1 / 15

The legal and institutional framework for data access in Norway

The legal and institutional framework for data access in Norway. CESSDA Expert Seminar October 2006 Siv Midthassel - Adviser. Norwegian Social Science Data Services. Legislation. Personal Data Act (2001) Personal Health Data Filing System Act (2002) Biobank Act (2003)

jfarnum
Download Presentation

The legal and institutional framework for data access in Norway

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The legal and institutional framework for data access in Norway CESSDA Expert Seminar October 2006 Siv Midthassel - Adviser Norwegian Social Science Data Services

  2. Legislation Personal Data Act (2001) Personal Health Data Filing System Act (2002) Biobank Act (2003) Biotechnology Act (2004) Act on Health Personnel (1999) Act on Public Administration (1967)

  3. Independent bodies that review research ETHICAL REVIEW Regional Research Ethics Committee LEGAL REVIEW Data Protection Official for Research Data Inspectorate Privacy Appeal Board Directorate of Health and Social Affairs Ministry of Health Committee for Confidentiality and Research Norwegian Medicines Agency Norwegian Social Science Data Services

  4. Independent bodies that review research Researcher Directorate of Health and Social Affairs Ombudsman for Privacy in Research NSD Data Inspectorate Committee for Confidentiality and Research Regional Research Ethics Committee Norwegian Medicines Agency Privacy Appeal Board Ministry of Health Norwegian Social Science Data Services

  5. Historical Perspective Amendment; exemption from the obligation of obtaining license 2005 March: NSD is formally appointed Ombudsman for Privacy in Research May: The first official review of the Directive (96/46/EC) 2003 Recommends appointment of a data protection officer 2001 The Personal Data Act and Regulations § 7-12 Privacy Ombudsman The Data Protection Directive (96/46/EC) 1995 1981 The Privacy Issue Unit at NSD is etablished The first notifications are received The Data Register Act 1978

  6. NSD is Ombudsman for over 130 institutions The Norwegian universitiesand colleges Private colleges University hospitals and other hospitals Research institutes Personvernombudet for forskning

  7. Ombudsman for Privacy in Research The institutions: Appoint the Ombudman for Privacy in Research Inform on regulation and procedures for notification and prior review of research Appoint a contact person responsible for communication with the Ombudman for Privacy in Research

  8. Ombudsman for Privacy in Research Review research projects against the requirements of the Personal Data Act and the Act on Personal Health Data Filing Systems Resommend necessary changes, advocating possible solutions to the project design When projects need prior authorisation from the Data Inspectorate, to make recommendations Teach, inform and provide guidance to institutions, researchers and students on legal and procedural requirements

  9. Ombudsman for Privacy in Research Keep a systematic, public record of processings made Assist data subjects, attending to their legal rights On suspicion of breaches of the principles of protection, point this out to the researcher (and the institution) On inquiry from the Data Inspectorate, inform of possible breaches of the principles of protection

  10. When is notification necessary? When processing personal data with automatic means All use of sensitive personal data. Ombudsman for Privacy inResearch

  11. Appropriate safeguards Notification/approval – The Ombudsman for Privacy Prior Licensing - Data Inspectorate

  12. The Personal Data Act – Individuals’ rights are enhanced Consent and information the most important measures to safeguard privacy Notification and prior checks to safeguard privacy

  13. Legal grounds for processing personal data Consent:Participants in research must give their consent to the processing of personal data Alternative legal grounds: Public interest (non-sensitive data) Substantial public interest (sensitive) and subject to the provision of suitable safeguards

  14. Why formal regulation and systems for mandatory review Participants in research need protection Researchers need protection Institutions need protection Society need access

  15. Do regulations prevent research? No, but the non-consent alternatives are exeptions to the rule The importance of an adequate legal framework to safeguard privacy as well as access to rich data The existent systems for review of research ensures information privacy as well as use

More Related