Updated 2020-09-24 by @michaelrchapman
CLIMB COVID Acceptable Use Policy
Use of the CLIMB-COVID system is bound by:
Depending on your role in the consortium, you will be able to contribute data and / or access data collected by COG-UK for analysis. You must comply with these policies at all times when carrying out your work for the consortium.
The dataset available to COG-UK is a unique data resource. There are no other data sets of a similar magnitude that link SARS-CoV-2 sequencing data to patient data anywhere else in the world. Furthermore, in terms of precedents in the UK, there are no other UK wide COVID-19 healthcare datasets like the one held in CLIMB-COVID. In summary, COG-UK has been able to assemble an unprecedented and rich dataset to allow research into SARS-CoV-2. All the data held in CLIMB-COVID is collected without consent by the Public Health Agencies under their statutory powers, this means we all have an important responsibility to treat access to this data both as privilege and responsibility. Our continued ability to do so now and in the future, depends on everyone using the data in CLIMB-COVID appropriately.
The key requirements are summarised below but it is your responsibility to familiarise yourself with the relevant policies. If in any doubt please read the documentation, speak to your site lead or email COGUK_DataAccess@medschl.cam.ac.uk.
Key requirements for use of CLIMB-COVID
- You must not upload any data that directly identifies an individual.1
- You must ensure that you have permission to share data with the consortium before uploading it to CLIMB-COVID.2
- You must follow the instructions for uploading data available from the COG-UK Docs site.
Use of data
- The data items in the CLIMB-COVID system are classified as ‘public’, ‘consortium’ or ‘restricted’ access.3
- You must only use data made available through CLIMB-COVID to support the work of the COG-UK consortium. Access to restricted datasets requires specific approval from the Steering Group and Public Health Agencies. Restricted data may only be used for the approved purpose.4
- All analysis must be conducted on CLIMB-COVID or within a public health agency. You must not download datasets for analysis elsewhere.5
- Sequences, any variables derived solely from the sequence data and a small number of other variables (central sample ID, adm1 and date of sample collection / receipt) are in the public domain and may be analysed outside CLIMB-COVID.
- You may export results and summary reports from CLIMB.6 If you are required to do this, you must follow these guidelines:
- Minimise the results exported. Only data essential for report interpretation may be included in the presented figures / tables. The default is to present the data in aggregate form. Aggregated outputs may contain public and consortium data items.
- Outputs (e.g. figures, tables or trees) at individual sequence level that include the COG-UK ID may only include public data. However, where required for the public health response, the adm2 (i.e. ‘county’) variable may also be included in sequence level outputs removed from CLIMB-COVID. Users outside public health agencies exporting outputs with adm2 at sequence level must contact COGUK_DataAccess@medschl.cam.ac.uk with brief details of the project to allow a record of data extracted from CLIMB-COVID to be maintained.
- Any outputs that contain restricted data items must be pre-specified as part of the application process to access the data and must not include the COG-UK ID.
- Table 1 below summarises the data that may be included in outputs exported from CLIMB-COVID.
- Safeguard the data exported. You are responsible for the appropriate handling of the data within the results you export from CLIMB-COVID. You must prevent disclosure of confidential information and comply with the COG-UK publication policy for any results placed in the public domain (see below).
- Seek advice. Advice should be sought from the Steering Group and PHAs if there is any uncertainty. If in doubt, please contact COGUK_DataAccess@medschl.cam.ac.uk.
|Type of data
|Sequence level with COG-UK ID
|Public data only
|Public data + Adm2 (County)
|For public health response. Notify COG-UK data access inbox.
|Consortium level data
|Subject to approval
Table 1: Data that may be included in outputs exported from CLIMB-COVID
- You must have completed data protection training within the past year and must provide evidence of this to COG-UK team (see details of appropriate training below).7
- You must keep the data confidential. You may not share or allow others to access COG-UK data.8
- You must not try to identify any individual in the COG-UK data in CLIMB-COVID or link this to other datasets that may lead to identification of an individual.9
- You must notify COGUK_DataAccess@medschl.cam.ac.uk of any unauthorised or accidental access, use or disclosure of COG-UK data as soon as reasonably practicable.10
Publication of results
Use of CLIMB-COVID is monitored and failure to comply with these policies may lead to your access being withdrawn.12
Acceptable forms of data protection training
Acceptable forms of data protection training for accessing COG-UK data are:
- Your employer’s data protection or information governance training.
- NHS Information Governance Training - Data Security Awareness Level 1 for those with NHS contracts.
- MRC e-learning: Research, GDPR and confidentiality – what you really need to know.
You must provide evidence that you have completed one of these to COGUK_DataAccess@medschl.cam.ac.uk to use CLIMB-COVID.
Appendix: Source of requirements in the COG-UK Consortium Agreement
- Clause 8.1
- Schedule 5: clause 11
- Schedule 9
- Schedule 5: clause 12/14 and Schedule 6: clause 2.3.1
- Schedule 6: clauses 2.2 and 2.3.3
- Schedule 6: clause 3.2
- Schedule 6: clause 2.3.2
- Schedule 6: clause 2.3.4
- Schedule 6: clause 2.3.8
- Schedule 6: clause 2.3.7
- Schedule 6: clause 3.2
- Schedule 6: clause 2.4 and 5.2
Published 2020-09-24. Updated 2020-09-24. Page maintainer @michaelrchapman.