Register of Processing Activity - COVID-19 Data Research Hub | |||
---|---|---|---|
Controller | |||
Name and Contact Details | Data Protection Officer | ||
Name | C.S.O. - Administrative Data Centre | Name | Maria Hurley |
Address | Skehard Road, Cork T12 X00E | Address | Skehard Road, Cork T12 X00E |
DPO@cso.ie | |||
Article 30 Record of Processing Activities | Business function | C.S.O. - Administrative Data Centre | |
Purpose of processing | The purpose of the CSO COVID-19 Data Research Hub is to make COVID-19 administrative datasets available to researchers via the CSO Researcher Microdata Files (RMF) process, under Section 20(c) of the Statistics Act, 1993. As part of this process, (i) administrative datasets received are formatted into SAS (a proprietary software product) datasets in order to facilitate the production of COVID-19 statistical outputs. (ii) The data received is pseudonymised (iii) internal access controls are applied (iv) pseudonymised files are made available to approved external COVID-19 researchers. See column "General description of technical and organisational security measures (if possible)" for more details. |
||
Categories of individuals | Members of the population coming into contact with the HSE's COVID-19 testing, tracing, or treatment systems | ||
Categories of personal data | (i) Identification of persons referred for COVID-19 tests (ii) Identification of persons referred to COVID-19 Assessment Hubs (iii) Identification information for persons testing positive for COVID-19 (iv) Identification information for persons testing negative for COVID-19 (v) Close contact identification information (vi) Details of telephone assessments made of persons testing positive for COVID-19 (e.g., symptoms, underlying medical conditions) (vii) Details of assessment made at COVID-19 Assessment Hubs (e.g., symptoms, underlying medical conditions) (viii) Details of assessments made by means other than (vi) and (vii) (ix) Details of persons who have been admitted to hospital for COVID-19 (e.g., date of hospital admission, underlying medical conditions, outcome of the disease) |
||
Categories of recipients | (i) Approved external COVID-19 researchers working on pseudonymised data files. See column "General description of technical and organisational security measures (if possible)" for more details. |
||
Retention schedule (if possible) | The CSO consulted with the Data Protection Commissioner regarding the COVID-19 data including storage of the data. There will be a post-pandemic review, which may make certain recommendations regarding the duration of the data storage element regarding COVID-19 related data sources. | ||
General description of technical and organisational security measures (if possible) | (i) All data held by the CSO are held and processed in accordance with the data protection requirements of the (i) GDPR/Data Protection Act 2018 and (ii) the Statistics Act 1993. (ii) The incoming data files are formatted into SAS datasets, and pseudonymised for further use. (iii) The pseudonymised datasets are only made available only to approved external researchers. (Approval of researchers and control of access to these data files is managed by the CSO's Researcher Coordination Unit.) |
||
Article 30 Record of Processing Activities - other elements (where appropriate) | Name and contact details of joint controller (if applicable) | N/A | |
Names of third countries or international organisations that personal data are transferred to (if applicable) | N/A | ||
Safeguards for exceptional transfers of personal data to third countries or international organisations (if applicable) | N/A | ||
Link to contract with processor | N/A |