DATA PROTECTION and Research University Research Ethics Committee – 08.05.2006 David Cauchi Office...
-
Upload
ashlynn-webster -
Category
Documents
-
view
223 -
download
3
Transcript of DATA PROTECTION and Research University Research Ethics Committee – 08.05.2006 David Cauchi Office...
DATA PROTECTION
DATA PROTECTIONDATA PROTECTION
and Researchand Research
University Research Ethics Committee – 08.05.2006 University Research Ethics Committee – 08.05.2006
David Cauchi David Cauchi
Office of the Data Protection CommissionerOffice of the Data Protection Commissioner
DATA PROTECTION
Data Protection Act Data Protection Act
General Provisions
Processing for Research Purposes
Procedure agreed with UREC
Practical Problems
DATA PROTECTIONORIGINORIGIN
Council of Europe – ETS 108 Convention on the protection of individuals with regard to automatic processing of personal data
Data Protection Act
CAP. 440Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data
DATA PROTECTION
WHAT IS DATA PROTECTION ACT?WHAT IS DATA PROTECTION ACT?
An Act that makes provision for the protection of individuals against the violation of their privacy rights by the processing of personal data.
DATA PROTECTION
“…any information relating to an identified or
identifiable natural person; an identifiable person
is one who can be identified, directly or indirectly,
in particular by reference to an identification
number or to one or more factors specific to his
physical, physiological, mental, economic, cultural
or social identity;”
DPA Art. 2
PERSONAL DATAPERSONAL DATA
DATA PROTECTION
“…personal data that reveals race or ethnic
origin, political opinions, religious or
philosophical beliefs, membership of a trade
union, health, or sex life;”
DPA Art. 2
SENSITIVE PERSONAL DATASENSITIVE PERSONAL DATA
DATA PROTECTION
“…includes the collection, recording, organisation,
storage, adaptation, alteration, retrieval,
gathering, use, disclosure by transmission,
dissemination or otherwise making information
available, alignment or combination, blocking,
erasure or destruction of such data”
DPA Art. 2
PROCESSINGPROCESSING
DATA PROTECTION
“…any freely given, specific and informed
indication of the wishes of the data subject by
which he signifies his agreement to personal
data relating to him being processed”
DPA Art. 2
CONSENTCONSENT
DATA PROTECTION
PERSONAL DATA
DPA Article 9
1. Unambiguous consent or2. Contract performance or 3. Legal obligation or4. Vital interests of data subject or5. Public Interest / Official Authority or6. Legitimate interest
SENSITIVE PERSONAL DATA
DPA Articles 12 & 13
1. Explicit Consent2. Subject made data public3. Conditions of employment4. Vital Interests & data subject incapable of giving consent5. Legal claims
DATA PROTECTION
Personal Data to be:
1. processed fairly and lawfully
2. processed in accordance with good practice
3. collected for specific, explicitly stated & legitimate purposes
4. processed for reasons compatible with the purpose it was collected
5. adequate and relevant to the processing purpose
6. not more than required for the processing purpose
7. correct and, if necessary, up to date
8. rectified
9. not kept for longer than necessary for the processing purpose
DPA Art. 7
THE NINE PRINCIPLES THE NINE PRINCIPLES for ‘good information for ‘good information handling’handling’
DATA PROTECTION
INFORMATION
The controller must provide the data subject with at least the following:
a) identity and habitual residence or principal place of business of controller;
b) purposes of processing;
c) any further information such as:i) recipients or categories of recipients of dataii) whether reply to any questions is obligatory or voluntary, and possible consequence of failure to replyiii) existence of right of access, right to rectify and where applicable right to erase data.
DPA Art. 19
RIGHTS RIGHTS OFOFDATA DATA SUBJECTS SUBJECTS ((1)1)
DATA PROTECTION
Request of Data Subject must be:
at reasonable intervals in writing signed by data subject
Data Controller to provide:
without excessive delay without expense written information in an intelligible form
DPA Art. 21
RIGHRIGHTS OFTS OFDATA SDATA SUBJECTSUBJECTS ( (22))
ACCESS
DATA PROTECTION
The Data Subject shall have the right to request and
The Data Controller shall have the obligation:
to rectify, block or erase personal data
Where the law so requires.
Data Controller also to notify third parties about such rectification, blocking or erasure;
DPA Art. 22
RIGHTRIGHTS OFS OFDATA DATA SUBJECTSUBJECTS (S (33))
RECTIFICATION
DATA PROTECTION
THE DATA PROTECTION ACT APPLIES WHEN:
Research is about individuals
Research involves personal data
Individuals are identifiable
DATA PROTECTION IN RESEARCHDATA PROTECTION IN RESEARCH
DATA PROTECTION
Sensitive Personal Data may be processed for Research Purposes:
On Public Interest grounds
With the approval of the Commissioner, on the advice of a Research Ethics Committee
DPA Art 16
PROCESSING CONCERNING PROCESSING CONCERNING RESEARCHRESEARCH
DATA PROTECTION
Proposal Form for ethical approval is filled by the researcher
Research Proposals are examined by the Faculty Research Ethics Committee and by the UREC
Approval is given if proposals are satisfactory
Approval from the UREC is deemed to be an adequate advice for the approval by the Commissioner
Researcher may proceed with the project once it is approved by the UREC
RESEARCH INVOLVING SENSITIVE PERSONAL DATA
PROCEDURE (1) PROCEDURE (1)
DATA PROTECTION
A list of approved projects are periodically forwarded to the Commissioner for final approval
The UREC may always consult the Commissioner in case of problems with particular projects
PROCEDURE (2) PROCEDURE (2)
OBJECTIVE
Allow the researcher ample time to proceed with the study
The Researcher is not required to obtain an approval directly from the Commissioner
DATA PROTECTION
Data Protection Principles
Rights of Data Subjects
INCLUDES:
PROPOSAL FORMPROPOSAL FORM
OBJECTIVES:
Inform researchers and ensure that these principles and rights are respected
It is important that all faculties include the same conditions so that all students are properly informed
DATA PROTECTION
In cases where research is not only for academic purposes but also considers other factors (e.g. administrative matters in Hospital)
Is the UREC still responsible for the approval??
PRACTICAL PROBLEMSPRACTICAL PROBLEMS
What data is the researcher entitled to use once the project is approved?
Is the researcher allowed to use personal details accessed to contact individuals?
Does an approval oblige the Data Controller (e.g. Hospital, school) to give access to the researcher?
DATA PROTECTION
Further InformationFurther Information
Office of the Data Protection CommissionerOffice of the Data Protection Commissioner
E-Mail:E-Mail: [email protected]
Website: Website: www.dataprotection.gov.mt www.dataprotection.gov.mt