| Term | Definition | Resource |
|---|---|---|
| Adversary | A data user who intentionally or inadvertently learns or discloses information about a data subject through re-identification or attribution. This user may be motivated by a wish to discredit or otherwise harm the organisation disseminating the data, to gain notoriety or publicity, or to gain profitable knowledge about particular data subjects. Data adversaries are sometimes referred to as intruders, snoopers or attackers | Definition adapted from Elliot, M., Mackey, E., O’Hara, K. et al. The Anonymisation Decision-Making Framework (2016). UK Anonymisation Network. Accessed at: https://eprints. soton.ac.uk/399692/1/The-Anonymisation-Decision-makingFramework.pdf (last accessed 24 March 2021). |
| Anonymisation | The overall process of protecting the privacy of data subjects, including clinical study participants, and reducing the risk of re-identification by 1) modifying (e.g. suppressing, obscuring, aggregating, altering) identifiable information in structured data and documents, 2) assessing and controlling the residual risk of re-identification and 3) considering the context of the data release. | Definition adapted from PHUSE: Data Anonymisation and Risk Assessment Automation, Version 1.0. (9 June 2020). Accessed at: https://phuse.s3.eu-central-1. amazonaws.com/Deliverables/Data+Transparency/ Data+Anonymisation+and+Risk+Assessment+Automation.pdf (last accessed 18 March 2021). |
| Anonymised data and documents | Data and documents that have been produced as the output of an anonymisation process. | Definition adapted from International Organization for Standardization: ISO 25237:2017(en) Health informatics – Pseudonymization. (January 2017). Accessed at: https://www.iso.org/obp/ui/#iso:std:iso:25237:ed-1:v1:en (last accessed 23 March 2021) International Organization for Standardization: ISO/IEC 29100:2011(en) Information technology — Security techniques — Privacy framework (December 2011). Accessed at: https://www.iso.org/standard/45123.html (last accessed 24 March 2021). |
| Confidential business information (CBI) | In respect of a person (individual or organisation) to whose business or affairs the information relates, means business information that is not publicly available, in respect of which the person has taken measures that are reasonable in the circumstances to ensure that it remains not publicly available, and that has actual or potential economic value to the person or their competitors because it is not publicly available and its disclosure would result in a material financial loss to the person or a material financial gain to their competitors. (In reference to clinical reports submitted to Health Canada, as defined in Canada’s Section 2 of the Food and Drugs Act.) | Definition adapted from Health Canada: Public Release of Clinical Information, Version 1.0. (12 March 2019). Accessed at: https://www.canada.ca/en/health-canada/services/ drug-health-product-review-approval/profile-public-releaseclinical-information-guidance.html (last accessed 18 March 2021). |
| Commercially confidential information (CCI) | Any information contained in the clinical reports submitted to the European Medicines Agency (EMA) by the applicant/MAH which is not in the public domain or publicly available and where disclosure may undermine the legitimate economic interest of the applicant/MAH. | Definition directly from European Medicines Agency: External guidance on the implementation of the European Medicines Agency policy on the publication of clinical data for medicinal products for human use (Policy 0070), Version 1.4. (9 November 2018). Accessed at: https://www.ema.europa.eu/en/humanregulatory/marketing-authorisation/clinical-data-publication/ support-industry/external-guidance-implementation-europeanmedicines-agency-policy-publication-clinical-data (last accessed 18 March 2021). |
| Data subject | An identified or identifiable natural person to whom a particular piece of data relates. | Definition adapted from PHUSE: Protection of Personal Data in Clinical Documents – A Model Approach, Version 1.0 (10 June 2019). Accessed at: https://phuse.s3.eu-central-1.amazonaws. com/Deliverables/Data+Transparency/Protection+of+Personal +Data+in+Clinical+Documents+A+Model+Approach.pdf (last accessed 18 March 2021). Garfinkel, S. L. (October 2015). ‘De-Identification of Personal Information’. Internal Report 8053. National Institute of Standards and Technology. Accessed at: http://dx.doi. org/10.6028/NIST.IR.8053 (last accessed 18 March 2021). Elliot, M., Mackey, E., O’Hara, K. et al. (2016). The Anonymisation Decision-Making Framework. UK Anonymisation Network. Accessed at: https://eprints.soton. ac.uk/399692/1/The-Anonymisation-Decision-making-Framework.pdf (last accessed 24 March 2021). International Association of Privacy Professionals: Glossary of Privacy Terms. Accessed at: https://iapp.org/resources/glossary (last accessed 22 March 2021). |
| De- identification | A general term for any process of removing the association between a set of identifying data and a data subject present in data or documents. The association between data and subject is removed by modifying (e.g. removing, obscuring, aggregating, altering) identifiable information in structured data and documents. | Definition adapted from PHUSE: Protection of Personal Data in Clinical Documents – A Model Approach, Version 1.0. (10 June 2019). Accessed at: https://phuse.s3.eu-central-1.amazonaws.com/Deliverables/Data+Transparency/Protection+of+Personal+Data+in+Clinical+Documents+A+Model+Approach.pdf (last accessed 18 March 2021). Garfinkel, S. L. (October 2015). ‘De-Identification of Personal Information’. Internal Report 8053. National Institute of Standards and Technology. Accessed at: http://dx.doi.org/10.6028/NIST.IR.8053 (last accessed 18 March 2021). Clinical Data Interchange Standards Consortium: Glossary, V15.0. (18 December 2020). Accessed at: https://www.cdisc.org/standards/glossary (last accessed 24 March 2021). |
Page History
Overview
Content Tools