Security & Privacy

Designing for Security and Privacy

Brain-CODE was designed with best-practice privacy strategies at the forefront to enable secure capture of sensitive participant data in a manner that abides by government legislation while fostering data sharing and linking opportunities. Privacy and security features have been incorporated into the foundation of Brain-CODE’s infrastructure, and are reinforced by comprehensive guidelines and state-of-the-art approaches to keep participant data safe. As a result, OBI has been named a “Privacy by Design” Ambassador by the Office of the Information and Privacy Commissioner of Ontario. By embedding the 7 foundational principles of Privacy by Design into the core of Brain-CODE, we can ensure that researchers have the information they need, and that participants are protected.

Access to Data

OBI is a supporter of the international open data movement. As such, it aims to make brain related research datasets available to a broader research community for greater outcomes with positive impact on patient care. To achieve this goal, data on Brain-CODE will be available to recognized academic and non-academic researchers. While Public Data will be immediately available to registered individuals, Controlled Data will require a formal data access request and committee review. More information is available in our Data Sharing Policy which can be accessed at www.braincode.ca/content/governance.

Participant Privacy

The number one priority when sharing data on Brain-CODE is ensuring participant privacy. The safe-guarding of participant identity begins before any data sharing on Brain-CODE. Brain-CODE will only share data in accordance with participant informed consent and adequate research ethics board approval. Through Brain-CODE, inter-institutional collaborators can share their raw study data. Further sharing with external researchers takes place after all data are stripped of identifying information to the extent possible using advanced de-identification tools. These tools are designed to both assess and consequently minimize the risk posed to a participant’s privacy.  The tiered approach to data organization on Brain-CODE enables granular access permissions to ensure only authorized users may access sensitive datasets.

All technical staff working with Brain-CODE are trained on how to respond to any unauthorized attempts at accessing data. Should any such attempts occur, procedures have been put in place to identify, report and manage any threats to data in Brain-CODE. More information on this can be found in our Privacy Breach Policy at available at www.braincode.ca/content/governance

Security Practices

To ensure that data in Brain-CODE are safe and secure, a number of measures have been implemented:

  • Continuous monitoring of software tools to identify any unauthorized attempt to access or interfere with data in Brain-CODE
  • Systematic user role validation and data de-identification before release to parties requesting data for analysis
  • A strict containment process as defined in the Brain-CODE governance policy
  • Regular Privacy Impact Assessment and Threat Risk Assessments to ensure that the infrastructure and data manipulation abide by high security standards
  • Regular meetings of a Brain-CODE Information Security Committee that oversees the privacy and security practices for all Data on Brain-CODE

If you have any questions, please contact governance@braincode.ca