Presentation is loading. Please wait.

Presentation is loading. Please wait.

Brief presentation of the CBSS datawarehouse

Published byBaldwin Banks Modified over 6 years ago

Similar presentations

Presentation on theme: "Brief presentation of the CBSS datawarehouse"— Presentation transcript:

1 Brief presentation of the CBSS datawarehouse
@FrRobben

2 CBSS datawarehouse Legal assignment of the CBSS: article 5 of the ‘Kruispuntbankwet’ Created to efficiently process data requests from research institutions and the government Constructed with data from the social security institutions other government institutions the national and CBSS register and complemented by self-defined notions Linkable with other data sources Documentation

3 Content Data about the labour market Data about family allowances
Data about pensions and pension build-up Data about incapacity for work and disabilities Data about social assistance (poverty) Data about education and certificates Personal characteristics Data about origin Self-defined notions (e.g. socio-economic position) Notions on the EU2020 strategy

4 Functioning and governance
CBSS daily monitoring and coordination handling custom data requests and developing web applications University of Leuven and Université libre de Bruxelles permanent scientific support Smals hosting of the datawarehouse Board of users council of researchers and government institutions Board of management: council of data suppliers Sponsors: in the past: BELSPO / Federal Public Service Social Security / CBSS now: a group of federal and regional institutions

5 Use of the datawarehouse
Web applications consultation of statistics via the internet (no personal data !) Custom data requests scientific and policy supporting research only scientific institutions (non-commercial organisations) and government institutions encoded personal data or anonymized data Approval by the Information Security Committee is always mandatory Prior approval by the institution is possible if desired At the end of the study, obligation to send a copy of the study report to the CBSS

6 Conditions for the use of data
In compliance with privacy regulation (GDPR, privacy law ,…) decision of the Information Security Committee contract between data supplier and data recipient Proportionality limitation of the amount of data limitation of the amount of data subjects (a sample of the population) communication of data in classes (age, nationality, income,…) No re-identification implementation of all possible measures to avoid re-identification of the data subject no attempts to convert the pseudonymised data into non- pseudonymised data publication of the research results exclusively in the form of anonymous data

7 Conditions for the use of data
No data communication of data to third parties Only for the duration of the research data must be destroyed afterwards a trusted third party can keep the data for a longer period for the justification of the research results for follow-up Segregation of duties if the data recipient is also (partially) a data supplier strict separation between the service that processes the non-pseudonymized data for operational purposes (input) the service that processes the pseudonymized data for research purposes (output)

8 Overview of the users Academic institutions
commissioned own initiative: mostly PhD’s Government institutions on the federal, regional, provincial and the municipal level, eg Statistics Belgium, the Federal Planning Bureau and the National Bank Political government Journalists / students General public

9 EU General Data Protection Regulation
Main principles purpose limitation proportionality accuracy and data quality security transparancy accountability Methodology risk based approach documentation duty privacy by design privacy by default codes of conduct certification additional measures for sensitive data

10 Some risks and how to manage them
Risk of singling out individuals without necessity aggregation, anonymisation and pseudonymisation of data small cells risk analysis legal obligation to not to attempt to re-identify data subjects Risk of data bias careful selection of data used reliable analysis methodologies (interative modelling) ‘equal opportunity by design’ appropriate training transparancy

11 Some risks and how to manage them
Risk of violation of purpose limitation principle preliminary transparency about purposes of big data analysis respecting GDPR, especially in case of big data analysis for public health or scientific research purposes Risk of huge increase of data storage (quantity and duration) limitation of personal data storage to the extent and during the time useful for the foreseen legitimate purposes aggregation, anonymisation or pseudonymisation of personal data that are only stored for public health or scientific research purposes

12 Concrete security measures
Datawarehouse is on a Linux server very frequent maintenance for security updates Server is in the network of Smals with firewalls the network is closed to any network not granted specific access the connection from outside ('flux') must be specially opened; currently this is only the network of the CBSS itself and of Smals for the datawarehouse Access only for specific employees only the employees who need access to the data get this; these are a few people at Smals (the administrators) and a few employees of the CBSS; each new person must be added specifically after special request

13 Concrete security measures
SSIN is encrypted : no real SSIN included in this way it is possible to link a person’s data, without knowing which person is concerned. encrypted SSIN is not communicated, replaced by a serial number reversible, but requires the intervention of others : necessary for coupling with external files No exact address included : only municipality and statistical sector Daily backup of data so that they can be restored in case of serious hardware problems (disaster recovery)

14 Concrete security measures
Encryption of files : OpenPGP (Kleopatra) create a pair of keys (public-private) exchange of public keys open source Exchange through sFTP server files always deleted after downloading only PGP-encrypted files are placed on the server

15 Concrete security measures
Rules applied when transmitting tables rule “1-3” further aggregation (e.g. larger categories) split tables small cell risk analysis Rules for data sets with individual data encrypted SSIN is replaced by a serial number no indirect identification: no exact date of birth, amounts, etc. using samples, not the entire population Working more and more according to the 'safe center' principle researcher works in CBSS building only gets small sample to develop applications at the CBSS: run applications on the files of the entire population

16 Legal measures Legislation : articles 5 and 15 of the CBSS Law
Deliberation of the Information Security Committee basic principles : finality, proportionality and safety approval necessary, but no obligation to execute Contract a contract is always established (exception: small data requests covered by generic authorisation) deliberation of the Information security committee always prevails over the contract

17 Legal measures CBSS always has the right to take additional measures during implementation Use of data always limited in time an extension is possible but this requires new submission to the Information Security Committee CBSS can archive for longer if desired Data Protection Officers (DPO) ensure security and privacy protection

18 Web applications No direct consultation of the datawarehouse
a table of aggregated information is created previously no SSIN or other identification data included that table is used as a basis server and database on which web applications run are physically separated from the server and database of the datawarehouse Basic table is consulted through the web application all its information is retrievable, but it is technically not possible to retrieve all variables at once "1-3”-rule is applied to figures at the level of statistical sector

19 Thank you ! Any questions ?
@FrRobben

Download ppt "Brief presentation of the CBSS datawarehouse"

Similar presentations

VOLUNTARY PRINCIPLES ON SECURITY & HUMAN RIGHTS. What are the Voluntary Principles? Tripartite, multi-stakeholder initiative Initiated in 2000 by UK Foreign.

VOLUNTARY PRINCIPLES ON SECURITY & HUMAN RIGHTS. What are the Voluntary Principles? Tripartite, multi-stakeholder initiative Initiated in 2000 by UK Foreign.
Re-use of PSI Data Protection Issues Cécile de Terwangne Professor at the Law Faculty, Research Director at CRIDS University of Namur (Belgium) 2 nd LAPSI.

Re-use of PSI Data Protection Issues Cécile de Terwangne Professor at the Law Faculty, Research Director at CRIDS University of Namur (Belgium) 2 nd LAPSI.
PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR

PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR
Data warehouse labour market and social protection CBSS Chris Brijs Statistician Crossroads Bank for Social Security Sint-Pieterssteenweg 375 B-1040 Brussels.

Data warehouse labour market and social protection CBSS Chris Brijs Statistician Crossroads Bank for Social Security Sint-Pieterssteenweg 375 B-1040 Brussels.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
Public Procurement in Albania in the framework of recent reforms PUBLIC PROCUREMENT AGENCY 1.

Public Procurement in Albania in the framework of recent reforms PUBLIC PROCUREMENT AGENCY 1.
Introduction to the data warehouse labour market and social protection CBSS Frank Robben General Manager Crossroads Bank for Social Security

Introduction to the data warehouse labour market and social protection CBSS Frank Robben General Manager Crossroads Bank for Social Security
ZHRC/HTI Financial Management Training

ZHRC/HTI Financial Management Training
Network security policy: best practices

Network security policy: best practices
Europe's work in progress: quality of mHealth Pēteris Zilgalvis, J.D., Head of Unit, Health and Well-Being, DG CONNECT Voka Health Community 29 September.

Europe's work in progress: quality of mHealth Pēteris Zilgalvis, J.D., Head of Unit, Health and Well-Being, DG CONNECT Voka Health Community 29 September.
Data Protection Corporate training 2012. Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.

Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
Chapter 8 Auditing in an E-commerce Environment

Chapter 8 Auditing in an E-commerce Environment
The EU General Data Protection Regulation Frank Rankin.

The EU General Data Protection Regulation Frank Rankin.
Data protection—training materials [Name and details of speaker]

Data protection—training materials [Name and details of speaker]
Reforms in the Albanian Public Procurement System 7 th Regional Public Procurement Forum Tbilisi, Georgia May 16-19, 2011 PUBLIC PROCUREMENT AGENCY 1.

Reforms in the Albanian Public Procurement System 7 th Regional Public Procurement Forum Tbilisi, Georgia May 16-19, 2011 PUBLIC PROCUREMENT AGENCY 1.
František Nonnemann Skopje, 10th October 2012 JHA 48785 Data protection and re-use of PSI as a tool for public control–CZ approach.

František Nonnemann Skopje, 10th October 2012 JHA Data protection and re-use of PSI as a tool for public control–CZ approach.
ESTONIA Ülle Talihärm Ministry of Culture/ adviser for libraries

ESTONIA Ülle Talihärm Ministry of Culture/ adviser for libraries
Independent Centre for Privacy Protection Schleswig-Holstein

Independent Centre for Privacy Protection Schleswig-Holstein
GDPR 12 POINTS 679/2016 DATA LEX 2016.

GDPR 12 POINTS 679/2016 DATA LEX 2016.
Brussels Privacy Symposium on Identifiability

Brussels Privacy Symposium on Identifiability

Similar presentations

Ads by Google