Publishing data in a data repository does not automatically make them openly accessible. (Sensitive) personal data can still be protected by limiting access to the data. Access controls can permit control down to an individual file level, meaning that mixed levels of access control can be applied to a data collection.
Many data repositories operate a three-tiered approach to data access:
- Open access
Data that can be accessed by any user whether they are registered or not. Data in this category shouldn't contain personal information (unless consent is given (see 'Informed consent').
- Access for registered users (safeguarded)
Data that is accessible only to users who have registered with the archive. This data contains no direct identifiers but there may be a risk of disclosure through the linking of indirect identifiers.
- Restricted access
Access is limited and can only be granted upon request. This access category is for the most sensitive data that may contain disclosive information.
Restricted access requires long-term commitment of the researcher or person responsible for the data to handle the upcoming the permission requests.
Besides offering the opportunity for restricted access 'for eternity' most data repositories allow you to place a temporary embargo on your data. During the embargo period, only the description of the dataset is published. The data themselves will become available in open access after a certain period of time.
Access conditions may differ slightly between data repositories. In the accordion below two examples are given.
Open metadata for (sensitive) personal data
Even if personal data cannot be published in open access, it is always possible to publish the metadata which belongs to this dataset. Openly publishing metadata is, in fact, the only way to make such datasets discoverable.
Trusted data repositories are dedicated to increasing the discoverability of your data sets. Therefore, metadata is always freely accessible in any of the CESSDA archives. That means that:
- No registration is needed for searching in the metadata;
- No registration is needed for harvesting the metadata (e.g. by search engines).
Metadata of sensitive datasets should never contain confidential or identifying elements or characteristics, like names.
When someone finds a dataset under restricted accesss (most likely because they containing (sensitive) personal data), he or she can submit an access request to the rights holder. If this is granted, the dataset will be available to download by this user. Even then the use is restricted. The user is not allowed to make the personal data of this data set public and can only refer to the data in an anonymised way.
Access control strategy
When choosing an access category, consider the following:
- Does the data contain identifiable information?
- Can the information in this data collection be linked with anything in another data collection which might lead to participant’s identities being disclosed?
- What did participants consent to?
- If ‘restricted access’ is to be chosen who will manage the access to this request?