The Information Governance Office is responsible for setting the Information Governance Policy for the School, and all departments are expected to comply with the policy. Information on the policy can be accessed via the sub-pages listed below.
Data transfer agreements are required for all incoming and outgoing datasets regardless of whether they contain anonymous, pseudonymised or identifiable data. Please see the section on data transfer agreements below for further information.
If you have any questions, please contact Carolyn Read or Victoria Hollamby at research_governance@medschl.cam.ac.uk
Summary of policy
No participant identifiable data held for research purposes – NHS or non-NHS – should be stored on University computers, outside the approved Safe Havens run by CSCS, WBIC and MRC Epidemiology
All Safe Havens must be used in accordance with their respective Security Policy.
University E-mail systems should not be used to send sensitive personal identifiable information.
The information governance policy applies to all areas of the Clinical School, however, the implementation of the policy may vary slightly depending on the systems already in place. For example data stored in WBIC, MRC Epidemiology will be stored in an area with an equivalent level of security but will be accessed according to departmental policies.
The policy only applies to participant identifiable research data, it does not apply to anonymised data which can be stored in the main working area.
Following approval at the Council of School’ s meeting, the Secure Data Hosting Service policy, which sets out how identifiable research participant data is stored and accessed, has been updated and can be found here.
Useful Links
Anonymisation: Managing data protection risk code of practice (Information Commisioner’s Office)
Research Governance Office: research_governance@medschl.cam.ac.uk