Privacy and security for the Data Innovation Program

Last updated on November 28, 2024

The Data Innovation Program uses best practices for managing safe access to confidential or sensitive data. Find out how project data is being kept safe and secure.

On this page

Privacy and security for the Data Innovation Program

The Data Innovation Program meets B.C.’s strict privacy laws and embodies world-leading best practices for data privacy and security. The program was developed in partnership with privacy experts and reviewed by BC's Office of the Information and Privacy Commissioner.

Legislation

The Data Innovation program's approach to privacy and security is guided by the following legislation:

Privacy Impact Assessment

A privacy impact assessment (PIA) is a step-by-step review process to make sure that personal information collected or used is protected. The Data Innovation Program has completed an overarching Privacy Impact Assessment.

Privacy and security framework

The program has a Privacy and Security Framework (PDF, 1.8MB) based on the internationally recognized Five Safes model​ that outlines how to protect data and reduce the risk of inappropriate use of sensitive data. This model covers the following five key areas:


1. Safe people

Only authorized individuals can access the data

Only authorized people can access the data. Authorized people are government analysts and government-contracted researchers who:

  • Completed an oath of secrecy under the Statistics Act
  • Completed privacy training and must pass an exam
  • Signs user agreements stipulating terms and conditions of their data access and use

2. Safe projects

Data projects must be in the public interest

Only approved projects can access the data. Projects must have a public benefit and protect against harms to people or communities. Access will be granted only for projects that meet the following criteria:

  • Have a clear public benefit to people
  • Have a valid statistical purpose
  • Demonstrate sound study design and methodology
  • Protect against community harms

3. Safe data

De-identified Data

Within the Data Innovation Program, only de-identified data is available. De-identified data is a powerful resource for research projects. It can lead to analytical insights while maintaining individual privacy and confidentiality.

This means: : personal identifiers such as names, driver licence numbers and personal health numbers are removed. All data is protected and subject to the Freedom of Information and Protection of Privacy Act. Analysts never see data that identifies people or data that can be used to target people


4. Safe setting

Using the right technology to integrate data safely  

Data can only be accessed in a secure setting under government’s care and control. The Data Innovation Program uses a secure research environment located in B.C. that:

  • Has physical, policy and technological controls to safeguard information
  • Has regular third-party privacy and security audits
  • Is managed in partnership by Population Data BC, an academic organization with a 20-year track record of secure data handling, linkage and storage

5. Safe outputs

Additional protection of privacy in research outputs

The Data Innovation Program takes measures to ensure a project’s research results are anonymous. This is an extra layer of protection in the unlikely event that integrating data sets somehow creates a composite of an identifiable person. The program sets clear obligations under the terms and conditions for access and ensures results are anonymous.

Contact us

Submit feedback, request for more information, or get help through the Data Systems and Services request system.