Security Policies & Procedures

Security practices of the PHDR

The PHDR is designed to be a safe and secure place for population health researchers to store their data. We go to great lengths to ensure the security of data stored in the repository. The PHDR has received ethics clearance from the University of Waterloo Office of Research Ethics to store and disseminate data.

In order to protect the confidentiality of research participants, the PHDR accepts only de-identified data from those who wish to deposit data and ensures that the risk of disclosure is as minimal as possible by conducting a Disclosure Risk Analysis.

Data held in the PHDR is located on a secure server in a locked room which is in a locked wing. Data are password protected and backed up both on and off-site on a regular basis. A very limited number of staff, who are required to sign oaths of confidentiality, handle the data.

Policy on accepting data

To respect the confidentiality of research participants, the PHDR can only accept data that has had direct and potentially revealing indirect identifiers removed. Guidelines for removing identifiers can be found here.

Policies on data use

The PHDR requires responsible use of data used for secondary analysis. Users are must sign a license agreement that ensures their commitment to:

Only use the data for research purposes.
To make no use of the identity of any person or establishment discovered inadvertently, and to advise the PHDR of any such discovery
To produce no links among PHDR datasets or among PHDR data and other datasets that could identify individuals or organizations
Acknowledge the owner(s) of the data when results are used in research communications (reports, scholarly articles, theses, etc.).
Agree to the terms laid out by the PHDR and owner(s) of the data they have requested.
Keep data in a secure location and erase all copies of the data upon completion of their research.