Purpose
To ensure, to the extent possible, that data are created, ingested, curated, accessed and used in compliance with research disciplinary and ethical norms.
CC1.5: Capability completeness of confidentiality, ethics and disclosure risk
- Initial: There is some awareness of the requirements when handling confidential data, but this is not fully described or communicated. There is an intent to meet the specific objectives but there is no evidence of a plan or strategy in place to do so.
- Partial: There is at least one required activity that is not present or not at a repeatable level. There is evidence that the direction the organisation is taking will lead to a complete capability in this area.
- Complete: All required activities are at least at a defined level. The organisation has evidentially described and defined.
SO1.5.1: Compliance to legal and community norms
To comply with all legal and applicable norms for handling confidential data that apply to the designated community.
RA1.5.1.1: Data handling requirements
The organisation complies with applicable research discipline norms and legal data handling requirements.
(0) Not defined: |
Not relevant or no requirement for compliance. |
(1) Initial: |
Informal and inconsistent adherence to legal and research discipline norms for handling confidential data. |
(2) Repeated/partial: |
The organisation complies with norms consistently through repeated action, however there is no written procedures or procedures for exceptions and errors. |
(3) Defined: |
The organisation complies with norms and legal requirements through systematic written, formal procedures and policies. |
(4) Managed: |
Compliance to procedures and policies are monitored and assessed. Non-compliance incidents are recorded. |
(5) Optimised: |
Reviews of the procedures and policies for compliance to research discipline norms for confidential data handling are performed at regular intervals. |
RA1.5.1.2: Confirmation about legal and ethical criteria data collection
The organisation requests confirmation that data collection or creation was carried out in accordance with legal and ethical criteria prevailing in the data producerĀ“s location or discipline (e.g. data protection legislation, ethical review committees, etc.)
(0) Not defined: |
There is no evidence that the organisation asks for any information regarding the ethical collection or creation of data that may be confidential in nature, or there is no requirement to request this confirmation. |
(1) Initial: |
There are requests for confirmation that ethical standards for data collection or creation have been met, but these are on an ad hoc basis, or as and when the organisation or a staff member remembers. |
(2) Repeated/partial: |
There are regular requests for confirmation that the data collection or creation is in accordance with ethical criteria, but process has developed out of practice and there is no evident documentation or policy. |
(3) Defined: |
Requests for confirmation that the data collection or creation is in accordance with ethical criteria are conducted in compliance with the organisational policy. |
(4) Managed: |
Requests for confirmation are monitored. incidents in the procedure are recorded. |
(5) Optimised: |
Reviews of the procedure of requesting confirmation that ethical standards are being followed are conducted at regular intervals. Adaption in the procedure are made to mitigate significant incidents. |
RA1.5.1.3: Confidentiality and disclosure
The repository requires that data depositors ensure that data meet requirements of confidentiality and non-disclosure for data collected from human subjects. In some cases, the repository may alter sensitive data to create anonymised data that can be distributed to its user community [maps to: Annex 2, section 13] [CESSDA Statutes, section 7].
(0) Not defined: |
Not applicable; not relevant; or there is no such activity. |
(1) Initial: |
There is some awareness of the issue, but decisions and procedures are ad hoc and performed on a case-by-case basis; there are no written processes and procedures in place for dealing with confidentiality, disclosure and data protection issues; no predefined criteria or non-disclosure agreements/statements are available for depositors/users. |
(2) Repeated/partial: |
Depositors are repeatedly being informed of confidentiality issues, but no formal information template exists; checks are being performed on the deposited data, but there are no written procedures in place (some documentation may exist but it is incomplete). |
(3) Defined: |
Processes and procedures are in place; standardised information is provided to the depositor prior to the deposit; checks are performed on data after deposit; process and procedure descriptions for handling and altering sensitive data are in place. |
(4) Managed: |
Processes and procedures are integrated into high level policies; there are regular reviews and updates of processes and procedures; there are mechanisms and procedures in place for staff training on confidentiality, disclosure risks and anonymisation. |
(5) Optimised: |
The usage and success of confidentiality and disclosure mechanisms are continuously assessed, reviewed and updated; monitoring of wider legal framework (e.g. national and EU regulations); regular and formalised contact with relevant stakeholders; automated checks and anonymisation mechanisms may be in place. |
RA1.5.1.4: Confidentiality checks and anonymisation procedures
The repository has mechanisms and procedures in place for altering sensitive data to create anonymised data that can be distributed to its user community [maps to: Annex 2, section 13] [CESSDA Statutes, section 7].
(0) Not defined: |
Not applicable; not relevant; or there is no such activity. |
(1) Initial: |
There is some awareness of the issue, but decisions and procedures are ad hoc and performed on a case-by-case basis; there are no written processes and procedures in place for dealing with confidentiality checks and anonymisation. |
(2) Repeated/partial: |
Confidentiality checks and anonymisation are repeatedly being performed on some types of data, but there are no formal or defined procedures or other documentation in place. |
(3) Defined: |
Processes and procedures are formalised and defined; confidentiality checks are performed on all relevant data; formalised anonymisation procedures are defined. |
(4) Managed: |
There are regular reviews and updates of processes and procedures; there are mechanisms and procedures in place for staff training on confidentiality, disclosure risks and anonymisation |
(5) Optimised: |
Regular review and updates of process and procedures based on technology and community watch; automated checks and anonymisation mechanisms may be in place. |
RA1.5.1.5: Data protection, privacy
There are mechanisms in place to protect the anonymity of data subjects in accordance with applicable international, European and national regulations, as well as relevant ethical frameworks. [maps to: Annex 2, section 13] [CESSDA Statutes, section 7]
(0) Not defined: |
No data protection mechanisms in place. |
(1) Initial: |
There is some awareness of the issue, but decisions and procedures are ad hoc and performed on a case-by-case basis; there are no written processes and procedures in place for dealing with confidentiality, disclosure and data protection issues; no predefined criteria or non-disclosure agreements/statements are available for users. |
(2) Repeated/partial: |
Users are repeatedly being informed of confidentiality issues, but no formal information template exists; checks are being performed on data, but there are no written procedures in place (some documentation may exist but it is incomplete). |
(3) Defined: |
Mechanisms, processes and procedures for data protection are in place; standardised information is provided to users prior to access; licenses and conditions of use are defined and made available for users. |
(4) Managed: |
Processes and procedures are integrated into high level policies and objective; there are regular reviews and updates of processes and procedures; there are mechanisms and procedures in place for staff training on confidentiality, disclosure risks and anonymisation. |
(5) Optimised: |
Regular review and updates of process and procedures based on technology and community watch; automated checks and anonymisation mechanisms may be in place. |
RA 1.5.1.6: Security levels
Security levels for data objects are defined, implemented, and information about the security levels is widely disseminated.
(0) Not defined: |
There is no evidence of awareness of security issues, or it is not required. |
(1) Initial: |
Responsibility of process and procedure is left to the individual, and actions are performed on an ad hoc or case-by-case basis. Work outcomes are produced and the specific goals of the process area are satisfied. However the processes are unstructured and errors are likely. Activities related to the processes are uncoordinated, irregular and not repeatable. |
(2) Repeated/partial: |
The setting and usage of security levels follow a regular pattern, by repeatable processes and procedures which are being followed by different people undertaking the same task. However, processes and procedures are not necessarily documented (and it is not communicated). Security levels are not formally defined. |
(3) Defined: |
The setting and usage of security levels are documented and formalised. |
(4) Managed: |
Security levels are managed, reviewed and controlled on a regular basis to reflect the needs and requirements of the repository and its designated community. |
(5) Optimised: |
The organisation has attained ISO27001 accreditation. |
SO1.5.2: Trusted Removal of Digital Objects
The organisation must be trusted to handle issues (or disputes) with digital objects it in its holdings when they occur, in accordance with legal and organisation policy.
RA1.5.2.1: Removal of Digital Objects from the Data Holding.
The organisation has defined conditions for the removal of items from its data holdings. Possible reason for removal: copyright violations, legal requirements and proven violations, national security, falsified research, confidentiality concerns, etc.
(0) Not defined: |
There is no evidence of a removals policy, or not applicable. |
(1) Initial: |
There are no defined conditions or policy for the removal of items. Any removal is undertaken upon request, with little consultation with the data owner and is not documented. |
(2) Repeated/partial: |
The organisation has internal specifications for removal of items. The data owner is consulted and an agreement to remove is made. |
(3) Defined: |
There is a clear and publicly available policy for the removal of items. The procedure is defined and communicated to all stakeholders before the initiation of the procedure for removal. |
(4) Managed: |
The organisation monitors and measures the procedures for removal of items and the outcomes. |
(5) Optimised: |
The policy and procedures for removal of items are regularly reviewed and modified to ensure that they fulfil the needs of all stakeholders. |