Você está na página 1de 34

European Commission

Data protection and privacy ethical guidelines

This document was produced on September the 18th 2009 The version of this document is: !"perts #or$ing %roup on data protection and privacy &haired by: &aroline %ans'&ombe Special than$s to the (anel )embers: Andrew Bottomley, Duarte Carvalho-Oliveira, &ostas *+ Charitidis, Eva Del HoyoBarbolla, Anne Demoisy, Anna Giovanetti, Walter Hannak, James Hou hton, David !orton, "ran#ois !outou , Jane $am%rill, Antony $ebeau, David &ownend, and !ary 'har%( ,ery special than$s to the !thics Team : )sidoros *arat+as, !ihalis *ritikos, ,amina Cheikh, -aulette !atkovi. /amire+, !arie Co.0uyt, !ar.o !i.helini, 'te1an de 2os and "ran#ois Hirs.h %eneral disclaimer: this document e"amines the ma-or concepts of data protection and privacy from the point of view of research ethics+ .t aims at raising awareness about these concepts in the scientific community and at assisting applicants while preparing to submit their pro-ect proposals+ .t does not see$ to discuss these concepts in'depth but provides a general overview of their main parameters and some basic suggestions regarding their handling for the purposes of the !uropean &ommission/s !thical 0eview procedure+ This document represents an effort to reflect on the e"perience gained during the operation of the !thics 0eview mechanism and to provide some practical guidance1 thus it will be regularly updated+ The document contains three sections: 3 4( &he 1irst se.tion .onsists o1 an awareness list whi.h .ontains the main 0uestions that need to be taken into a..ount by a%%li.ants when dealin with the data %rote.tion and %riva.y as%e.ts o1 their %ro5e.t - *ll relevant definitions are provided within the glossary below 36( &he se.ond se.tion %rovides a%%li.ants with %ra.ti.al uidan.e 1or the identi1i.ation o1 the %riva.y and data %rote.tion as%e.ts o1 their resear.h %ro%osal( )t su ests how su.h issues need to be dealt with in ea.h se.tion o1 the 7Ethi.al )ssues &able8 alon with a des.ri%tion o1
Data %rote.tion and %riva.y issues ethi.al uidelines -a e 4

the measures that need to be taken in order to .om%ly with the relevant E9 rules( 3 the third se.tion in.ludes a glossary that de1ines the ma5or .on.e%ts that surround the dis.ussion and a%%li.ation o1 data %rote.tion and %riva.y rules 1rom an ethi.al %oint o1 view(

Data %rote.tion and %riva.y issues ethi.al uidelines

-a e 6

Table of &ontents

4 - Awareness list: 4; 0uestions that need to be answered by ea.h a%%li.ant on data %rote.tion and %riva.y issues <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< 6 - Data %rote.tion and %riva.y issues in "-= resear.h %ro%osals <<<<<<<<<<<<<<< 6(4 - How to identi1y the ethi.al as%e.ts o1 the %riva.y and data %rote.tion issues within ea.h %ro5e.t> <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< 6(4(4 ? Data %rote.tion, %riva.y and le al 1ramework <<<<<<<<<<<<<<<<<<<<<<<<< 6(4(6 ? -riva.y and resear.h <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< 6 in "-=>

@ D D D F = = G G G H 4; 44 44 44 46 46 4C 4C 4F

(4(@ )n1ormed .onsent in "-=:<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< 6 (4(@(4 - )n1ormed .onsent is not 5ust about %atients( <<<<<<<<<<<<<<<<<<<<<<<<< 6(4(@(6 ? )n1ormed .onsent %ro.esses <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< A&he CO/D)' do.ument on )C should be .onsidered when lo.atin and dra1tin this do.ument 6(4(@(@ ? -riva.y and <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
ftp:22ftp+cordis+europa+eu2pub2fp32+++2ethics'for'researchers+pdf B



6(4(C ? Dual use: data %rote.tion and e.onomi. intelli en.e( <<<<<<<<<<<<<<<<<<< 6(4(D ? /esear.h involvin develo%in .ountries and data %rote.tion and %riva.y issues( <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< 6(6 ?what are the te.hni.al 0uestions that should be asked within a %ro5e.t in order to dete.t data %rote.tion and %riva.y issues> <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< 6(6(4 Data %ro.essin <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< 6(6(4(4 ? Data stora e <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< 6(6(4(6 Data stru.ture E .ir.ulation trends <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< 6(6(6 /isk mana ement E $e al .om%lian.e <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< @ ? Glossary <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

Data %rote.tion and %riva.y issues ethi.al uidelines

-a e @


? General <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< @(6 &e.hni.al <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

-rin.i%les as%e.ts

Data %rote.tion and %riva.y issues ethi.al uidelines

-a e C

1 ' *wareness list: 10 4uestions that need to be answered on data protection and privacy issues *ll relevant definitions are provided within the glossary below 1 5 #ill any type of personal data be used and2or stored within the framewor$ of the research6 .f 7es 5 *pplicants should move to 4uestion 2 and the relevant bo"es in the !thical .ssues Table need to be tic$ed+ 2 ' #hat $ind of human participants2data are involved within the research6 2.1 - categories of human participants - -atients - Healthy volunteers Arelated to health resear.hB - 2olunteers A1or surveys, et.IB - WorkersJ Ae( (: resear.h lab %ersonnelIB - -arti.i%atin resear.hersJ list - Children - 2ulnerable adults - OthersI((s%e.ial %o%ulation rou%s> Develo%in .ountries> et.( 2.2 - categories of data used - -reviously .olle.ted data Atheir sour.es and usa e historyB &he .ontent o1 the data set needs to be s%e.i1ied and .o%ies o1 a%%ro%riate authori+ations need to be %rovided a..ordin to the le al re0uirements o1 the area where the resear.h is %lanned to take %la.e( 8 5 *re all sensitive data that are planned to be collected really focused on the research 4uestion and is relevant for the foreseeable research6 A%%li.ants will need to eK%lain the reasons behind the %ro%osed data .olle.tion: Data 1rom di11erent sour.es should not be amal amated without makin sure that this a.tion is le ally %ossible, es%e.ially in .ases where a data set mi ht .ontain in1ormation that identi1ies individuals and in1ormation 9 5 :or how long will the collected data be used6 9sa e times need to be s%e.i1ied( On a eneral %oint o1 view, data must be s%e.i1i.ally stored solely 1or as lon as the %ro5e.t lasts( Data usa e beyond the li1e o1 the %ro5e.t is %ossible but must be .losely su%ervised( 5 :or how long will the collected data be stored and when will it be irreversibly destroyed6 Conservation times need to be s%e.i1ied( Destru.tion methods need to be illustrated( &he .osts 1or both o%tions need to be taken into a..ount when estimatin the %ro5e.tJs 1inal bud et(

Data %rote.tion and %riva.y issues ethi.al uidelines

-a e D

; 5 Do the applicants have the necessary legal permission to obtain and process the data6 )1 data are dire.tly athered 1rom individual study %arti.i%ants, is the %lanned in1ormed .onsent system e11e.tive> )n1ormed .onsent 1or the %ro%osed %ro5e.t will be re0uired, even i1 %ersonal data has been .olle.ted in the 1rame o1 %revious resear.h %ro5e.ts: )1 data 1rom a %reviously athered set - either by the a%%li.ant or 1rom another %ro5e.t or %erson ? are used, does the initial in1ormed .onsent .over this .om%lementary use o1 the data, or does the a%%li.ant have to obtain a .om%letely new in1ormed .onsent 1or the %ro%osed study &he a%%li.ants need to dis.uss these o%tions alon with their nationalLlo.al data %rote.tion a en.y( 3 ' <ow will the collected personal data be securely accessed6 'e.ured a..ess %oli.y needs to be worked out and .learly s%e.i1ied( )t needs to be %ro%ortional to the risks involved and the sensitivity o1 the data, and must .learly state the ty%e o1 %ro.esses - su.h as %assword %rote.tion, en.ry%tion, 7need to know basis8 %rin.i%les Ai(e( : only the users that need to a..ess the data will be allowed to do soB,- that will be im%lemented( A'ee lossary 1or a des.ri%tion o1 the di11erent meansB 8 5 <ow will the data be securely stored: data structure and format6 Data stru.tures su.h as databases need to be s%e.i1ied - i1 a%%li.able, it should be s%e.i1ied that identi1i.ation data will be en.ry%ted and stri.tly se%arated 1rom sensitive data su.h as health data Asee lossaryB ? )t should also be s%e.i1ied how the un1oreseen data added durin the resear.h su.h as in.idental 1indin s will be treated( 9 5 <ow will the data be securely stored: location = hardware6 Conservation methods need to be s%e.i1ied( A non-WAM .onne.ted .om%uter server or HA/D disk should be %re1erred( Data should not be stored on a memory sti.k or other easily lostLa..essed media( 10 5 <ow will data transfer be monitored6 &rans1er o1 data outside the E9 needs to be identi1ied and s%e.i1ied( &he handlin %ro.ess should be s%e.i1ied( Data trans1er Abetween whom and whomB within the %ro5e.t, es%e.ially with %artners 1rom non-E9 .ountries Adevelo%ed andLor develo%in .ountriesB must be iven s%e.ial .are due to the variety o1 le al and administrative standards, bearin into mind that .om%lian.e with the relevant E9 rules and internationalLbilateral a reements in.or%orated into E9 law is .om%ulsory( &his is be.ause E9 le islation re0uires that the trans1er o1 data outside Euro%e to be undertaken only to %la.es where there is a lo.al assuran.e by the %ro%er le al authorities that the level o1 data %rote.tion is at least e0uivalent to that o1 the E9 area( A%%li.ants need to .onsider this as%e.t not only between institutions and .om%anies and the like, but also within .om%anies and the resear.h %artnershi% a.ross eo ra%hi.al borders(

Data %rote.tion and %riva.y issues ethi.al uidelines

-a e F

2 ' Data protection and privacy in :(3 research proposals &he %ur%ose o1 this do.ument is to uide a%%li.ants: -in identi1yin %riva.y and data %rote.tion issues within their %ro%osalN -in eK%lainin , in the ethi.s se.tion o1 the a%%li.ation, how su.h issues ou ht to be dealt with within ea.h se.tion o1 the 7Ethi.al )ssues &able8 and -in des.ribin the di11erent measures that mi ht be taken in order to .om%ly with the relevant E9 rules in.ludin the rules o1 submission, anneK AN While %re%arin a %ro%osal, a%%li.ants must .om%lete the %ro5e.tJs 7Ethi.al )ssues &able8( De%endin on the s%e.i1i.ities o1 the %ro ramL.all 1or %ro%osals, 7%riva.y and data %rote.tion8 a%%ear su.h as ' ' ' ' -riva.y Consent Dual 9se /esear.h involvin develo%in .ountries 2+1 ' <ow can the applicant identify the ethical aspects of the privacy and data protection issues within the proposed research6 2+1+1 5 Data protection1 privacy and legal framewor$ On the whole, the way data %rote.tion and %riva.y issues are taken into a..ount and 1ormally treated 1undamentally de%ends on the le al environment o1 ea.h .ountry where the resear.h will take %la.e( However, des%ite the various di11eren.es a.ross the E9, the a%%li.ation o1 Dire.tive HDLCFLEC AData -rote.tion Dire.tiveB uarantees a uni1orm a%%roa.h towards these issues( "or a detailed %i.ture o1 the relevant le al 1ramework, see: http:22ec+europa+eu2-ustice>home2fs-2privacy2law2inde">en+htm+ Ea.h ? ele.troni. or not ? use o1 data in the 1rame o1 the %ro%osed resear.h should .om%ly with the 1ollowin re0uirements: A4B A%%li.ants need to identi1y the a%%ro%riateL.om%etent data %rote.tion authority that will %rovide the relevant authori+ations Aalso when the %ro%osed resear.h is %lanned to take %la.e in develo%in .ountriesB and the %arti.ular a%%li.able lo.alLnational le al re0uirements on data %rote.tion and %riva.y issuesN A6B De%endin on the le al environment, a%%li.ants need to %rovide the a%%ro%riate authority with a detailed des.ri%tion o1 the %ro%osed data .olle.tion Aand their usa eB and the methodolo y that will be em%loyed 1or .olle.tin , usin and storin o1 %ersonal data( !ore in1ormation on the relevant institutional .onta.t %oints Asu.h as the
Data %rote.tion and %riva.y issues ethi.al uidelines -a e =

national and lo.al .om%etent authoritiesB re ardin rules is available in the 1ollowin address: htt%:LLe.(euro%a(euL5usti.e<homeL1s5L%riva.yL

these s%e.i1i.

*pplicants are reminded that compliance with !? rules on data protection and privacy issues is compulsory when applying for !? research funding+ .n case of non'compliance1 applicants incur significant ris$ @e+g+ legal sanction and ethical ramifications such as peer'review difficultiesA+ 2+1+2 ' (rivacy and research in :(3 -riva.y issues arise when data are .olle.ted and stored( &he handlin o1 di ital %ersonal data is o1 ma5or .on.ern be.ause o1 the %ro.essin %ossibilities and the %otential to link vast amounts o1 %ersonal data( &his in1ormation .an be %rovided 1rom a variety o1 sour.es and in various 1ormats su.h as: 4( Health related re.ords Ae( ( %atient re.ords, hos%ital in1ormation re.ords, biolo i.al traits and eneti. materialBN 6( Criminal re.ords or le al 5usti.e investi ations and %ro.eedin sN @( 'tate related re.ords, e( ( taK 1ilin sN C( Cir.ulationLtravel re.ords su.h as visasN D( /esiden.e or various re.ordin sN eo ra%hi. re.ordin s, e( ( G-' lo.ali+ation

F( Bank re.ords, 1inan.ial transa.tions re.ordsN =( Ethni., reli ious, dietary or seKual li1e style identi1i.ation re.ordsN G( )ndividual Aor .olle.tiveB day-to-day behaviour studiesN On the whole, %riva.y .on.erns any data whi.h, either alone or when linked to other, relate to an identi1iable individual or individuals( &here is a reasonableness test involved in the linkin o1 data as any data .ould %otentially be linked to ether to identi1y an individual( )1 su.h in1ormation is .olle.ted, then the data is sub5e.t to the relevant E9 data %rote.tion standards( "urthermore, a%%li.ants should ask themselves about whether the data, whi.h is %lanned to be .olle.ted within the resear.h %ro5e.t- really, needed 1or the %ro%er .om%letion o1 the resear.h( &he .olle.tion and use o1 )D E more enerally %rivate in1ormation must be redu.ed to a minimum on a 7need to use basis8 in order to ensure %arti.i%ant sa1ety, an inter%retation o1 results, a treatment o1 in.idental 1indin s and a stri.t %rote.tion o1 the %arti.i%antJs data(

Data %rote.tion and %riva.y issues ethi.al uidelines

-a e G

2 +1+8 ' .nformed consent in :(3 research pro-ects 2+1+8+1 5 (rivacy and informed consent By si nin in1ormed .onsent do.uments, resear.h %arti.i%ants a ree to a .ontrolled brea.h o1 their %riva.y 1or a s%e.i1i. %ur%ose and a s%e.i1i. %eriod o1 time( )n .ase an individual does not a ree with su.h a tem%orary brea.h, heLshe retains the ri ht to withdraw( Individuals need to be aware of the: 1. 2. . ". methods used for handling personal data justification for requesting/obtaining their data; duration of data use and storage!; guarantees concerning the rightful use of data;

&here1ore, any resear.h a.tion that mi ht im%ede %riva.y re0uires in1ormed .onsent( &his means, that, in the Ethi.al )ssues &able i1 the a%%li.ant ti.ks one o1 the two %riva.y to%i.s, the 7in1ormed .onsent8 se.tion also needs to be ti.ked( 2 +1+8+2 ' .nformed consent is not -ust about patients+ "rom a data %rote.tion and %riva.y issues %oint o1 view, all study %arti.i%ants %resent in a resear.h %ro5e.t need to be in1ormed about the %lanned resear.h use o1 the .olle.ted data inde%endently o1 the ty%e o1 data .olle.ted( &hus, i1 a .onsumer survey is %lanned within a %ro5e.t, %arti.i%ants to the survey need not only to be in1ormed o1 how their %ersonal data is %lanned to be handled, but also to %rovide a%%ro%riate authorisation( "urthermore, the desi n o1 the survey must uarantee that only data s%e.i1i.ally re0uired 1or the %ur%oses o1 the resear.h %ro5e.t will be athered Aunless .learly stated otherwiseB(

2+1+8+8 5 .nformed consent processes "urther in1ormation on in1ormed .onsent .an be 1ound in the glossary below and within the "-= Ethi.al Guidelines on the Cordis website: htt%:LL.ordis(euro%a(euL1%=Lethi.s<en(html The main aspects of B.nformed consent are the following:C 1+ The potential participant must be given sufficient information in order to be able to ma$e a choice of whether or not to participate that is based on an understanding of the ris$s and alternatives in an environment1 which is free from any coercionD

Data %rote.tion and %riva.y issues ethi.al uidelines

-a e H

2+ The decision of the potential participant on the consent issue must be evidenced+ The participant needs to agree that her2his data will be used for a specific research scope and is aware of the meaning of such useD When writin a resear.h %ro%osal, a%%li.ants must show a detailed understandin o1 the nature o1 the in1ormation that should be %rovided to the %otential %arti.i%ants( &his in1ormation must be written in a way that will be understandable to the %eo%le who are to be a%%roa.hed as %arti.i%antsN their de.ision should be based on 1ree will ? i(e( the %arti.i%antJs de.ision not to %arti.i%ate in a survey should not .reate any ne ative .onse0uen.es( -erha%s the most .onvenient way to show this is to %rodu.e a dra1t in1ormation sheet and atta.h the in1ormed .onsent %roto.ol to the a%%li.ation( )1 a%%li.ants wish to in.lude either .hildren or adults who are 5ud ed not to have le al .om%eten.e to .onsent 1or themselves in order to %arti.i%ate in resear.h %ro5e.ts, they must %rove A4B that the in.lusion o1 su.h %arti.i%ants is ne.essary, and A6B that the %eo%le who are le ally res%onsibility 1or them have su11i.ient in1ormation that allows them to make the in1ormed .onsent .hoi.e on their behal1 and in their best interests( What is re0uired 1or ea.h %rivate data user in order to be .om%liant with the relevant E9 and international law is s%e.i1ied here: htt%:LLe.(euro%a(euL5usti.e<homeL1s5L%riva.yL( A%%li.ants must %rovide the Euro%ean Commission with the needed %a%er trail and eviden.e su.h as sam%le in1ormation sheets Awhi.h must be se.ured to the .onsentLassent 1ormsB, sam%le .onsent 1orm andLor eK%lain how they will obtain the %ro%er authori+ations or .om%lian.e do.uments 1rom their lo.al or .om%etent authorities( 2+1+9 5 .mproper use and data protection )denti1yin the %otential im%ro%er use o1 data is a ma5or 0uestion as any %otential misuse o1 in1ormation mi ht have uneK%e.ted .onse0uen.es( Case studies show that what seems to be unlinked in1ormation .an sometime .ause im%ortant side e11e.ts as sensitive or %ersonal in1ormation taken out o1 .onteKt .an lead to data brea.h( )n addition, there is resear.h that does %ose the %otential 1or a dual use, and it is the res%onsibility o1 resear.hers to .onsider i1 su.h a %ossibility eKists and what %ro%ortional res%onse is there1ore needed( A%%li.ants there1ore need to anti.i%ate i1 the data they %lan to .olle.t .ould be used in a di11erent .onteKt than the one .ontained in the ori inal %roto.ol thus a%%roa.hin su.h data as eKtremely sensitive( A review o1 .urrent le islation on dual use .an be 1ound at: https:22www+grip'publications+eu2bdg2g1088+html Ouestions that need to be answered by a%%li.ants: 4( Can the data obtained within the %ro5e.t have another, reasonably 1oreseeable, usa e> 6( )1 this is the .ase, whi.h sa1e uard measures will %ut in %la.e so as to %rote.t and .ontrol data 1low>
Data %rote.tion and %riva.y issues ethi.al uidelines -a e 4;

@( Have the ne.essary authori+ations 1or data .ir.ulation obtained> Who shall be .onta.ted to assess this need> 2+1+ 5 0esearch1 data protection and privacy issues involving non !? )ember States and developing countries1 A%%li.ants must 1ollow within their %ro5e.t the E9 le al 1rameworkN these standards should also a%%ly to %arti.i%ants 1rom develo%in .ountries 6( &o that end, a%%li.ants need to be %arti.ularly .autious .on.ernin the 7use o1 lo.al resour.es8 se.tion in the Ethi.al )ssues 1orm( &his should in.lude an eK%li.it eK%lanation about the %rote.tion and %ro%er handlin o1 %ersonal data in develo%in .ountries should be sa1e uarded( &here1ore, i1 this boK is ti.ked, a%%li.ants must eK%lain how they are %lannin to ta.kle data %rote.tion and %riva.y issues that relate only to resear.h %er1ormed in develo%in .ountries( All measures outlined in the above se.tions must a%%ly also when non-E9 !ember 'tates are involved( -rior to any trans1er o1 data outside the EC !ember 'tates, a%%li.ants should make sure that the %la.e where the data is to be sent has a data %rote.tion re ime in %la.e that is at least as solid as that re0uired in the E9, or at least .on1orm to the Data -rote.tion Dire.tiveJs re0uirements( )t must also be stressed that this se.tion 1o.uses on dataJs eo ra%hi.al movement( &here1ore, even i1 data is trans1erred within the same .om%any or resear.h .onsortium, i1 su.h a trans1er o..urs by .rossin eo ra%hi.al boundaries, the issue is relevant( A%%li.ants should seek advi.e on the issue 1rom their lo.al data %rote.tion authority( Ouestions that need to be answered by the a%%li.ants are: 4( Does any o1 the resear.h data .ome 1rom a develo%in e.onomi. transition .ountry> or under

6( Will any o1 the resear.h out.omes to be im%lemented within the %ro5e.t in.lude a develo%in .ountry and the de%loyment o1 any kind o1 %ersonal data> @( Do any o1 the resour.es the %ro5e.t is %lannin develo%in .ountry> to use .ome 1rom a and

C( )1 this is the .ase, have the ne.essary measures 1or %rote.tin .ontrollin data and ? i1 needed ? %riva.y been desi ned> D( Will any data athered be trans1erred to a non EC !ember 'tate>

F( What are the data %riva.y standards in the .ountry where the data are obtained> How .ould the %ro5e.t a%%ly best %ra.ti.es 1or data stora e and %ro.essin in that .ountry> =( Whi.h ty%e o1 data is bein trans1erred>

"or 1urther re1eren.es, %lease .onsult the 1ollowin do.uments : ec.europa.eu/european#group#ethics/docs/avis1$#en.pdf


"urther readin on develo%in .ountries : htt%:LLhdr(und%(or LenLstatisti.sL -a e 44

Data %rote.tion and %riva.y issues ethi.al uidelines

G( Have the resear.h %arti.i%ants been in1ormed that their data may be trans1erred to another .ountry where data %rote.tion is not as ri orous as the E9> 2+2 5#hat are the technical 4uestions that should be as$ed in order to detect data protection and privacy issues within a pro-ect6 This section is dedicated to the technical aspects of data protection and privacy+ At this %oint it mi ht be needed to take on board the universityJsL.om%anyJs, resear.h .entreJs Chie1 &e.hni.al O11i.er AC&OB L )& mana er i1 available(

2+2+1 ' Data processing 2+2+1+1 5 Data storage Data stora e must be se.ured so as 1or the data not to be.ome a..essible to unwanted third %arties and to be %rote.ted a ainst disaster and risk( &o that end, the 1ollowin to%i.s should be .onsidered: 4( Where is the data stored> Data must be stored within a se.ured environment( )1 stored ele.troni.ally, this must be a ma.hine, or set o1 ma.hines lo.ated in a %hysi.ally se.ured environment ? with .ontrolled a..ess - as well as te.hni.ally se.ured: %ro%er tem%erature .ontrol, et.( 6( On whi.h hardware ty%e is the data stored: %a%er, disk, removable devi.e> Considerin the nature o1 the data used in the %ro5e.t: what will the ada%ted se.urity %ro.esses to be 1ollowed> How do they uarantee .on1identiality o1 data> @( Who has a..ess to the data> Can the data be a..essed by any third %arty> Can the data be .o%ied by any third %arty> C( "or how lon will the data be stored, a..essed> What will ha%%en to the data a1ter the end o1 the study: duration o1 stora e should be 5usti1ied( Destru.tion at the .onvenien.e o1 the resear.her would a%%ear insu11i.ient, unless .learly stated in the .onsent 1orm and the a%%roval o1 the lo.al .om%etent authority( 'u.h deletion o1 data should be de1ined as irreversible, or reversible( D( )1 stored on a ma.hine, is the stora e ma.hineLserver e0ui%%ed with: Wi1i Bluetooth 9'B drive On the whole, devi.es that mi ht ease data du%li.ation o1 .ir.ulationI
-a e 46

Data %rote.tion and %riva.y issues ethi.al uidelines

F( What data ba.ku% %oli.ies and %ro.esses will be im%lemented> Answerin these 0uestions will hel% the a%%li.ants assess the data %rote.tion and %riva.y risks within the %ro5e.t and there1ore %rovide a state o1 the art risk mana ement %oli.y( 2+2+1+2 ' Data structure = circulation trends: Data is a 7livin material(8 Data is su%%osed to be .ir.ulated between and modi1ied by di11erent users within a multi-a.tor resear.h %ro5e.t, whi.h raises issues o1 %otential malevolent usa e( &he %otential misuse o1 data .an be %revented by: /enderin data a..ess di11i.ult to, or unusable by, unwanted AmalevolentB third %artiesN Be.omin aware o1 all data .ir.ulation trends A.ross border .ir.ulation, .ir.ulation within the %ro5e.tBN -rovidin a data-%rote.tedLse.ure le al and te.hni.al environment in .om%lian.e with the )'OL)EC 6=;;4:6;;D standards@(

To that end1 the following 4uestions need to be answered by the applicants: 4( How is the data stru.tured and or anised> - Does one database .ontains the entirety o1 the resear.h data> - Are )D-related in1ormation ke%t in se%arate databases 1rom other in1ormation ty%es in order to ensure that no %ersonal data is obtained without the %ro%er authorisation o1 the relevant resear.h sub5e.ts> 6( Will the data be .ir.ulated 1rom one resear.h %artner to another within the %ro5e.t> Will the data be %rovided to any third %arty> Will the data be .ir.ulated within the E9, be trans1erred to non-E9 .ountries Adevelo%in .ountriesB> )s this data .ir.ulation stri.tly needed> )1, yes a data .ir.ulation %lan should be %rovided> @( )n .om%lian.e with .SE2.!& 230011 is any en.ry%tion %ro.ess needed> Why> What will be the en.ry%tion strate y 1ollowed .onsiderin the %ro5e.tJs needs> )n other words - i1 the data is to be used 1or several %ur%oses - is it %ro%erly trun.ated in order to avoid ? voluntary or involuntary - im%ro%er use( A%%li.ants must be aware that )& O11i.ers may be able to %rovide uidan.e on these issues( 2+2+2 ' 0is$ management = Fegal compliance

htt%:LLwww(iso(or LisoL.atalo ue<detail>.snumberPC64;@ -a e 4@

Data %rote.tion and %riva.y issues ethi.al uidelines

4?Are all %arti.i%ants to the %ro5e.t aware o1 the issues beyond data %rote.tion and %riva.y des.ribed above> Are they su11i.iently trained to handle data %rote.tion and %riva.y within their resear.h %ro5e.t> Does the %ro5e.t in.lude s%e.i1i. trainin on these to%i.s> )s this demonstrated throu h a s%e.i1i. work %a.ka e> A.tions should be taken within the %ro5e.t to ensure that those handlin sub5e.ts identi1iable or sensitive in1ormation are made 1ully aware o1 their res%onsibilities and obli ations to res%e.t .on1identiality in .om%lian.e with market standards and best %ra.ti.es Ae( ( :)'OL)EC 6=;;4:6;;DB( Does a s%e.i1i. .ontra.tual %ro.edure eKist to uarantee .on1identiality> Does the %ro5e.tJs bud et anti.i%ate su11i.ient 1inan.ial 1unds that .an uarantee .om%lian.e with the set data .ontrol standards> 6 ? Are all %arti.i%ants aware o1 the le al re0uirements surroundin use o1 %rivate data under an ele.troni. 1orm> the

&he vast ma5ority o1 the E9 members and %artners states have im%lemented re ulations .on.ernin data %rote.tion issues( &he 1ull teKt o1 these rules .an be 1ound in the 1ollowin web-address: htt%:LLe.(euro%a(euL5usti.e<homeL1s5L%riva.yL and htt%:LLwww(%riva.y.on1eren.e6;;H(or L%riva.y.on16;;HLhomeLindeK-idenidim%(html @ ? Has the re0uired authori+ation 1or data usa e been re0uested> &he re0uired %ermits demonstrate .om%lian.e to the relevant E9 Dire.tives and /e ulations( &he do.uments that need to be issued in.lude: 1+ data usa e in1ormation sheet eK%lainin to &he Euro%ean Commission how the obtained data is %lanned to be stored, used, et.I 2+ in1ormed .onsent 1orms Aor assent 1rom a .hildLyoun %ersonB, that is to be si ned by the %arti.i%antsLresear.h sub5e.ts either in %a%er or ele.troni.ally Avia a s%e.i1i. %ro.ess su.h as an o%t-in, ele.troni. si natureB &he %arti.i%antsLresear.h sub5e.ts need to a ree that hisLher data will be used 1or a s%e.i1i. resear.h %ur%ose and is aware o1 the 1uture im%li.ation o1 su.h use( "or more on this sub5e.t, %lease re1er to the 7in1orm .onsent se.tion above( 8+ whatever the ty%e o1 resear.h, lo.alLMational authorisation or at least a %a%er trail eviden.e do.ument showin that the %ro%er authority has been .onta.ted, and 1or .ountries where su.h an authority has not been established, a sam%le .onsortium a reement demonstratin how the %ro5e.t will .om%ly with E9 law and .ontainin re.ommendations on these %oints and what will be the o11i.ial and national re1erent on this uarantee( )1 a%%li.able, the do.uments throu h whi.h the relevant data %rote.tion and %riva.y authority is .onta.ted should state that no answer 1rom the so .alled authority within a %eriod o1 time im%lies that the intended data %rote.tion and %riva.y sa1e uard %ro.ess is a..e%ted by them(

Data %rote.tion and %riva.y issues ethi.al uidelines

-a e 4C

8 ' %lossary %eneral disclaimer: this glossary summariGes the ma-or concepts of data protection and privacy on an ethical point of view+ .t does not aim to ta$e into account these concepts in'depth but gives a general definition in order to provide a good understanding of them+ :urthermore1 if some concepts are omitted this does not mean they should not be considered if there are ethical issues specific to your pro-ect+ This glossary is a continuous pro-ect which will be amended by the !uropean &ommission from time to time+ The glossary is built around two separate sections: 1 ' %eneral principles of data protection and privacy 2 ' Technical aspects 8+1 5 %eneral (rinciples

*ssent is voluntary %ermission iven by one who is under the a e o1 .onsent with no le al status( A!inorB Ca%a.ity and .om%eten.e to assent varies with a e, .o nitive develo%ment, eK%erien.e o1 illness and .ountry re0uirements( Where sensitive in1ormation 1rom adoles.ents is to be .olle.ted, Ai(e( about seKual behaviour, %re nan.y, or use o1 re.reational dru sB it must be .are1ully evaluated i1 %arents or le al re%resentatives should be in1ormed( Cultural, so.ial and ethi.s .ommittee o%inions will vary between !ember 'tates( Absolutely no indu.ement 1inan.ial or other %ressures are allowed to be %la.ed on the investi ators, .hildren or their %arentsL uardians to %ersuade .hildren to %arti.i%ate in resear.h Consent and assent must be voluntary and as 1ully in1ormed as %ossible and be %art o1 a .ontinuous %ro.ess, not 5ust a si nature on a %ie.e o1 %a%er at the be innin o1 a resear.h %ro5e.t( "inally, the enrolment strate ies 1or the %arti.i%ants should be eK%lained in lan ua e they .an understand( Data transfer: transmission o1 data or data su%%ort between in1ormation systems throu h any sort o1 media Data privacy: Data %riva.y involves the ri ht o1 any individuals to eK%e.t that %ersonal in1ormation .olle.ted about them will be %ro.essed se.urely and will not be disseminated in any 1orm without their written .onsent( "urthermore, data %riva.y must not be sub5e.t to Qmission .ree%Q( Data protection: Data %rote.tion .onsists o1 a 1ramework o1 se.urity measures desi ned to uarantee that data are handled in su.h a manner as to ensure that they are sa1e 1rom un1oreseen, unintended, unwanted or malevolent use( Data %rote.tion is the te.hni.al me.hanism to ensure data %riva.y( Data %rote.tion .on.erns:
Data %rote.tion and %riva.y issues ethi.al uidelines -a e 4D

- A..ess to data: who has the ri ht to a..ess ea.h data set> How is this data a..essed> )s a..ess to the data %ro%erly lo ed and %rote.ted> - Conservation o1 the data: where, how and 1or how lon are the data stored and ar.hived> Are the data stored raw, anonymised, stru.tured, or en.ry%ted> - A..ura.y: is there ade0uate de-multi%li.ation and re.overy o1 the data> Are the data %ro%erly u%dated when a%%li.able and a..ordin to the study %roto.ol> !aintained a..urately> Are the data %ro%erly %reserved a ainst %otential disaster Adata lo.ationB> Data %rote.tion .on.erns all a.tions de%loyed in order to ensure the law1ul availability and inte rity o1 the data( Data %rote.tion also addresses the %otential 1or intended data trans1er outside le ally de1ined boundaries that would re0uire in1ormed .onsent and that variability o1 national re ulations 1or the issue be taken into a..ount( Duration o1 data %rote.tion and means o1 irreversible data removal, i1 and when intended, should be .learly de1ined in the resear.h %roto.ol and in the %arti.i%ant in1ormation sheet( .nformed &onsent: )n1ormed .onsent is when it .an be said with as mu.h .ertainty as %ossible that a %erson has 1reely iven .onsent based u%on understandin as 1ar as %ossible the aims, risks, bene1its o1 the %roto.ol and a willin ness to %er1orm resear.h obli ations( )t is an a reement to do somethin or to allow somethin to ha%%en, made with .om%lete knowled e o1 all relevant 1a.ts, su.h as the risks involved or any available alternatives( Durin the in1ormed .onsent %ro.ess, it should be indi.ated who should be .onta.ted in .ase o1 uneK%e.ted events, withdrawal or askin %ertinent 0uestions about the resear.h( /e1usal to %arti.i%ate should involve no %enalty or loss o1 bene1its to whi.h the %arti.i%ant is otherwise entitled( Eviden.e o1 .onsent needs to be .lear and indis%utable, 1or eKam%le a si ned %a%er de.laration or a .erti1ied dematerialised do.ument usin s%e.i1i. identi1i.ation %ro.esses su.h as o%t-in or ele.troni. .erti1i.ates and si natures must be %rovided( )n1ormed Consent is a voluntary %ositive a reement by someone o1 le al a e and ability who has understood the in1ormation, the im%li.ations, risks and bene1its o1 the resear.h and willin ly a reed to %arti.i%ate( -arti.i%ants are in1ormed that they .an withdraw at any time without havin to %rovide a reason knowin that their withdrawal will not disadvanta e their usual relationshi% with the investi ator or the eventual bene1its linked to their 1ormer %arti.i%ation( A%%li.ants should also .onsider how they will be able to show that the level o1 in1ormation was su11i.ient to allow the %arti.ular %arti.i%ants to understand the risks Ai(e( to eviden.e not 5ust their R.onsentJ but their Rin1ormedJ .onsentB( &he im%ortant as%e.t is that the %arti.i%ant needs to a ree that herLhis data will be used within a s%e.i1i. s.o%e o1 resear.h and is aware o1 the meanin o1 su.h use( &he in1ormed .onsent should in.lude in1ormation about how the %arti.i%antJs %riva.y and data will be %rote.ted( A'ee 1urther in this do.umentB Mo %ersonal or health re.ord in1ormation may be taken or stored 1rom the %arti.i%ant without their written in1ormed .onsent
Data %rote.tion and %riva.y issues ethi.al uidelines -a e 4F

!inors, .hildren and vulnerable %ersons are %rote.ted as .onsent must be asked, and iven on their behal1 by a %arentL uardian or le al re%resentative( However, .onsent bein a .ontinuous %ro.ess in time, su.h .onsent must not be im%osed inde1initely on them and must be re asked, 1or eKam%le 1or .hildren when their rea.h le al ma5ority( EK.e%t in emer en.y .ases, in1ormed .onsent must be sou ht within su11i.ient timeC, as the %atients or healthy volunteers envisa ed to %arti.i%ate to the %ro5e.t may wish to think about their de.isions and dis.uss it with others( Any %ressure to %arti.i%ate should be avoided( -re1erably, inde%endent eK%ertAsB should be made available 1or answerin 0uestions %rior to si nin the .onsent 1orms and .onse0uently the be innin o1 the intended intervention or enrolment( &he level at whi.h this should o%erate is not 1iKed, as in so mu.h law the issue is one o1 %ro%ortionality to the risks involved and the sensitivity o1 the data, so a%%li.ants may need to ba.k u% their 5ud ment with the o%inions o1 other eK%erts in ethi.s and law( "urther in1ormation on in1ormed .onsent .an be 1ound within the "-= Ethi.al Guidelines on the Cordis website: htt%:LL.ordis(euro%a(euL1%=Lethi.s<en(html .nternational Data Transfer: Data %ro.essin trans1er outside the Euro%ean E.onomi. Area( that entails a data

(ersonal Data: .onsist o1 in1ormation relatin to an identi1ied or identi1iable %erson ASdata 'ub5e.tS or resear.h %arti.i%antBN An identi1iable %erson is one who .an be identi1ied, dire.tly or indire.tly, in %arti.ular by re1eren.e to an identi1i.ation number or to one or more 1a.tors s%e.i1i. to his %hysi.al a%%earan.e, %hysiolo i.al, mental, e.onomi., .ultural or so.ial identityN (rocessing of personal data/ AS%ro.essin SB .onsists o1 any o%eration or set o1 o%erations whi.h is %er1ormed on %ersonal data, whether or not by automati. means, su.h as .olle.tion, re.ordin , or anisation, stora e, ada%tation or alteration, retrieval, .onsultation, use, dis.losure by transmission, dissemination or otherwise makin available, ali nment or .ombination, blo.kin , erasure or destru.tionN (rivacy is a 1undamental %art o1 human di nity( )t is the human ri ht to re1use inter1eren.e by others in oneJs li1e: it de1ines the eKtent to whi.h others .an demand in1ormation or make .hoi.es bindin another( )t enables individuals to eKer.ise .ontrol over the dis.losure o1 their in1ormation and over de.ision-makin by them and about them( )t is a ri ht that .an be .laimed by rou%s o1 individuals to ether( Where an individual is in.a%a.itated, his or her %riva.y .an be sa1e uarded by that individualJs le ally authori+ed re%resentative( )n resear.h, there1ore, res%e.t 1or an individualJs %riva.y is sa1e uarded throu h a number o1 me.hanisms, in.ludin data %rote.tion, and in1ormed .onsentLassent %ro.edures, enablin individuals to .hoose whether or not to %arti.i%ate in a study and to see the terms under whi.h their involvement is a reed( )t is monitored by

Best %ra.ti.es su be built in(

est ,at least a minimum o1 1ull three days noti.e( A real R.oolin o11 %eriodJ should -a e 4=

Data %rote.tion and %riva.y issues ethi.al uidelines

4( resear.h ethi.s .ommittees Athrou h s.rutiny o1 resear.h %ro%osals and, sometimes, on- oin reviewB, 6( by the %ro.ess o1 law, @( and most im%ortantly, by sel1-%rote.tion by the individuals throu h their awareness o1 the resear.h( (rivate information .an be derived 1rom various sour.es and 1ormats( )t may in.lude sensitive in1ormation like : Health-related re.ords Ae( ( %atient re.ords, bio ra%hi. data , medi.al %hoto ra%hs , diet in1ormation, hos%ital in1ormation re.ords, biolo i.al traits and eneti. materialBN Criminal re.ords or le al 5usti.e investi ations and %ro.eedin sN 'taterelated re.ords su.h as taK 1illin sN Cir.ulation re.ords su.h as visasN residen.e or various eo ra%hi. re.ordin s su.h as G-' satellite lo.ali+ation re.ordin sN bank re.ordN 1inan.ial transa.tions re.ords, as well as reli ious belie1s, seKual orientation, ethni. identi1i.ation re.ords( E0ually, it .an in.lude more eneral in1ormation about individuals( 9sually, data are .lassi1ied a..ordin to their level o1 im%ortan.e so that users are aware o1 the ty%e o1 data that is bein .olle.ted and %rote.ted( )1 %rivate A%ersonalB data are .olle.ted, they must be stored in a se.ure manner and their a..ess %rote.ted in order to avoid im%ro%er dis.losure( &hese %ro.esses are .alled data protection+ 8+2 ' Technical aspects B*nonymisationC1 BpseudonymisationC and BidentifiabilityC: RAnonymousJ o1ten means data whi.h does not identi1y an individualN RanonymisedJ means data whi.h has been rendered anonymousN R%seudonymisedJ and R.odedJ means data where obvious identi1iers Ae( ( names and addressesB have been re%la.ed with indire.t identi1iers Ae( ( numbersB in the main data set and the indire.t identi1iers are then held with the obvious identi1iers in a se%arate data set Aknown as the RkeyJB( However, the .on.e%t o%eratin in Euro%ean data %rote.tion law is the Ridenti1iabilityJ o1 an individual 1rom the data( "or Euro%ean data %rote.tion law to bind resear.h on %ersonal and sensitive %ersonal data one must ask: is the individual identi1ied either immediately 1rom the data or when that data are .ombined with other data in the hands o1 another %erson( &his .ombination eKtends only to reasonably 1oreseeable linkin s o1 data( &here1ore, data whi.h is athered anonymously without any identi1iers will be outside the s.o%e o1 Euro%ean data %rote.tion lawN data whi.h is %seudonymised or .oded will be within the s.o%e o1 the law as it is %ossible to reintrodu.e the two se%arate data sets and identi1y individualsN data whi.h was athered as identi1iable data and then anonymised is sub5e.t to the data %rote.tion le islation when it .ontains identi1iable data Amost im%ortantly at the %oint o1 atherin the data, re0uirin the dis.losure by the resear.her to the resear.h %arti.i%ant o1 in1ormation in.ludin the %ur%ose o1 the %ro.essin and .onta.t detailsB( *uthentication: A %ro.ess o1 %rovin the identity o1 a .om%uter or .om%uter user( "or users, it enerally involves user name, %assword, ele.troni. .erti1i.atesI Com%uters usually %ass a .ode that identi1ies that they are %art o1 a network( )n kee%in data %riva.y it is essential to ensure that the data, transa.tions, .ommuni.ations or do.uments Aele.troni. or %hysi.alB are enuine( )t is also im%ortant 1or authenti.ity to validate that both %arties involved are who they .laim they are( Hac$up = deletion:
Data %rote.tion and %riva.y issues ethi.al uidelines -a e 4G

*ll processes ensuring that a copy e"ists in case of loss of the original data through accidental deletion+ Some e"amples are listed below: Disaster recovery: Disaster re.overy involves the %ro.esses, %oli.ies and %ro.edures in.ludin ba.ku%s that are related to %re%arin 1or the re.overy or .ontinuation o1 te.hnolo y in1rastru.ture .riti.al to an or ani+ation a1ter a natural or human-indu.ed disaster( - Database Shadowing: A data ba.ku% strate y in whi.h a 1ull .o%y o1 the userJs database is maintained at a remote data .entre( 9%date transa.tions to the %rimary database tri er a transmission and similar u%date to the remote database( A su..ess1ul re.overy is %ossible 1rom near 1ailure usin the shadowed database( - Data SynchroniGation: &he %ro.ess o1 a..urately re%rodu.in the state o1 .riti.al in1ormation and data to a %redetermined %oint in time be1ore an interru%tion o..urred( - Data #iping: Data wi%in is the %ro.ess o1 irreversibly deletin or erasin all data beyond re.overy without destru.tion( )t is te.hni.ally di11i.ult to truly delete in1ormation 1rom a .om%uter( Great .are must be taken when a .om%uter %reviously used 1or resear.h data is reused 1or other %ur%ose that no remainin identi1iable data remains Hrute':orce *ttac$: Brute-"or.e Atta.k is the most widely known %assword .ra.kin te.hni0ue( )t is a method o1 de1eatin an en.ry%tion or authenti.ation system by systemati.ally tryin every %ossible .ode, .ombination or %assword until the ri ht one is 1ound( )t is also known as an eKhaustive sear.h( &onfidentiality: Con1identiality is the basis o1 trust between %arties that %revents dis.losure o1 any data or in1ormation to unauthori+ed individuals or systems( &ryptography: Cry%to ra%hy is the study and %ra.ti.e o1 hidin in1ormation( )t is a %ro.ess that assembles %rin.i%les, means, and methods 1or the trans1ormation o1 in1ormation in order to hide its .ontent, %revent its undete.ted modi1i.ation andLor %revent its unauthori+ed use( )t .onsists o1 trans1ormin .lear, meanin 1ul in1ormation unintelli ible, or .i%hered, 1orm usin an al orithm andLor a key( into an

Data Theft: Data the1t is the a.t o1 stealin any data 1or %ur%oses and re.i%ients other than those intended ori inally( &his .ould be a.hieved internally by a..ess to .on1idential data stora e systemsLinse.ure %a%er re.ords( Data the1t has be.ome an in.reasin %roblem with the develo%ment o1 removable media devi.es, whi.h are be.omin smaller in si+e with in.reased hard drive .a%a.ity( 'everal ty%es o1 data the1t eKist su.h as 7thumb su.kin 8 whi.h is the intentional or unintentional use o1 a %ortable 9'B mass stora e devi.e to illi.itly download .on1idential data 1rom a network end%oint, 7m%@ slur%in 8 whi.h is the a.t o1 usin a %ortable data stora e devi.e su.h as an m%@ to illi.itly download lar e 0uantities o1 data by dire.tly %lu in it into a .om%uter or 7Bluesnar1in 8 whi.h is the unauthori+ed a..ess to
Data %rote.tion and %riva.y issues ethi.al uidelines -a e 4H

in1ormation 1rom a wireless devi.e throu h a Bluetooth .onne.tion, usin , 1or eKam%le, mobile %hones( Data Hreach: Data brea.h involves the unauthori+ed dis.losure o1 in1ormation that .om%romises the se.urity, .on1identiality or inte rity o1 %ersonally identi1iable in1ormation( !lectronic signature2certificate: is any le ally re.o ni+ed ele.troni. means that indi.ates that a %erson ado%ts the .ontents o1 an ele.troni. messa e !ncryption Within the 1ramework o1 data %rote.tion, En.ry%tion is an ele.troni. %ro.edure 1or trans1ormin in1ormation throu h .ry%to ra%hy( &he level o1 %rote.tion %rovided by en.ry%tion is determined by an en.ry%tion al orithm whose stren th is measured by the number and si+e o1 %ossible .ode keys( :ile loc$ing: "ile lo.kin is a te.hni.al me.hanism that restri.ts a..ess to a .om%uter 1ile by only allowin one user or %ro.ess a..ess at any s%e.i1i. time( &he %ur%ose o1 lo.kin is to %revent unauthorised u%datin or inter1eren.e with 1inal data( "ile lo.kin en1or.es the seriali+ation o1 u%date %ro.esses to any iven 1ile( One use o1 1ile lo.kin is in database maintenan.e where it .an seriali+e a..ess to the entire %hysi.al 1ile underlyin a database( .dentity theft @or I)d &he1t8B: &his o..urs when someone a.0uires %ersonal identi1iers in order to im%ersonate someone else with the ob5e.tive o1 stealin money, .on.ealin him AherB sel1 1rom authorities or obtainin other bene1its( &he %erson whose identity is used .an su11er various .onse0uen.es when he or she is held res%onsible 1or the %er%etratorSs a.tions( )t is believed to be one o1 the easiest ways to break se.urity( .ntegrity: is the %ro%erty that ensures that data is not modi1ied without authori+ation )ission creep: &his means in1ormation bein .olle.ted with %ermission 1or one %ur%ose and bein used without %ermission 1or another reason( Need to know basisJ principles: when a..ess to the in1ormation must be ne.essary 1or the .ondu.t o1 oneSs o11i.ial duties( Kon'repudiation: in a .om%uter s.ien.e sense, is a %ro.ess throu h whi.h no user .an deny either sendin or re.eivin an ele.troni. transa.tion( (assword: in .om%uter s.ien.e, a %assword is a se.ret word or strin o1 .hara.ters that is used 1or authenti.ation, to %rove identity or ain a..ess to a resour.e A..ordin to .om%uter se.urity eK%erts should ideally .ontain a miK o1 letters, .hara.ters and numbers and be at least 4D di its lon ( 0ecord Foc$ing: 'imilarly to "ile $o.kin , /e.ord $o.kin is a method o1 mana in shared data on a network by %reventin more than one user 1rom a..essin the same se ment o1 data at the same time( )n a multiuser system, when one %erson is modi1yin a re.ord, the re.ord lo.kin
Data %rote.tion and %riva.y issues ethi.al uidelines -a e 6;

%ro%erties .an be set so as to lo.k other users out o1 the re.ord or to veri1y .han es made when two users edit the same re.ord at the same time( Social engineering: )t is a method o1 a..essin %rivile ed in1ormation about a .om%uter system or %rote.ted data by an unauthori+ed %erson mas0ueradin as a le itimate user( )t is o1ten re arded as a 1orm o1 nonte.hni.al intrusion that relies mostly on human intera.tion( One ty%i.al eKam%le o1 su.h tri.kery is .alled -hishin ( -hishin .onsists o1 an e-mail 1raud method in whi.h the %er%etrator sends out le itimate-lookin email in an attem%t to ather %ersonal and 1inan.ial in1ormation 1rom re.i%ients( &y%i.ally, the messa es a%%ear to .ome 1rom well known and trustworthy Web sites( Traceability: a method o1 tra.kin all ele.troni. and %a%er data a.tivity(

DATA PROTECTION AND PRIVACY STATEMENT Your Personal Information This Data Protection and Privacy Statement relates solely to information supplied by you on this Web Site. Standard Chartered Bank, the Data Controller ( SCB ! respects the privacy of your personal information and "ill treat it confidentially and securely. #ny personal information provided by you to SCB throu$h this Web Site "ill be used for the purpose of providin$ and operatin$ the products and services you have re%uested at this Web Site and for other related purposes "hich may include updatin$ and enhancin$ SCB&s records, understandin$ your financial needs, conductin$ credit checks, revie"in$ credit "orthiness and assistin$ other financial institutions to conduct credit checks, advisin$ you of other products and services "hich may be of interest to you, for crime'fraud prevention and debt collection purposes, for purposes re%uired by la" or re$ulation, and to plan, conduct and monitor SCB&s business. The information collected from you by SCB "ill be valuable in improvin$ the desi$n and marketin$ of our ran$e of services and related products for customer use. (f you are providin$ your details in connection "ith an application for employment, please refer to our Data Protection and Privacy Statement ) *ob #pplicants "hich "ill be displayed "hen you apply (see our &Careers& pa$e!. This Policy "ill not alter or affect any information other"ise provided by you to SCB.

Data %rote.tion and %riva.y issues ethi.al uidelines

-a e 64

+ther than to those individuals and entities listed belo" your details "ill not be revealed by SCB to any e,ternal body, unless SCB has your permission, or is under either a le$al obli$ation or any other duty to do so. -or the purposes detailed above, your information may be disclosed to.

other Bran.hes or Com%anies in the 'CB Grou% Aie( 'CB, its subsidiaries and a11iliatesBN any re ulatory, su%ervisory, overnmental or 0uasi- overnmental authority with 5urisdi.tion over 'CB Grou% membersN any a ent, .ontra.tor or third %arty servi.e %rovider, %ro1essional adviser or any other %erson under a duty o1 .on1identiality to the 'CB Grou%N .redit re1eren.e a en.ies and, in the event o1 de1ault, debt .olle.tion a en.iesN any a.tual or %otential %arti.i%ant or sub-%arti.i%ant in, assi nee, novatee or trans1eree o1, any o1 the 'CB Grou%Ss ri hts andLor obli ations in relation to youN any 1inan.ial institution with whi.h 'CB has or %ro%oses to have dealin s(

The above disclosures may re%uire the transfer of your information to parties located in countries that do not offer the same level of data protection as your home country. /o"ever, SCB "ill ensure that parties to "hom your details are transferred treat your information securely and confidentially. SCB also pled$es its intention fully to meet any internationally reco$nised standards of personal data privacy protection and to comply "ith applicable data protection and privacy la"s. We may transfer your information if it is necessary to perform our contract "ith you and by providin$ details to SCB via this Web Site you are deemed to consent to any other transfers. (nformation held about you is retained as lon$ as the purpose for "hich the information "as collected continues. The information is then destroyed unless its retention is re%uired to satisfy le$al, re$ulatory or accountin$ re%uirements or to protect SCB&s interests. #s a $eneral rule, the ma,imum retention period is 0 years. (t is your responsibility to maintain the secrecy of any user (D and lo$in pass"ord you hold. Cookies (n order to improve our (nternet service to you, "e "ill occasionally use a cookie and'or other similar files or pro$rams "hich may place certain information on your computer&s hard drive "hen you visit an SCB "eb site. # cookie is a small amount of data that our "eb server sends to your "eb bro"ser "hen you visit certain parts of our site. We may use cookies to.

allow us to re.o nise the -C you are usin when you return to our web site so that we .an understand your interest in our web site and tailor its .ontent and advertisements to mat.h your interests A&his ty%e o1 .ookie may be stored %ermanently on your -C but does not .ontain any in1ormation that .an identi1y you %ersonally(BN

Data %rote.tion and %riva.y issues ethi.al uidelines

-a e 66

identi1y you a1ter you have lo ed in by storin a tem%orary re1eren.e number in the .ookie so that our web server .an .ondu.t a dialo ue with you while simultaneously dealin with other .ustomers( A,our browser kee%s this ty%e o1 .ookie until you lo o11 or .lose down your browser when these ty%es o1 .ookie are normally deleted( Mo other in1ormation is stored in this ty%e o1 .ookie(BN allow you to .arry in1ormation a.ross %a es o1 our site and avoid havin to re-enter that in1ormationN allow you a..ess to stored in1ormation i1 you re ister 1or any o1 our on-line servi.esN enable us to %rodu.e statisti.al in1ormation AanonymousB whi.h hel%s us to im%rove the stru.ture and .ontent o1 our web siteN enable us to evaluate the e11e.tiveness o1 our advertisin and %romotions(

Cookies do not enable us to $ather personal information about you unless you $ive the information to our server. 1ost (nternet bro"ser soft"are allo"s the blockin$ of all cookies or enables you to receive a "arnin$ before a cookie is stored. -or further information, please refer to your (nternet bro"ser soft"are instructions or help screen. #lternatively, information on deletin$ or controllin$ cookies is available at http.''""".allaboutcookies.or$ Internet Communications (n order to maintain the security of our systems, protect our staff, record transactions, and, in certain circumstances, to prevent and detect crime or unauthorised activities, SCB reserves the ri$ht to monitor all internet communications includin$ "eb and email traffic into and out of its domains. Your Rights an !o" to Contact #s 2ou may have the ri$ht under data protection le$islation on payment of a fee to re%uest access to personal information about you held by us and to have it corrected "here appropriate. (f you have that ri$ht and you "ish to access, correct or delete any of your personal data held by us, or if you have any %uestions concernin$ our Data Protection and Privacy Statement please contact the relevant SCB Data Protection representative. 2ou may also have the ri$ht to access details held by credit reference a$encies and SCB "ill supply details of the relevant a$encies upon re%uest. -or the 34 please "rite to. The 5e$ional /ead of 6e$al Compliance 34'7urope, 8 Basin$hall #venue, 6ondon 7C9: ;DD, 7n$land. (-a, number. (<==! (>!9> 0??; 8?08!. +ther local SCB "eb sites may have details of local Data Protection +fficers. Contacting You (n providin$ your telephone, facsimile number, postal and e)mail address or similar details, you a$ree that SCB may contact you by these methods to keep you informed about SCB products and services or for any other reason. (f you prefer not to be kept informed of SCB products and services, please contact SCB by 7)mail. SCB reserves the ri$ht to amend its prevailin$ Data Protection and Privacy Statement at any time and "ill place any such amendments on this Web Site. This Data Protection and Privacy Statement is not intended to, nor does it, create any contractual
Data %rote.tion and %riva.y issues ethi.al uidelines -a e 6@

ri$hts "hatsoever or any other le$al ri$hts, nor does it create any obli$ations on SCB in respect of any other party or on behalf of any party. COPYRI$!T % STANDARD C!ARTERED P&C '(()* A&& RI$!TS RESERVED*
K!# .D .K )0?

( am surprised that no one has @yetA e,pressed concerns over the BovernmentAs plan to introduce (D cards "ith fin$erprints. #ll i hear is that this "ill help in fi$htin$ crime and could be used to compared all unsolved crimes a$ainst the information held on the re$ister.. #ll $ood.. ( a$reeC .. /o"ever "e need to look at other factors and implications that "ill have a ne$ative impact on our society. /ave the members of the parliament and the police asked themselves "hether Dsurveillance stateE "as "anted by the public bearin$ in mind the hu$e implications for peopleAs privacy if the authorities are $oin$ to allo" the police to $o on a fishin$ e,pedition throu$h the files of innocent people. +rom ,re-ious histor./ i "oul not sa. that the Mauritian ,olice force is one to 0e full. truste in the first ,lace* (n the last fe" years, "e have all "itnessed many cases of poor police investi$ations, abuse of process by police and even police corruption. Fo" that the police "ill have access to everyoneAs personal information, fin$erprints etc, "orries me a lot. (t is apparent that there are $oin$ to be miscarria$es of Gustice if the $overnment $oes do"n this route. -irstly, "e need to bear in mind that fin$erprint technolo$y is not 8>>H accurateI e,perience tells us that itAs not infallible. -or e,ample, in the 3nited 4in$dom there have been t"o cases "here a person "as convicted of murder and a police officer convicted of perGury based on fin$erprint evidence provided by the Scottish Criminal 5ecords +ffice J SC5+. The fin$erprint evidence $iven "as sho"n to be so mistaken, that no other e,pert outside that the SC5+ a$reed "ith the findin$s. Takin$ in consideration the issues i have raised, do you think that 1auritius is ready to introduce fin$erprint (D cardKK 2our vie"sK Te,t . -.P.17F76#S (-acebook! The 1auritius $overnment is set to implement ne" smart identification ((D! cards from September this year in a move to improve public services for the countryAs citiLens and increase security. DThe ne" le$islation brin$s amendments to the F(C (Fational (dentity Card! #ct, the Civil Status #ct 9>>8 and the -inance #ct 9>>M in the conte,t of the implementation of the 1auritius Fational (dentity Scheme (1F(S! proGect,E said the 1auritius $overnment in a statement. DThe F(C #ct is bein$ amended to provide e,pressly that the collection and processin$ of personal data, includin$ biometric information, under that #ct "ill be subGect to the provisions of the Data Protection #ct.E Favin 5am$oolam, the prime minister of 1auritius, said in parliament the current forms of identification in the country are prone to disaster and the ne" smart (D cards "ill reduce the number of for$ery cases.
Data %rote.tion and %riva.y issues ethi.al uidelines -a e 6C

DThe 1F(S proGect is a key component of the e)$overnment strate$y, "hich the $overnment has developed for implementation,E said 5am$oolam. /e said the 1F(S proGectAs implementation is runnin$ smoothly. TassaraGen Chedumbrum, the minister of information, communication and technolo$ies, said in parliament the ne" smart (D cards "ill be e%uipped "ith security measures, renderin$ it difficult to tamper "ith or for$e. 5am$oolam said all the necessary systems and infrastructure "ill be ready to be$in in September this year and all 1auritians above the a$e of 8? are e,pected to receive their smart (D cards durin$ the course of ne,t year. The enhanced security features include the polycarbonate card containin$ laser) en$raved particulars, F(C number, date of birth, $ender, photo$raph and si$nature of the card holder. The card "ill also be e%uipped "ith a contactless electronic chip and "ill store fin$erprints throu$h biometric information, civil status data and electronic certificates for security purposes. To combat fraud and for$ery the smart (D cards "ill include offset micro te,t, rainbo" printin$ and $uilloche printin$. These technolo$ies "ill reportedly make the card tamper)proof. 5am$oolam said throu$h $ood data $overnance and policies currently bein$ established, the 1F(S system "ill ensure citiLen data remains error free. D# $ood set of citiLen data is a cornerstone of a $ood e)$overnment system for brin$in$ $reater citiLen convenience and services,E said 5am$oolam.

Ne" +ace0ook Pri-ac. Issue S,arks Official +TC In1uir.

B, Jason "ell T 'e%tember 46, 6;4@T ; Comments T

)ma e .redit: $inda MylindL&he Guardian

-acebook is facin$ criticism a$ain over its privacy standardsK 2ou don&t say. The social net"orkin$ $iant&s latest privacy chan$es have sparked an official in%uiry by the -TC, accordin$ to a report by The New York Times. 6ate last month, -acebook proposed updates to its Statement of 5i$hts and 5esponsibilities and data)use policies that state, in part, that users effectively $rant -acebook permission to use their personal information in advertisin$ simply by bein$ on the social net"ork.

Data %rote.tion and %riva.y issues ethi.al uidelines

-a e 6D

-acebook says the updates are the result of a federal court order after users complained about their names and photos bein$ used to endorse products in -acebook ads. While -acebook says the updates are proposals that are up for revie", the -TC is investi$atin$ "hether the chan$es are a violation of a 9>88 a$reement "ith re$ulators that re%uires -acebook to obtain user consent before sharin$ anyone&s private information. -acebook never sou$ht out a discussion "ith us beforehand about these proposed chan$es, -TC spokesperson Peter 4aplan said in the article. We&re monitorin$ compliance "ith the order. Part of that involves interactin$ "ith -acebook. This, of course, isn&t the first time -acebook has come under fire. +ver the years, the social net"ork has faced $ro"in$ criticism for the "ay it handles its privacy standards and about its cooperation "ith $overnment search re%uests. -or the entire story, read The New York Times report here. Relate 2 !o" $oogle/ A,,le/ +ace0ook an Others #se Your Personal Data 3Infogra,hic4 5ead more stories about. Privacy policies, -acebook, -acebook advertisin$, Privacy concerns
9%dates on ,our Mew -riva.y &ools by Ana !uller on Wednesday, De.ember H, 6;;H at @:4H%m UPDATE on Thursday, Dec. 10: )n res%onse to your 1eedba.k, weSve im%roved the "riend $ist visibility o%tion des.ribed below( Mow when you un.he.k the Q'how my 1riends on my %ro1ileQ o%tion in the "riends boK on your %ro1ile, your "riend $ist wonSt a%%ear on your %ro1ile re ardless o1 whether %eo%le are viewin it while lo ed into "a.ebook or lo ed out( &his in1ormation is still %ubli.ly available, however, and .an be a..essed by a%%li.ations( &hanks a ain 1or your .omments and su estions( WeSve also %osted a third tutorial about the new %riva.y .ontrols here( &his video eK%lains how to use the %riva.y .ontrol in the -ublisher, the boK where you %ublish status .ontent su.h as u%dates, %hotos, videos and links( &hank you 1or all o1 your 1eedba.k so 1ar on the new %riva.y tools we be an rollin out today( WeSll be %rovidin u%dates and listin the most .ommon 0uestions weSre re.eivin in this %ost( Be sure to read our 1ull blo %ost on the new %riva.y tools, i1 you havenSt already( #hy don/t . have the new settings6 )1 you havenSt yet seen the three-ste% transition tool 1or reviewin and u%datin your %riva.y settin s, you will shortly( WeSre askin all @D; million %eo%le who use "a.ebook to o throu h this %ro.ess and are rollin out the .han es in.rementally to make sure it oes smoothly( *ee% in mind that you also wonSt see the new -riva.y 'ettin s %a e until youSve one throu h the transition %ro.ess(
Data %rote.tion and %riva.y issues ethi.al uidelines -a e 6F

&an . limit access to my :riend Fist6 !any o1 you have mentioned that you want a way to hide your list o1 1riends( )n res%onse to your 1eedba.k, weSve removed the Q2iew "riendsQ link 1rom sear.h results, makin your "riend $ist less visible on the site(

)n addition, you .an 1urther limit the visibility o1 your "riend $ist to other %eo%le on "a.ebook i1 you want( A1ter youSve .om%leted the transition to the new %riva.y settin s, youSll be able to .li.k on the %en.il i.on in the to%-ri ht .orner o1 the Q"riendsQ boK on your %ro1ile( 9n.he.kin Q'how my 1riends on my %ro1ileQ will %revent your "riend $ist 1rom a%%earin in your %ro1ile( when it is viewed by %eo%le who are lo ed in to "a.ebook( *ee% in mind, however, that be.ause "riend $ist is %ubli.ly available, it will be visible to %eo%le who are viewin your %ro1ile while not lo ed in( A ain, you will only have this o%tion on.e youSve .om%leted the transition to the new %riva.y settin s( /emember, you .an also limit who .an 1ind you in sear.hes on "a.ebook and .ontrol whether your in1ormation .an be indeKed by %ubli. sear.h en ines under Q'ear.hQ on the -riva.y 'ettin s %a e( &an . limit access to my #all6 &hereSs been some .on1usion about whether you .an still limit a..ess to Wall %osts 1rom 1riends and a%%li.ations( &he answer is yes( Just as be1ore, you have .om%lete .ontrol over who has a..ess to %osts your 1riends have made throu h the Q-osts by "riendsQ settin under Q-ro1ile )n1ormationQ on the -riva.y 'ettin s %a e( "or eKam%le, i1 you .hoose "riends o1 "riends, only your 1riends and 1riends o1 those 1riends will be able to see %osts others have made on your Wall( ,ou .an also .ontrol whether a%%li.ations you use .an %ost stories to your Wall on the A%%li.ation 'ettin s %a e( Just .li.k QEdit 'ettin sQ neKt to an a%%li.ationSs name and .hoose the settin s that are ri ht 1or you( .s there a tutorial on using the new (rivacy Settings page6 &o ive you as mu.h in1ormation as %ossible about how to .ontrol your eK%erien.e on "a.ebook, weSve .reated a short video that walks you throu h the new -riva.y 'ettin s %a e( &he video shows you what youSll 1ind on this %a e, uides you throu h the basi. levels o1 %riva.y, and eK%lains how to .ustomi+e your %riva.y settin s( ,ou .an .he.k it out here( #here can . provide feedbac$6 On.e youSve one throu h the three-ste% %ro.ess to u%date your settin s,
Data %rote.tion and %riva.y issues ethi.al uidelines -a e 6=

%lease visit the new -riva.y Center, our .om%rehensive resour.e 1or in1ormation on how to .ontrol your eK%erien.e( ,ouSll be able to a..ess this %a e at any time 1rom the Q-riva.yQ link at the bottom o1 any "a.ebook %a e( )1 you havenSt one throu h the transition, %lease %rovide your 1eedba.k here( While we un1ortunately .annot res%ond to your emails individually, weSre listenin to all o1 your 1eedba.k( %na& a 'aceboo( product mar(eting manager& is (eeping )ou updated. 6;4@-;H-4G

+TC Pro0ing +ace0ook5s Ne" Pri-ac. Polic.

Arti.le Comments A@B

Face ook !tc Pri"acy Po#icy

smaller $ar er 1a.ebook twitter oo le %lus linked in Email -rint By Eli+abeth Dwoskin


Data %rote.tion and %riva.y issues ethi.al uidelines

-a e 6G

5e$ulators at the -ederal Trade Commission are probin$ "hether -acebook-B <;.N?H violated usersA privacy ri$hts "hen it overhauled company policies t"o "eeks a$o. +n #u$ust 9M, the social net"ork announced an update to the company privacy policy. (n the update, the company stripped lan$ua$e that e,plicitly allo"ed users to limit ho" their names and profile pictures could be used for marketin$. The ne" policy said that by si$nin$ up for -acebook, members O includin$ minors O $ave -acebook the ri$ht to use their personal data. The move sparked protests from some privacy advocates, "ho complained to the -TC that -acebook broke the terms of a 9>88 court order. The order said that -acebook must $et consent from users before makin$ chan$es that override their privacy preferences. (t also re%uired that -acebook chan$e its policies to more clearly e,plain to members ho" their data "ould be used. (The court order "as put in place because the -TC said -acebook had promised users that their data "ouldnAt be shared "ith advertisers, but the company $ave advertisers access to user data any"ay.! While -acebook says that its most recent policy chan$e "as intended to make company practices more transparent, advocates said that the company had stripped members of their privacy ri$hts. +n Wednesday afternoon, -TC spokesman Peter 4aplan said that the a$ency had contacted -acebook after learnin$ about the policy chan$es, and that the discussions "ere a routine part of monitorin$ the companyAs compliance "ith the court order. DWhen somethin$ happens that could implicate the order, "e look into it as part of the normal monitorin$ of the order, and "eAre doin$ that here,E he said. 4aplan "ould not provide any details about "hat officials discussed "ith -acebook. -acebook spokes"oman *odi Seth said in an emailed statement that the company had not broken the la". DWe routinely discuss policy updates "ith the -TC and this time is no different,E she said. D(mportantly, our updated policies do not $rant -acebook any additional ri$hts to use consumer information in advertisin$. 5ather, the ne" policies further clarify and e,plain our e,istin$ practices. We take these issues very seriously and are confident that our policies are fully compliant "ith our a$reement "ith the -TC.E The Fe" 2ork Times earlier reported that the -TC had be$un an in%uiry into -acebookAs privacy policy.

+ace0ook users are committing 6-irtual i entit. suici e6 in ro-es an 1uitting the site o-er ,ri-ac. an a iction fears

0eports claim :aceboo$ recently lost 11 million users in the ?+S and ?L
-a e 6H

Data %rote.tion and %riva.y issues ethi.al uidelines

The ma-ority of people 4uitting the site blamed concerns over privacy Ether reasons included fear of addiction1 and shallow conversations

By :ictoria Woollaston P#7&IS!ED2 8;.9? B1T, 80 September 9>8P Q #PDATED2 88.>9 B1T, 8? September 9>8P


9>; :ie" comments

-acebook users are %uittin$ the social net"ork in droves due to privacy concerns and fear of internet addiction, accordin$ to ne" research. (ncreasin$ numbers are takin$ part in "hat&s been dubbed &virtual identity suicide& and deletin$ their accounts. #nalysis of more than N>> people, by researchers from the 3niversity of :ienna, found that data protection issues and social pressure to add friends "ere also amon$ the reasons for leavin$. +thers %uoted shallo" conversations, $eneral dissatisfaction and loss of interest in the site.

Data %rote.tion and %riva.y issues ethi.al uidelines

-a e @;

-acebook users are %uittin$ the social net"ork in droves due to privacy concerns and fear of internet addiction, accordin$ to research from :ienna 3niversity. #nalysis of more than N>> people found that data protection issues and social pressure to add friends "ere also amon$ the reasons for leavin$

0!*SEKS :E0 M?.TT.K% :*&!HEEL

Pri-ac. concerns2 =?.P per cent $eneral issatisfaction2 8P.; per cent Shallo" con-ersations2 89.N per cent +ear of 0ecoming a icte 2 N per cent

1ore than half of residents in Canada, 34, (reland, 3.S, #ustralia and Fe" Realand use -acebook. (reland has the most "ith NP per cent, follo"ed by #ustralia on N8 per cent. Fe" Realand has ;? per cent of people on the social net"ork site, "hile the 34 has ;; per cent and the 3.S has =0 per cent. -acebook in (reland has 9.9; million monthly users. # third of (rish -acebook users "ant less photos and more status updates and $et annoyed by ima$es of their friends& children. T"o in five (rish adults admitted to lyin$ on -acebook.
Data %rote.tion and %riva.y issues ethi.al uidelines -a e @4

Source2 Statcounters8Eircom 79A Sur-e. '(:; 7arlier this year, reports su$$ested that -acebook had lost nine million monthly users in the 3nited States and t"o million in Britain. These fi$ures ori$inated from research carried out by SocialBakers in #pril ) althou$h the social media monitorin$ a$ency clarifies that the 88 million fi$ure is a rou$h estimate and should not be used to detemine -acebook traffic. (nstead, SocialBakers claims the &fairest& "ay to track -acebook users is to use 1onthly #ctive 3sers. This fi$ure reflects ho" many people actively use the site on a month) by)month basis and chan$es, and is updated, re$ularly from -acebook&s ad system. Psycholo$ist Stefan Stie$er from the university recorded each of the N>> participants& responses to assessment measures based on their level of concern over various issues. Those "ho stopped usin$ social media "ere more concerned about privacy, had hi$her addiction scores and tended to be more conscientious. Professor Stie$er said. &(t could be possible that personality traits influence the likelihood of %uittin$ one&s -acebook account indirectly via privacy concerns and (nternet addiction. &(n this case, the concern about one&s privacy and (nternet addiction propensity "ould not be directly in char$e for %uittin$ one&s -acebook account, but "ould function as mediators of the underlyin$ personality traits.

Data %rote.tion and %riva.y issues ethi.al uidelines

-a e @6

Suitters "ere older, on avera$e, and more likely to be male. 5easons for %uittin$ -acebook "ere mainly privacy concerns at =?.P per cent, $eneral dissatisfaction at 8P.; per cent, ne$ative aspects of online friends, 89.N per cent, and fear of $ettin$ addicted at N per cent

Compared to the sample of those "ho continued to use -acebook, the %uitters "ere older, on avera$e, and more likely to be male. 5easons for %uittin$ -acebook "ere mainly privacy concerns (=?.P per cent!, follo"ed by a $eneral dissatisfaction (8P.; per cent!, ne$ative aspects of online friends (89.N per cent! and the feelin$ of $ettin$ addicted (N.> per cent!. Brenda Wiederhold, editor of the Gournal Cyberpsycholo$y, Behaviour and Social Fet"orkin$ "hich published the findin$s, said. &Biven hi$h profile stories such as Wiki6eaks and the recent FS# surveillance reports, individual citiLens are becomin$ increasin$ly more "ary of cyber)related privacy concerns. &With photo ta$s, profilin$, and internet dependency issues, research such as Professor Stie$er&s is very timely.&
/H0!*L.K% ?( #.T< * #!HS.T! S<E?FD H! !*S.!0 T<*K H0!*L.K% ?( #.T< * <?)*K H!.K% ' H?T :*&!HEEL (?TS ?( *K .)(0!SS.,! :.%<T/

#ccordin$ to Gournalist Sarah 4essler from +astCom,an., leavin$ -acebook can be a lon$)"inded and difficult process. #fter stru$$lin$ to find the Delete #ccount option, "hich she eventually found by searchin$ Boo$le, she "as met "ith photos of a selection of her -acebook friends "ith an automated messa$e about ho" much they&d miss her if she left. She "as then asked to tell -acebook the reasons "hy she "as leavin$, "hich she said "as due to privacy concerns, before -acebook tried to persuade her to stay by e,plainin$ more about ho" the site handles private data. -acebook "arned her that by deletin$ her account she&d lose all of her photos and posts, before tryin$ to convince her to stay by tellin$ her she could deactivate her account for as lon$ as she liked, and then Gust lo$in to reactivate. By deactivatin$, everythin$ on her profile "ould stay "here it is but "ould become hidden in case she "anted to return to the site. &-acebookAs hard sell did not stop me from deactivatin$ my account. But three days later, "hen ( "anted to $et in touch "ith an old friend, (
Data %rote.tion and %riva.y issues ethi.al uidelines -a e @@

reactivated my account like an e,)$irlfriend "ho can&t %uite commit to a breakup))Gust as -acebook had desi$ned,& said 4essler. 4essler claims that -acebook uses four persuasion techni%ues to make people stay and these include makin$ it complicated, $ivin$ people the option to take a break rather than delete it completely, tappin$ in to personal friendships and connections and tryin$ to solve any problems the user has.
/ead more: htt%:LLwww(dailymail(.o(ukLs.ien.ete.hLarti.le6C6@=4@L"a.ebook-users-.ommittin -virtual-identity-sui.ide-0uittin -sitedroves-%riva.y-addi.tion-1ears(htmlUiK++61"@HOKA "ollow us: V!ailOnline on &witter T Daily!ail on "a.ebook

0!*SEKS :E0 M?.TT.K% :*&!HEEL

Pri-ac. concerns2 =?.P per cent $eneral issatisfaction2 8P.; per cent Shallo" con-ersations2 89.N per cent +ear of 0ecoming a icte 2 N per cent

1ore than half of residents in Canada, 34, (reland, 3.S, #ustralia and Fe" Realand use -acebook. (reland has the most "ith NP per cent, follo"ed by #ustralia on N8 per cent. Fe" Realand has ;? per cent of people on the social net"ork site, "hile the 34 has ;; per cent and the 3.S has =0 per cent. -acebook in (reland has 9.9; million monthly users. # third of (rish -acebook users "ant less photos and more status updates and $et annoyed by ima$es of their friends& children. T"o in five (rish adults admitted to lyin$ on -acebook. Source2 Statcounters8Eircom 79A Sur-e. '(:;
/ead more: htt%:LLwww(dailymail(.o(ukLs.ien.ete.hLarti.le6C6@=4@L"a.ebook-users-.ommittin -virtual-identity-sui.ide-0uittin -sitedroves-%riva.y-addi.tion-1ears(htmlUiK++61"@)dW-m "ollow us: V!ailOnline on &witter T Daily!ail on "a.ebook

Data %rote.tion and %riva.y issues ethi.al uidelines

-a e @C