CLOCS Data Security, Confidentiality and Storage

Submitted by admin on Fri, 08/16/2019 - 12:23

These are the following steps that the CLOCS team undertake to make sure all participant information will be kept secure and confidential at all times in line with General Data Protection Regulation (GDPR) and Data Protection Act 2018. For further information please read our privacy policy. 

  1. All participants are provided with a unique ID using a random number generator and the identifiers such as their name or loyalty card number are removed immediately from the raw unprocessed data. This new dataset is used for analyses and is kept separate to the unprocessed data.
     
  2. We verify all participants using appropriate ID verification processes. This means ovarian cancer patients are identified and verified through the NHS Clinics and women without ovarian cancer who may take part in the online survey has to send a proof of ID and address for the research team to request take on their behalf. This is in line with retailers’ subject access request processes for third party organisations and ensures participants are who they claim they are.
     
  3. Only whose name on the loyalty card is same as the name on the consent form will be considered a valid participant. We cannot request data on your behalf if your information is different.
     
  4. We are not sharing any information except the section of the consent form on the permission to request your loyalty card data with the high street retailers.
     
  5. Under no circumstances will the retailers be aware of your health status. They will receive the consents of all participants combined in a CSV document and there will only be a single data transfer relating to your loyalty card purchases.
     
  6. We are using a secure encrypted server housed within a “secure enclave” based at Imperial College London, which cannot be accessed remotely via internet and has the highest data security standards (ISO270001). This is a separate entity only built for CLOCS and cannot be accessed by researchers outside the CLOCS team.
     
  7. If participants completed the paper-based consent and questionnaires and returned to the research team by post, they are kept in a secure locker inside a secured building at Imperial College London access limited to the CLOCS team.
     
  8. The online consent and questionnaire information are immediately encrypted using public and private keys, and kept in the CLOCS’s secure enclave.
     
  9. Only the named CLOCS research team members with appropriate data safety and security training are provided access to the enclave.
     
  10. All participants can withdraw their consent and request their data from the researchers at any time by contacting us directly at clocs@imperial.ac.uk or contacting the principal investigator, Dr James Flanagan.
     
  11. Only anonymised aggregated outputs (results) from this project will be made publicly available on our website and in academic platforms, and will not include individual information. We will aim to publish outcomes in peer-reviewed academic journals and also on social media.

Last updated 10/09/2020