implemented.
As a research data center, we are subject to provincial requirements to ensure that data holdings are held securely and protected against the possibility of re-identification.
As we are only permitted to hold pseudonymous (i.e. de-identified) data, it is impractical to seek consent directly from individuals.
The rigorous policies we have in place demonstrate our commitment to protecting the personal privacy of every individual in our data holdings.
We work closely with data business owners to conduct thorough evaluations to ensure the data we securely house is appropriate for academic research.
Many of our data holdings are updated annually to ensure approved users have the most current data available.
Safeguards are in place to ensure privacy is protected at every level. Our secure facilities house a stand-alone closed network with multiple physical and virtual firewalls.
Our network is “moated,” meaning no unauthorized individuals can access our data holdings. All employees and researchers must sign confidentiality agreements and take NB-IRDT privacy training before accessing approved data.
We also conduct regular privacy audits.
Information about our data holdings as well as the research projects that use these data are available on our website in summary form.
We also have detailed information regarding the variables for many of our data holdings.
Individuals interested in learning more about our data holdings can review the codebooks and variable lists.
Because we do not hold identifiable data, we are unable to share data about any specific individuals.
If you have concerns, please refer to the Access to Information Policy for more information.
Any individual who wishes to raise a concern or learn more about our practices can contact us directly, nb-irdtdata@unb.ca.
There are also additional mechanisms in provincial privacy legislation for raising concerns.
