data protection and research university research ethics committee – 30.05.2008 david cauchi david...
TRANSCRIPT
![Page 1: DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection](https://reader036.vdocuments.mx/reader036/viewer/2022062417/55189fae550346881f8b4807/html5/thumbnails/1.jpg)
DATA PROTECTION
DATA PROTECTIONDATA PROTECTION
and Researchand Research
University Research Ethics Committee – 30.05.2008University Research Ethics Committee – 30.05.2008
David CauchiDavid Cauchi
Office of the Commissioner for Data ProtectionOffice of the Commissioner for Data Protection
![Page 2: DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection](https://reader036.vdocuments.mx/reader036/viewer/2022062417/55189fae550346881f8b4807/html5/thumbnails/2.jpg)
DATA PROTECTION
Data Protection Act Data Protection Act
General Provisions
Processing for Research Purposes
Procedure agreed with UREC
![Page 3: DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection](https://reader036.vdocuments.mx/reader036/viewer/2022062417/55189fae550346881f8b4807/html5/thumbnails/3.jpg)
DATA PROTECTIONORIGINORIGIN
Council of Europe – ETS 108 Convention on the protection of individuals with regard to automatic processing of personal data
Data Protection Act
CAP. 440Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data
![Page 4: DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection](https://reader036.vdocuments.mx/reader036/viewer/2022062417/55189fae550346881f8b4807/html5/thumbnails/4.jpg)
DATA PROTECTION
WHAT IS DATA PROTECTION ACT?WHAT IS DATA PROTECTION ACT?
An Act that makes provision for the protection of individuals against the violation of their privacy rights by the processing of personal data.
![Page 5: DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection](https://reader036.vdocuments.mx/reader036/viewer/2022062417/55189fae550346881f8b4807/html5/thumbnails/5.jpg)
DATA PROTECTION
Key TermsKey Terms inin
Data ProtectionData Protection
![Page 6: DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection](https://reader036.vdocuments.mx/reader036/viewer/2022062417/55189fae550346881f8b4807/html5/thumbnails/6.jpg)
DATA PROTECTION
“…any information relating to an identified or
identifiable natural person; an identifiable person
is one who can be identified, directly or indirectly,
in particular by reference to an identification
number or to one or more factors specific to his
physical, physiological, mental, economic, cultural
or social identity;”
DPA Art. 2
PERSONAL DATAPERSONAL DATA
![Page 7: DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection](https://reader036.vdocuments.mx/reader036/viewer/2022062417/55189fae550346881f8b4807/html5/thumbnails/7.jpg)
DATA PROTECTION
“…personal data that reveals race or ethnic
origin, political opinions, religious or
philosophical beliefs, membership of a trade
union, health, or sex life;”
DPA Art. 2
SENSITIVE PERSONAL DATASENSITIVE PERSONAL DATA
![Page 8: DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection](https://reader036.vdocuments.mx/reader036/viewer/2022062417/55189fae550346881f8b4807/html5/thumbnails/8.jpg)
DATA PROTECTION
“…includes the collection, recording, organisation,
storage, adaptation, alteration, retrieval,
gathering, use, disclosure by transmission,
dissemination or otherwise making information
available, alignment or combination, blocking,
erasure or destruction of such data”
DPA Art. 2
PROCESSINGPROCESSING
![Page 9: DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection](https://reader036.vdocuments.mx/reader036/viewer/2022062417/55189fae550346881f8b4807/html5/thumbnails/9.jpg)
DATA PROTECTION
“…any freely given, specific and informed
indication of the wishes of the data subject by
which he signifies his agreement to personal
data relating to him being processed”
DPA Art. 2
CONSENTCONSENT
![Page 10: DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection](https://reader036.vdocuments.mx/reader036/viewer/2022062417/55189fae550346881f8b4807/html5/thumbnails/10.jpg)
DATA PROTECTION
Criteria for Criteria for
ProcessingProcessing
![Page 11: DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection](https://reader036.vdocuments.mx/reader036/viewer/2022062417/55189fae550346881f8b4807/html5/thumbnails/11.jpg)
DATA PROTECTION
CRITERIA FOR CRITERIA FOR PROCESSINGPROCESSING
PERSONAL DATA
DPA Article 9
1. Unambiguous consent or2. Contract performance or 3. Legal obligation or4. Vital interests of data subject or5. Public Interest / Official Authority or6. Legitimate interest
SENSITIVE PERSONAL DATA
DPA Articles 12 & 13
1. Explicit Consent2. Subject made data public3. Conditions of employment4. Vital Interests & data subject incapable of giving consent5. Legal claims
![Page 12: DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection](https://reader036.vdocuments.mx/reader036/viewer/2022062417/55189fae550346881f8b4807/html5/thumbnails/12.jpg)
DATA PROTECTION
Data ProtectionData Protection
PrinciplesPrinciples
![Page 13: DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection](https://reader036.vdocuments.mx/reader036/viewer/2022062417/55189fae550346881f8b4807/html5/thumbnails/13.jpg)
DATA PROTECTION
Personal Data to be:
1. processed fairly and lawfully
2. processed in accordance with good practice
3. collected for specific, explicitly stated & legitimate purposes
4. processed for reasons compatible with the purpose it was collected
5. adequate and relevant to the processing purpose
6. not more than required for the processing purpose
7. correct and, if necessary, up to date
8. rectified
9. not kept for longer than necessary for the processing purpose
DPA Art. 7
THE NINE PRINCIPLES THE NINE PRINCIPLES for ‘good information for ‘good information handling’handling’
![Page 14: DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection](https://reader036.vdocuments.mx/reader036/viewer/2022062417/55189fae550346881f8b4807/html5/thumbnails/14.jpg)
DATA PROTECTION
Rights of Rights of
Data SubjectsData Subjects
![Page 15: DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection](https://reader036.vdocuments.mx/reader036/viewer/2022062417/55189fae550346881f8b4807/html5/thumbnails/15.jpg)
DATA PROTECTION
INFORMATION TO DATA SUBJECT
The data subject should be informed with at least the following:
a) identity and habitual residence or principal place of business of controller;
b) purposes of processing;
c) any further information such as:i) recipients or categories of recipients of dataii) whether reply to any questions is obligatory or voluntary, and possible consequence of failure to replyiii) existence of right of access, right to rectify and where applicable right to erase data.
DPA Art. 19
RIGHTS OF DATA SUBJECTS (1)RIGHTS OF DATA SUBJECTS (1)
![Page 16: DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection](https://reader036.vdocuments.mx/reader036/viewer/2022062417/55189fae550346881f8b4807/html5/thumbnails/16.jpg)
DATA PROTECTION
Request of Data Subject must be:
at reasonable intervals in writing signed by data subject
Data Controller to provide:
without excessive delay without expense written information in an intelligible form
DPA Art. 21
RIGHT OF ACCESS
RIGHTS OF DATA SUBJECTS (2)RIGHTS OF DATA SUBJECTS (2)
![Page 17: DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection](https://reader036.vdocuments.mx/reader036/viewer/2022062417/55189fae550346881f8b4807/html5/thumbnails/17.jpg)
DATA PROTECTION
The Data Subject may request rectification, blocking or erasure of his personal data.
If the request is justified, the Data Controller shall
rectify, block or erase such personal data accordingly.
notify third parties about such an event, unless this involves a disproportionate effort.
DPA Art. 22
RECTIFICATION
RIGHTS OF DATA SUBJECTS (3)RIGHTS OF DATA SUBJECTS (3)
![Page 18: DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection](https://reader036.vdocuments.mx/reader036/viewer/2022062417/55189fae550346881f8b4807/html5/thumbnails/18.jpg)
DATA PROTECTION
SecuritySecurity
MeasuresMeasures
![Page 19: DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection](https://reader036.vdocuments.mx/reader036/viewer/2022062417/55189fae550346881f8b4807/html5/thumbnails/19.jpg)
DATA PROTECTION
APPROPRIATE SAFEGUARDSAPPROPRIATE SAFEGUARDS
These include:
Access controls to information
e.g. passwords, access rights/privileges, encryption etc.
Physical Security safeguards
e.g. locking of file cabinets, computers, offices etc.
Awareness
![Page 20: DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection](https://reader036.vdocuments.mx/reader036/viewer/2022062417/55189fae550346881f8b4807/html5/thumbnails/20.jpg)
DATA PROTECTION
Processing For Processing For
Research PurposesResearch Purposes
![Page 21: DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection](https://reader036.vdocuments.mx/reader036/viewer/2022062417/55189fae550346881f8b4807/html5/thumbnails/21.jpg)
DATA PROTECTION
THE DATA PROTECTION ACT APPLIES WHEN:
Research is about individuals
Research involves personal data
Individuals are identifiable
DATA PROTECTION IN RESEARCHDATA PROTECTION IN RESEARCH
![Page 22: DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection](https://reader036.vdocuments.mx/reader036/viewer/2022062417/55189fae550346881f8b4807/html5/thumbnails/22.jpg)
DATA PROTECTION
Sensitive Personal Data may be processed for Research Purposes:
On Public Interest grounds
With the approval of the Commissioner, on the advice of a Research Ethics Committee
DPA Art 16
PROCESSING CONCERNING PROCESSING CONCERNING RESEARCHRESEARCH
![Page 23: DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection](https://reader036.vdocuments.mx/reader036/viewer/2022062417/55189fae550346881f8b4807/html5/thumbnails/23.jpg)
DATA PROTECTION
Specific Data Protection matters in research include:
Personal and Sensitive Data
Identifiable VS Anonymous Data
Consent – When do I need consent??
Dealing with children and vulnerable persons
Retention of Data
DPA Art 16
PROCESSING CONCERNING PROCESSING CONCERNING RESEARCHRESEARCH
![Page 24: DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection](https://reader036.vdocuments.mx/reader036/viewer/2022062417/55189fae550346881f8b4807/html5/thumbnails/24.jpg)
DATA PROTECTION
CREATING THE RIGHT BALANCECREATING THE RIGHT BALANCE
RIGHTS OF PRIVACY OF INDIVIDUAL
NEED TO CARRY OUT RESEARCH
BETWEEN:
![Page 25: DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection](https://reader036.vdocuments.mx/reader036/viewer/2022062417/55189fae550346881f8b4807/html5/thumbnails/25.jpg)
DATA PROTECTION
Procedure agreed Procedure agreed
With URECWith UREC
![Page 26: DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection](https://reader036.vdocuments.mx/reader036/viewer/2022062417/55189fae550346881f8b4807/html5/thumbnails/26.jpg)
DATA PROTECTION
Proposal Form for ethical approval is submitted by researcher
Research Proposals are examined by the Faculty Research Ethics Committee and by the UREC
Approval is given if proposals are satisfactory
Approval from the UREC is deemed to be an adequate advice for the approval by the Commissioner
Researcher may proceed with the project once this is approved by the UREC
RESEARCH INVOLVING SENSITIVE PERSONAL DATA
PROCEDURE (1)PROCEDURE (1)
![Page 27: DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection](https://reader036.vdocuments.mx/reader036/viewer/2022062417/55189fae550346881f8b4807/html5/thumbnails/27.jpg)
DATA PROTECTION
A list of approved projects is periodically forwarded to the Commissioner for final approval
The UREC may always consult the Commissioner in case of problems with particular projects
OBJECTIVES
Allow the researcher ample time to proceed with the study
The Researcher is not required to obtain an approval directly from the Commissioner
PROCEDURE (2)PROCEDURE (2)
![Page 28: DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection](https://reader036.vdocuments.mx/reader036/viewer/2022062417/55189fae550346881f8b4807/html5/thumbnails/28.jpg)
DATA PROTECTION
Data Protection Principles
Rights of Data Subjects
OBJECTIVES
Inform researchers and ensure that these principles and rights are respected
It is important that all faculties use the same form in order to provide the same conditions and information to students
INCLUDES
PROPOSAL FORM PROPOSAL FORM
![Page 29: DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection](https://reader036.vdocuments.mx/reader036/viewer/2022062417/55189fae550346881f8b4807/html5/thumbnails/29.jpg)
DATA PROTECTION
Office of the Commissioner for Data Protection
E-Mail: [email protected]
Website: www.dataprotection.gov.mt
FURTHER INFORMATIONFURTHER INFORMATION
![Page 30: DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection](https://reader036.vdocuments.mx/reader036/viewer/2022062417/55189fae550346881f8b4807/html5/thumbnails/30.jpg)
DATA PROTECTION
THANK YOU!
Floor is open for discussion