Our Responsibilities as a
Research Data Centre

We follow internationally recognized policies and best practices that include the 10 Privacy Principles. Throughout the following privacy principles, we outline the practices in place to protect data in our custody. If further clarification is needed on any of these topics, please contact our privacy officer. The data sets provided to approved users are customized to fit the parameters of their data access application, but only after it has been approved through a thorough review process.

Privacy principles overview


Accountability

Our privacy officer works to ensure we follow our privacy policies, data privacy best practices, and are in compliance with the legislation by which we are bound; (PHIPAA) requires us to “protect personal health information by adopting information practices that include reasonable administrative, technical and physical safeguards that ensure the confidentiality, security, accuracy and integrity of the information.”


Identifying Purposes

While we do not collect data, we ensure that data in our custody is only accessed by specific identified people for a pre-defined, approved purpose. A rationale must be provided for any variables accessed.


Limiting Collection

Approved users can only access the minimum number of variables needed to answer their approved research question. All approved users are assigned a project folder in a secure environment that is limited only to the information for which they’ve been approved. Any changes to the approved data access application is subject to the amendment process which also must be approved before changes are implemented.


Limiting Use, Disclosure, and Retention

Approved users can only access the data for the purposes approved in their data access application. More information can be found in our Data Retention, Destruction, and Restoration Policy.


Consent

As a research data center, we are subject to provincial requirements to ensure that data holdings are held securely and protected against the possibility of re-identification. As we are only permitted to hold pseudonymous (i.e. de-identified) data, it is impractical to seek consent directly from individuals. The rigorous policies we have in place demonstrate our commitment to protecting the personal privacy of every individual in our data holdings.


Accuracy

We work closely with data business owners to conduct thorough evaluations to ensure the data we securely house is appropriate for academic research. Many of our data holdings are updated annually to ensure approved users have the most current data available.


Safeguards

Safeguards are in place to ensure privacy is protected at every level. Our secure facilities house a stand-alone closed network with multiple physical and virtual firewalls. Our network is “moated”, meaning no unauthorized individuals can access our data holdings. All employees and researchers must sign confidentiality agreements and take NB-IRDT privacy training before accessing approved data. We also conduct regular privacy audits.


Openness

Information about our data holdings as well as the research projects that use these data are available on our website in summary form. We also have detailed information regarding the variables for many of our data holdings.


Individual Access

Individuals interested in learning more about our data holdings can review the codebooks and variable lists on the data holdings page. Because we do not hold identifiable data, we are unable to share data about any specific individuals. If you have concerns, please refer to the Access to Information Policy for more information.


Challenging Compliance

Any individual who wishes to raise a concern or learn more about our practices can contact us directly. There are also additional mechanisms in provincial privacy legislation for raising concerns.