Personal or Sensitive Data?

Definition

According to The Swiss Federal Act on Data Protection:

Personal data is all information relating to an identified or identifiable person (e.g.: name, address, email address). Personal data may contain direct identifiers (name, phone number...)  or indirect identifiers (that could reveal someone's identity when placed together).

Sensitive data is related to:

1. religious, ideological, political or trade union-related views or activities,
2. health, the intimate sphere or the racial origin,
3. social security measures,
4. administrative or criminal proceedings and sanctions.
  
If your personal/sensitive data are anonymized, it doesn't fall anymore under regulations such as LIPAD, FADP, GDPR, HRA...

Personal or sensitive data Storage

The storage of personal or sensitive data requires additional technical and organizational safeguards to ensure its integrity and confidentiality. For example:

  • Control access to rooms and buildings;
  • Locking computer systems with strong passwords;
  • Not store personal or sensitive data on servers or computers connected to an external network;
  • Log access to hard/digital copies;
  • Implement access control for data files (no access, read only, read and write, administrator only);
  • Encrypt sensitive data before sharing with authorized individuals.

Datatags system

The DataTags System makes it possible to explain the level of sensitivity of a data set using a label. For each of these levels, the system proposes specificities and precautions for the treatment of linked data:

DUA = Data User Agreement

The DataTags System is implemented in Yareta, the Geneva repository for research data.

Publication that presents the DataTags system:
Sweeney, L., Crosas, M., & Bar-Sinai, M. (2015). Sharing Sensitive Data with Confidence: The Datatags System.