Data Protection and Research – Implications for a National Out-of-Hospital Cardiac Arrest Register. NUI Galway Dept of General Practice Lunchtime seminar 20 November Gary Davis Deputy Data Protection Commissioner. Presentation Outline. Data Protection: Human Right to Privacy
Related searches for Data Protection and Research
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
NUI Galway Dept of General Practice
Deputy Data Protection Commissioner
important very important
Financial records Out-of-Hospital Cardiac Arrest Register
Credit Card Details
Date of Birth
Marital StatusSurvey (2): Privacy most important in relation to-
Data Protection Directive 95/46/EC Out-of-Hospital Cardiac Arrest Register
Electronic Privacy Directive 2002/58/EC
Data Protection Acts 1988 & 2003
EC Electronic Privacy Regulations 2003 (SI 535/2003)
Good Friday Agreement
Disability Act 2005EU & Irish Legislation
Fair obtaining & processing Out-of-Hospital Cardiac Arrest Register
Safe and secure
Relevant, not excessive
Right of access
Independent Supervisory AuthorityEuropean Data Protection Rules
General rule – no disclosure for different purpose Out-of-Hospital Cardiac Arrest Register
Exceptions made, to balance other interests of society
Section 8 exceptions
Investigation of crime
Collection of taxes
Security of the State
Protect life & limb
Required by Law
No general “public interest” testRestrictions on disclosure
Can anonymised data be used to achieve the aims of the proposed project?Yes/No?
Yes – Proceed with proposed project using data anonymised by the data controller without requiring consent.
No – Can pseudonymised data be used instead with appropriate safeguards? Yes/No?
Yes – Proceed with proposed project ensuring that the key to a person’s identity is retained by the data controller only and not revealed to third parties.
No – Patient consent is normally required.
Has consent for research purposes been secured in relation to the files previously? Yes/No?
Yes – Is this consent valid (specific enough) to cover this particular research proposal? Yes/No?
No – Specific, informed, freely given consent must be captured from individuals by the data controller.
Yes – Proceed with research project (subject to adequate safeguards being in place in relation to security etc).
Once valid consent is in place, the research project can proceed (subject to adequate safeguards being in place in relation to security etc).