G/GA4GH/Data-Privacy-and-Security/Sec/Def/0.md

Ti	=	Definitions
sec	=	{Intro.sec} {anonymized_data.sec} {controlled_access.sec} {data.sec} {data_breach.sec} {data_privacy_impact_assessment.sec} {data_protection_officer.sec} {data_steward.sec} {data_subject.sec} {data_user.sec} {Framework.sec} {GA4GH.sec} {identifiable_data.sec} {IAM.sec} {key.sec} {logical_access.sec} {metadata.sec} {organizational_member.sec} {policy.sec} {processing.sec} {pseudonymized_data.sec} {registered_access.sec} {REWS.sec} {security_risk_assessment.sec} {supervisory_authority.sec} {vulnerable_population.sec}
Intro.sec	=	The following definitions are intended to align with the {_Framework}, GA4GH Security Technology Infrastructure, and other GA4GH policies. They are not intended as a substitute for definitions found in relevant laws or regulations.
anonymized_data.sec	=	“{_anonymized_data}” means {_data} that are rendered anonymous in such a way that the {_data_subject} is not or is no longer identifiable.
controlled_access.sec	=	“{_controlled_access}” means a {_data} access model whereby qualified researchers apply for {_data} access and their research plans are reviewed, often by a committee. Also known as managed or restricted access.
data.sec	=	“{_data}” means genomic and health-related data. These include data on the health status of individuals and data on non-medical determinants of health, such as health behaviors, living and working conditions, personal resources, and environmental factors. These also include data relating to the genetic characteristics of an individual which have been either inherited or acquired during prenatal development, as they result from an analysis of a biological sample from the individual concerned, in particular chromosomal, DNA, or RNA analysis, or analysis of any other element enabling equivalent information to be obtained.
data_breach.sec	=	“{_data_breach}” means a security incident that has affected the confidentiality, integrity, or availability of {_data}, including accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, {_data}.
data_privacy_impact_assessment.sec	=	“{_data_privacy_impact_assessment}” means a formal process designed to help {_data_steward}s systematically analyze, identify, and minimize the {_data} privacy risks of a project or plan.
data_protection_officer.sec	=	“{_data_protection_officer}” means an expert in {_data} protection within an organization who ensures, in an independent manner, that an organization applies relevant laws, regulations, and guidelines protecting individuals’ {_data}.
data_steward.sec	=	“{_data_steward}” means an entity responsible for assuring the quality, integrity, and access arrangements of {_data} from the moment of {_data} collection, and for managing the {_metadata} that preserves context and associated business rules, including privacy and security attributes consistent with applicable law, institutional policy, and individual permissions.
data_subject.sec	=	“{_data_subject}” means the individual whose {_data} have been collected, generated, held, used, or shared.
data_user.sec	=	“{_data_user}” means individuals or organizations who are authorized by {_data_steward}s or other competent persons or organizations (e.g. research ethics committees, {_data} access committees) to access and use {_data} for an authorized, bona fide purpose. {_Data_user}s are secondary users of {_data} that are distinct from the primary {_data} generating research team.
Framework.sec	=	“{_Framework}” means the GA4GH Framework for Responsible Sharing of Genomic and Health-Related Data.
GA4GH.sec	=	“{_GA4GH}” means the Global Alliance for Genomics and Health.
identifiable_data.sec	=	“{_identifiable_data}” means {_data} that may reasonably be expected to identify an individual, alone or in combination with other {_data}.
IAM.sec	=	“Identity and Access Management ({_IAM})” means a set of business processes and supporting technologies that enable the creation, maintenance, use, and revocation of digital identity. {_IAM} includes identity proofing, credential issuance, rights authorization, identity authentication, and privilege revocation. {_IAM} practices make sure that the right people gain access to the right services and {_data} at the right time, as well as making it safe, secure, and simple to change access rights, group memberships, and other {_key} attributes as users and systems grow, change, are added, or are removed.
key.sec	=	“key” means a piece of {_data} that an encryption algorithm uses to determine exactly how to unscramble {_pseudonymized_data}.
logical_access.sec	=	“{_logical_access}” means control measures used for identification, authentication, authorization, and accountability in digital systems, programs, processes, and information.
metadata.sec	=	“{_metadata}” means {_data} that provides information about other {_data}.
organizational_member.sec	=	“{_organizational_member}s” means the organizations that are a member of the {_GA4GH}.
policy.sec	=	“{_policy}” means, unless otherwise specified, the GA4GH Data Privacy and Security Policy.
processing.sec	=	“{_processing}” means any operation or set of operations which is performed on {_data} or on sets of {_data}, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
pseudonymized_data.sec	=	“{_pseudonymized_data}” means {_data} which have been processed in such a manner (e.g. by assigning one or more random codes) that the {_data} can no longer be attributed to a specific {_data_subject} without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the {_data} are not attributed to an identified or identifiable natural person. Also known as coded {_data}.
registered_access.sec	=	“{_registered_access}” means a {_data} access model whereby qualified researchers apply for {_data} access to one dataset or multiple datasets at once by providing details of their identity for authentication and agreeing to terms and conditions of {_data} use during the registration process.
REWS.sec	=	“{_REWS}” means the Regulatory and Ethics Work Stream of the {_GA4GH}.
security_risk_assessment.sec	=	“security risk assessment” means an objective analysis of the effectiveness of the current security controls that protect an organization’s {_data}.
supervisory_authority.sec	=	“{_supervisory_authority}” means the public authority (or authorities) in a jurisdiction responsible for monitoring the application of the administrative measures, laws, and regulations adopted within their jurisdiction pursuant to privacy, {_data} protection, and {_data} security.
vulnerable_population.sec	=	“{_vulnerable_person}s/populations” means individuals or groups that have a greater likelihood of being denied adequate satisfaction of some of their legitimate claims to (i) physical integrity, (ii) autonomy, (iii) freedom, (iv) social provision, (v) impartial quality of government, (vi) social bases of self-respect, or (vii) communal belonging.{FtNt.1.Xnum}
	=	[G/Z/Base]
FtNt.1.sec	=	Adopted from Tavaglione N, Martin AK, Mezger N, Durieux-Paillard S, François A, Jackson Y, Hurst SA. Fleshing out vulnerability. Bioethics 2015; 29(2): 98-107.