CSO COVID-19 Data Research Hub Summary Data Protection Impact Assessment (1204)

Prior to the COVID-19 pandemic, Ireland did not have an established standard mechanism or structure to facilitate statistics-based health research, in particular where data was being used from a variety of diverse sources. It quickly became apparent from the commencement of the COVID-19 pandemic that such a secure, data protection compliant environment for controlled statistical analysis by epidemiologists and other approved researchers would be required to support the Irish public health response.

Public health data falls into a specific category of personal information that requires exacting data protection, access controls and processing security, as provided for under Article 9 of the General Data Protection Regulation (GDPR), and as further set out in the Data Protection Act 2018 and the Health Research Regulations 2018 (SI 314 of 2018). The CSO is the National Statistical Institute for Ireland. Given its legal status and the existing technical and statistical structures in place for the secure processing of large volumes of data, including special category data, the Office was identified as the appropriate organisation to lead the rapid development of such a mechanism. Furthermore, CSO Officers of Statistics are subject to personally, as well as organisationally, binding legal obligations of confidentiality, attaching to the processing of data, both personal and non-personal, for statistical purposes.

A solution was developed in agreement between each of the key stakeholders, the Health Service Executive (HSE), Department of Health and the CSO, and in consultation with the Office of the Data Protection Commissioner. This document, which should be read in conjunction with DPIA 1156 concerning the CSO COVID-19 Data Hub, sets out the rationale, the approach and the legal bases on which COVID-19 related health data is being processed via the CSO to inform the public health response to the pandemic during its emergency phase and the longer term management of COVID-19 in our society.

DPIA 1156 in respect of the CSO COVID-19 Data Hub sets out a comprehensive overview of the processing associated with the immediate public health response requirements of the pandemic. This summary DPIA 1204, in respect of the CSO COVID-19 Data Research Hub, addresses the extension of processing to include research proposals from research institutes and affiliated researchers wishing to leverage COVID-19 data to provide further and enhanced insight and understanding into the scientific dynamics of the pandemic and the management of the virus in Ireland. As such, it builds upon and should be read in conjunction with the processing set out in DPIA 1156, with the addition here of detailed illustration of the extensive additional safeguards and protections developed to ensure that this further processing can be carried out securely, subject to appropriate scientific and governance oversight, fully vindicating the data protection and privacy rights of data subjects.

In summary, defined HSE data flows (listed at Appendix 1) are transferred to the CSO using advanced secure and encrypted transmission methods. This data is received in the CSO by a dedicated business unit called the Administrative Data Centre (ADC), which is a specialist team responsible for decrypting, processing, pseudonymising and storing the records in a format accessible for statistical analysis (hereafter termed the statistical datasets). Access to the HSE raw data is confined to a limited number of ADC staff for processing purposes only. Specific detail on the technical aspects and methods used to process the data within the CSO is not outlined in this summary DPIA for operational and security reasons but has been included in the internal use operational DPIA and shared with the Office of the Data Protection Commissioner.

In the pseudonymisation process, all direct identifiers such as names and addresses are removed by CSO. Additionally, once in receipt of HSE data, the CSO converts the identifier numbers in each dataset that remain to a Protected Identifier Key (PIK). PIKs are unique and non-identifiable numbers which are internal to the CSO. Using PIKs enables the CSO and approved researchers to link and analyse data for statistical purposes, while protecting the security and confidentiality of the individual data.

All access requests for analysis purposes are with respect to pseudonymised data only. Descriptors of data flows
and datasets involved are registered on the internal ADC Data Portal, though the data itself is neither viewable nor accessible from this Portal. Approved CSO statisticians may make an application for access for defined statistical purposes, as may approved epidemiologists/researchers who have been appointed as Officers of Statistics pursuant to a Section 11 agreement governing co-operation and liaison with other public authorities and persons, under either Section 20(b) or of the Statistics Act, or under Section 20(c) of the Act, whereby persons may be authorised in writing by the Director General to perform, for a specified period, particular statistical analysis which necessitates access to data collected under the Act. In the case of Researchers applying for Officer of Statistics status under Section 20 (c) of the Statistics Act, a bespoke authorisation process necessary to establish the clinical bona fides of their research is required under the Health Research Regulations 2018, SI No.314 of 2018. No application will be approved by the CSO in the absence of this approval, which involves a three pronged process involving the Research Ethics Committee of the relevant research establishment and the recommendation and approval of the Research Data Governance Board and the Health Research Consent Declaration Committee respectively. This process is illustrated in detail here:
https://www.hrb.ie/fileadmin/1._Non-plugin_related_files/HIE_files/2021_HIE/RDGB/Access_Covid_19_Data_for_Research_Flowchart.pdf.

In all cases, Officers of Statistics are bound by the stringent confidentiality obligations provided for under Part V of the Act at sections 32 to 34.

For Officers of Statistics who are not staff of the Central Statistics Office acting under the direction of the Director General, access to the statistical datasets, if approved, is controlled via a secure read-only CSO access mechanism, the Researcher Data Portal (RDP). The Researcher Data Portal operates under the control of the Office’s Researcher Coordination Unit (RCU). Researchers access the CSO RDP via a Citrix connection, which uses two factor authentication as well as a unique username and a password, which must be reset at time of first login. The microdata at all times remains on a CSO server. Copying or removal are prohibited; Access Control Lists are used, and subject to systematic oversight and review. Only final output records are available for further use, and these outputs are subject to detailed Statistical Disclosure Control (SDC) oversight by designated CSO statisticians. The term Research Microdata File (RMF) is used to describe such pseudonymised statistical datasets. More information about the RCU and RMF mechanism are available here.

The CSO operates in compliance with Article 32 of the GDPR, regarding security of processing, and, having regard to the Office’s state of the art technology, costs of implementation, and the nature, scope, context and purposes of processing, operates a stringent regime of technical and organisational measures to ensure a level of security and data protection appropriate to the sensitivity and personal nature of the records concerned. Suitably processed versions of these data, presented in pseudonymised RMF format, are collated for use by approved researchers, subject to the multi-lateral approvals processes set out in this DPIA.