Personal or Sensitive Data

Definition

According to The Loi sur l’information du public, l’accès aux documents et la protection des données personnelles (LIPAD) (art. 4):

Personal data is all information relating to a natural person (personne physique) or legal entity under private law (personne morale de droit privé), whether identified or identifiable. Personal data may contain direct identifiers (name, phone number...)  or indirect identifiers (that could reveal someone's identity when placed together).

Personal sensitive data is related to:

1. religious, philosophical, political, trade union-related, or cultural views or activities,

2. health, the intimate sphere or ethnicity,

3. social security measures,

4. administrative or criminal proceedings and sanctions.

 

(Our translation)

 

If the personal/sensitive data are anonymized, it doesn't fall anymore under regulations such as LIPAD, FADP, GDPR, HRA...

Personal or sensitive data storage

The storage of personal or sensitive data requires additional technical and organizational safeguards to ensure its integrity and confidentiality. For example:

• Control access to rooms and buildings;
• Locking computer systems with strong passwords;
• Not store personal or sensitive data on servers or computers connected to an external network;
• Log access to hard/digital copies;
• Implement access control for data files (no access, read only, read and write, administrator only);
• Encrypt sensitive data before sharing with authorized individuals.

Portal dedicated to data protection at UNIGE

The University of Geneva places the highest priority on the security and privacy of personal data and has set up a dedicated portal on the subject [in French only]. The portal provides answers to frequently asked questions, explanations on how to handle personal data in practice, and useful resources. 

The Datatags System

The DataTags System makes it possible to explain the level of sensitivity of a data set using a label. The DataTags System is implemented in Yareta, the Geneva repository for research data. For each level of sensitivity, the system proposes precautions for the treatment of data:

DUA = Data User Agreement

Publication that presents the DataTags system and source of the table above:
Sweeney, L., Crosas, M., & Bar-Sinai, M. (2015). Sharing Sensitive Data with Confidence: The Datatags System.

To learn more

Training at UNIGE

• Anonymizing personal/sensitive data

Resources

• Portal dedicated to data protection at UNIGE [in French only]
• Legal obligations & Ethical considerations
• Consent forms
• Anonymisation