/Docs/G/GA4GH/Data-Privacy-and-Security/Form/0.md
  Source views: Source JSON(ish) on GitHub (VSCode)   Doc views: Document (&k=Def.r00t): Visual Print Technical: OpenParameters Xray

---

Definitions
The following definitions are intended to align with the Framework, GA4GH Security Technology Infrastructure, and other GA4GH policies. They are not intended as a substitute for definitions found in relevant laws or regulations.

• “anonymized data” means data that are rendered anonymous in such a way that the data subject is not or is no longer identifiable.
• “controlled access” means a data access model whereby qualified researchers apply for data access and their research plans are reviewed, often by a committee. Also known as managed or restricted access.
• “data” means genomic and health-related data. These include data on the health status of individuals and data on non-medical determinants of health, such as health behaviors, living and working conditions, personal resources, and environmental factors. These also include data relating to the genetic characteristics of an individual which have been either inherited or acquired during prenatal development, as they result from an analysis of a biological sample from the individual concerned, in particular chromosomal, DNA, or RNA analysis, or analysis of any other element enabling equivalent information to be obtained.
• “data breach” means a security incident that has affected the confidentiality, integrity, or availability of data, including accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, data.
• “data privacy impact assessment” means a formal process designed to help data stewards systematically analyze, identify, and minimize the data privacy risks of a project or plan.
• “data protection officer” means an expert in data protection within an organization who ensures, in an independent manner, that an organization applies relevant laws, regulations, and guidelines protecting individuals’ data.
• “data steward” means an entity responsible for assuring the quality, integrity, and access arrangements of data from the moment of data collection, and for managing the metadata that preserves context and associated business rules, including privacy and security attributes consistent with applicable law, institutional policy, and individual permissions.
• “data subject” means the individual whose data have been collected, generated, held, used, or shared.
• “data user” means individuals or organizations who are authorized by data stewards or other competent persons or organizations (e.g. research ethics committees, data access committees) to access and use data for an authorized, bona fide purpose. Data users are secondary users of data that are distinct from the primary data generating research team.
• “Framework” means the GA4GH Framework for Responsible Sharing of Genomic and Health-Related Data.
• “GA4GH” means the Global Alliance for Genomics and Health.
• “identifiable data” means data that may reasonably be expected to identify an individual, alone or in combination with other data.
• “Identity and Access Management (IAM)” means a set of business processes and supporting technologies that enable the creation, maintenance, use, and revocation of digital identity. IAM includes identity proofing, credential issuance, rights authorization, identity authentication, and privilege revocation. IAM practices make sure that the right people gain access to the right services and data at the right time, as well as making it safe, secure, and simple to change access rights, group memberships, and other key attributes as users and systems grow, change, are added, or are removed.
• “key” means a piece of data that an encryption algorithm uses to determine exactly how to unscramble pseudonymized data.
• “logical access” means control measures used for identification, authentication, authorization, and accountability in digital systems, programs, processes, and information.
• “metadata” means data that provides information about other data.
• “organizational members” means the organizations that are a member of the GA4GH.
• “policy” means, unless otherwise specified, the GA4GH Data Privacy and Security Policy.
• “processing” means any operation or set of operations which is performed on data or on sets of data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
• “pseudonymized data” means data which have been processed in such a manner (e.g. by assigning one or more random codes) that the data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the data are not attributed to an identified or identifiable natural person. Also known as coded data.
• “registered access” means a data access model whereby qualified researchers apply for data access to one dataset or multiple datasets at once by providing details of their identity for authentication and agreeing to terms and conditions of data use during the registration process.
• “REWS” means the Regulatory and Ethics Work Stream of the GA4GH.
• “security risk assessment” means an objective analysis of the effectiveness of the current security controls that protect an organization’s data.
• “supervisory authority” means the public authority (or authorities) in a jurisdiction responsible for monitoring the application of the administrative measures, laws, and regulations adopted within their jurisdiction pursuant to privacy, data protection, and data security.
• “vulnerable persons/populations” means individuals or groups that have a greater likelihood of being denied adequate satisfaction of some of their legitimate claims to (i) physical integrity, (ii) autonomy, (iii) freedom, (iv) social provision, (v) impartial quality of government, (vi) social bases of self-respect, or (vii) communal belonging.1