YNiC Data Protection Policy
The York Neuroimaging Centre (YNiC) maintains records concerning
individuals who use the Centre and participants who are scanned at the
Centre. These data are held electronically and therefore YNiC adheres to
a strict code of practice in obtaining, maintaining, protecting,
processing and destroying them. YNiC’s policy is in full compliance with
the University of York’s Data Protection Act: Policy Procedures and
Guidelines document that can be read at http://www.york.ac.uk/recordsmanagement/dpa/dppolicy2002.htm
YNiC specific policies that complement this document are:
- All individuals who are scanned at YNiC are asked to complete
and sign a consent form that allows data to be used for research
purposes only.
- Only data relevant to the administration of scan procedures
and to the analysis of scan data may be stored.
- All YNiC data are held in a computer archive to which only
registered users of YNiC have access. All YNiC users are required
to sign up to the YNiC Regulations of Computer Use policy which
incorporates by reference this document.
- Research workers who have permission to access the YNiC
database only have access to anonymised datasets. Researchers will
access the data for research purposes only, and the data will not be
used in such a way as to be likely to cause substantial damage or
distress to particular individuals.
- Access to an individual’s own data in the YNiC database is
possible by two methods:
- Requests from a participant for a “Picture of my
brain” situations. In these cases, subjects should
contact the YNiC Data Controller leaving at least one week
after their scan. For further details, see the section called “Requests for “Picture of My Brain””.
- Formal subject access requests are those made under the
Data Protection Act 1988 and are suitable for those who wish to
discover all of the information which YNiC holds about them.
Those wishing to follow this procedure must complete a
“data subject enquiry form” and return it to the
University Record’s Manager with the appropriate fee. This form
is available from the University of York website at http://www.york.ac.uk/recordsmanagement/dpa/subjectaccessform.pdf
- YNiC staff are not authorised to release any information
direct to individuals/third parties or to discuss anything relating
to the images obtained during the scan with individuals/third
parties. Research carried out at YNiC is not to be used in
medical diagnosis.
- Researchers who wish to take data away from YNiC must write
to the Data Controller stating the reason why the data needs to be
stored at a site away from the University of York. No data may be
taken outside of the European Economic Area (the EU member states,
plus Norway, Iceland and Liechtenstein).
- Please note that if off-site analysis is being stored,
viewed, analysed, maintained or otherwise processed by a third party
on behalf of YNiC, it is a requirement of the Data Protection Act
that a contract/agreement must be in place to ensure that the centre
continues to meet its statutory obligations under the Act and that
the security of the data for which it is responsible is assured.
This does not apply to researchers taking data acquired for their
own studies off-site (instead the normal rules about notifying data
removal apply). Should a third party need to perform one of these
actions, please contact the data controller before any action is
taken.