saeon_data_policy

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
saeon_data_policy [2022/06/24 08:13] – [Annexure I: Protection of Personal Information Act Procedures] lindsaysaeon_data_policy [2022/10/21 12:29] (current) – [A. Conditions of Archiving] lindsay
Line 1: Line 1:
-====== SAEON Data Policy ======+===== SAEON Data Policy =====
  
 This data policy outlines the roles and responsibilities of SAEON and collaborating Data Providers, with the aim of making datasets submitted by the Data Providers discoverable, accessible, interoperable, and re-usable. This supports open science and improves the utility of publicly funded research outputs for society. SAEON promotes the responsible archiving and broadest possible dissemination and reuse of all research data while respecting the legal rights of the Data User and Data Provider. This data policy outlines the roles and responsibilities of SAEON and collaborating Data Providers, with the aim of making datasets submitted by the Data Providers discoverable, accessible, interoperable, and re-usable. This supports open science and improves the utility of publicly funded research outputs for society. SAEON promotes the responsible archiving and broadest possible dissemination and reuse of all research data while respecting the legal rights of the Data User and Data Provider.
Line 10: Line 10:
    D. SAEON Data User Requirements    D. SAEON Data User Requirements
  
-===== Definitions =====+==== Definitions ====
  
 **Archiving**: Long-term preservation of data and information in a secure environment. Archived data are not publicly available. **Archiving**: Long-term preservation of data and information in a secure environment. Archived data are not publicly available.
Line 54: Line 54:
 ---- ----
  
-===== A. Conditions of Archiving =====+==== A. Conditions of Archiving ====
  
-1. The SAEON Open Data Platform (ODP) offers the ability to store metadata and datasets in a secure environment that protects the intellectual property rights of the Data Providers. All Data Providers are required to sign a Data Agreement or complete a Data Management Plan.+1. The SAEON Open Data Platform (ODP) offers the ability to store metadata and datasets in a secure environment that protects the intellectual property rights of the Data Providers. All Data Providers are required to sign a Data Agreement or complete a [[data_management_planning|Data Management Plan]].
  
 2. The Data Provider can archive their dataset(s) with the SAEON Open Data Platform, without payment of a monetary fee.  SAEON agrees to archive these datasets provided they meet the conditions in (3), (4), (5), (6),  and (18) below. 2. The Data Provider can archive their dataset(s) with the SAEON Open Data Platform, without payment of a monetary fee.  SAEON agrees to archive these datasets provided they meet the conditions in (3), (4), (5), (6),  and (18) below.
Line 73: Line 73:
   * perform format migrations as part of the preservation process.   * perform format migrations as part of the preservation process.
  
-===== B. Responsibilities of the Data Provider ===== 
  
-==== Metadata ====+==== B. Responsibilities of the Data Provider ==== 
 + 
 +=== Metadata ===
  
 6. All datasets that are archived in the SAEON ODP must be accompanied by metadata. All metadata provided to SAEON will be made publicly accessible, to allow potential users to locate datasets of interest to them. Metadata must be maintained using the service stipulated by (23) or (24) below. 6. All datasets that are archived in the SAEON ODP must be accompanied by metadata. All metadata provided to SAEON will be made publicly accessible, to allow potential users to locate datasets of interest to them. Metadata must be maintained using the service stipulated by (23) or (24) below.
  
-==== Intellectual property rights ====+=== Intellectual property rights ===
  
 7. All intellectual property predating the submission of data shall be the sole property of the party that discovered and/or created and/or acquired such intellectual property (Background Intellectual Property). The owner and/or creator and/or holder of the background intellectual property must determine an appropriate license in consultation with SAEON. 7. All intellectual property predating the submission of data shall be the sole property of the party that discovered and/or created and/or acquired such intellectual property (Background Intellectual Property). The owner and/or creator and/or holder of the background intellectual property must determine an appropriate license in consultation with SAEON.
Line 93: Line 94:
 12. The responsibility falls on the Data Provider/ IP Owner to choose the appropriate license for their data, taking into account legal and ethical considerations. SAEON will maintain the license of the dataset as received, and any added value products will be made available under the same license. 12. The responsibility falls on the Data Provider/ IP Owner to choose the appropriate license for their data, taking into account legal and ethical considerations. SAEON will maintain the license of the dataset as received, and any added value products will be made available under the same license.
  
-==== Persistent identifiers and data publication ====+=== Persistent identifiers and data publication ===
  
 13. Digital Object Identifiers should be issued for published datasets as the prefered means of tracking the data. This will normally be done by default for all publicly available data under the Creative Commons License, and allows citation of data in journals and scholarly articles. 13. Digital Object Identifiers should be issued for published datasets as the prefered means of tracking the data. This will normally be done by default for all publicly available data under the Creative Commons License, and allows citation of data in journals and scholarly articles.
Line 99: Line 100:
 14. If, for any reason, the Data Provider does not want a Digital Object Identifier issued for the data, they must provide an alternative method for tracking updates to their data. 14. If, for any reason, the Data Provider does not want a Digital Object Identifier issued for the data, they must provide an alternative method for tracking updates to their data.
  
-==== Review of embargo/Annual review ====+=== Review of embargo/Annual review ===
  
 15. The Data Provider may stipulate an embargo period of a maximum period of three years, starting from the date the data is provided. 15. The Data Provider may stipulate an embargo period of a maximum period of three years, starting from the date the data is provided.
Line 107: Line 108:
 17. An extension to the embargo period will be granted on an annual basis, provided that it is requested before the termination date of the current embargo. 17. An extension to the embargo period will be granted on an annual basis, provided that it is requested before the termination date of the current embargo.
  
-==== Regular updates ====+=== Regular updates ===
  
 18. The Data Provider will notify the SAEON Open Data Platform Gatekeeper if they have any updates to add to a particular dataset archived in the SAEON Data Portal. Such updates include changes of contact details; changes in or additions to metadata information; changes in or additions to the dataset. 18. The Data Provider will notify the SAEON Open Data Platform Gatekeeper if they have any updates to add to a particular dataset archived in the SAEON Data Portal. Such updates include changes of contact details; changes in or additions to metadata information; changes in or additions to the dataset.
  
-===== C. Responsibilities of the SAEON ODP Gatekeeper =====+==== C. Responsibilities of the SAEON ODP Gatekeeper ====
  
 19. SAEON will comply with the Protection of Personal Information (POPI) Act with regards to the personal information provided by Data Providers when registering on SAEON’s online platforms. Personal information included in metadata records intended for publication is not subject to the POPI Act and once published is not solely under the control of SAEON. See Annexure I for details. 19. SAEON will comply with the Protection of Personal Information (POPI) Act with regards to the personal information provided by Data Providers when registering on SAEON’s online platforms. Personal information included in metadata records intended for publication is not subject to the POPI Act and once published is not solely under the control of SAEON. See Annexure I for details.
Line 125: Line 126:
 22. SAEON will endeavour to provide high availability for its servers and services associated with metadata and data deposit, but does not make any express warranty in respect of this. 22. SAEON will endeavour to provide high availability for its servers and services associated with metadata and data deposit, but does not make any express warranty in respect of this.
  
-==== Basic services ====+=== Basic services ===
  
 23. The SAEON Data Policy makes provision for the following specific services: 23. The SAEON Data Policy makes provision for the following specific services:
Line 131: Line 132:
   * SAEON will create a custodian area for the Data Provider, for the purpose of management and harvesting of metadata.   * SAEON will create a custodian area for the Data Provider, for the purpose of management and harvesting of metadata.
  
-==== Paid services ====+=== Paid services ===
  
 24. A paid service portfolio can stipulate any or all of the following requirements, in addition to the above, as appended to the service level agreement: 24. A paid service portfolio can stipulate any or all of the following requirements, in addition to the above, as appended to the service level agreement:
Line 139: Line 140:
   * SAEON will define specific development tasks based on user requirements in respect of gateway and portal functionality.   * SAEON will define specific development tasks based on user requirements in respect of gateway and portal functionality.
  
-===== D. SAEON Data User Requirements =====+==== D. SAEON Data User Requirements ====
  
 25. In order to download SAEON data, Data Users must accept an agreement to properly cite those data (e.g., text will be presented which must be accepted before the download initiates). In addition, the acceptance of the following Acknowledgment statement will be required: 25. In order to download SAEON data, Data Users must accept an agreement to properly cite those data (e.g., text will be presented which must be accepted before the download initiates). In addition, the acceptance of the following Acknowledgment statement will be required:
Line 145: Line 146:
 //These data are made available with the express understanding that any such use will properly acknowledge the originator(s) and publisher and cite the associated Digital Object Identifiers (DOIs). Anyone wishing to use these data should properly cite and attribute the data providers listed as authors in the metadata provided with each dataset. It is expected that all the conditions of the data license will be strictly honoured. Use of any material herein should be properly cited using the dataset's DOIs. SAEON cannot be held responsible for the quality of data provided by third parties, and while we take reasonable care in referencing these datasets, the content of both metadata and data is under the control of the third-party provider.// //These data are made available with the express understanding that any such use will properly acknowledge the originator(s) and publisher and cite the associated Digital Object Identifiers (DOIs). Anyone wishing to use these data should properly cite and attribute the data providers listed as authors in the metadata provided with each dataset. It is expected that all the conditions of the data license will be strictly honoured. Use of any material herein should be properly cited using the dataset's DOIs. SAEON cannot be held responsible for the quality of data provided by third parties, and while we take reasonable care in referencing these datasets, the content of both metadata and data is under the control of the third-party provider.//
  
-===== Annexures =====+==== Annexures ====
  
-==== Annexure I: Protection of Personal Information Act Procedures ====+=== Annexure I: Protection of Personal Information Act Procedures ===
  
 | **#** | **Aspect** | **Description and Procedure** | **Reference** | | **#** | **Aspect** | **Description and Procedure** | **Reference** |
Line 155: Line 156:
 | %%EAP-01-01-03%% | Obtain Directly | Obtain directly from the subject, as attested by email validation. //The Information Officer will obtain direct consent from Data Providers to collect or use their personal information in any way that falls outside of the uses related to the online platform registration.// | [[https://inforegulator.org.za/wp-content/uploads/2020/07/InfoRegSA-act-2013-004.pdf|POPI]] | | %%EAP-01-01-03%% | Obtain Directly | Obtain directly from the subject, as attested by email validation. //The Information Officer will obtain direct consent from Data Providers to collect or use their personal information in any way that falls outside of the uses related to the online platform registration.// | [[https://inforegulator.org.za/wp-content/uploads/2020/07/InfoRegSA-act-2013-004.pdf|POPI]] |
 | EAP-01-01-04 | Defined Purpose | Purpose of data collection must be defined explicitly and the provider must be aware of this. //The purpose of the data collection, i.e. for registration on the online platforms, will be made explicit in the registration process.// | [[https://inforegulator.org.za/wp-content/uploads/2020/07/InfoRegSA-act-2013-004.pdf|POPI]] | | EAP-01-01-04 | Defined Purpose | Purpose of data collection must be defined explicitly and the provider must be aware of this. //The purpose of the data collection, i.e. for registration on the online platforms, will be made explicit in the registration process.// | [[https://inforegulator.org.za/wp-content/uploads/2020/07/InfoRegSA-act-2013-004.pdf|POPI]] |
 +| EAP-01-01-05 | Retention | Retention has to be qualified and the provider has to assent to use of inactive records for statistics and reporting. //Information will be kept in the databases related to those online platforms until the Data Provider deregisters from the platform.// | [[https://inforegulator.org.za/wp-content/uploads/2020/07/InfoRegSA-act-2013-004.pdf|POPI]] |
 +| EAP-01-01-06 | Proof of Removal | Proof has to be provided of removal of records for whatever reason – by request form data provider or through lapse of registration period. It must not be possible to reconstruct the record. //The Information Officer will send an email as proof of removal should Data Providers request that their information be removed from the database.// | [[https://inforegulator.org.za/wp-content/uploads/2020/07/InfoRegSA-act-2013-004.pdf|POPI]] |
 +| %%EAP-01-01-07%% | %%No other uses%% | Specific conditions need to be met for the use of the information in a different context. The registration information will be used solely to allow the Data Providers access to the platform and for any platform related communications. //Consent will be obtained by the Information Officer should any other uses of the information be required.// | [[https://inforegulator.org.za/wp-content/uploads/2020/07/InfoRegSA-act-2013-004.pdf|POPI]] |
 +| EAP-01-01-08 | Quality | Reasonable care must be exercised to ensure that the data is complete and accurate. Data Providers are responsible for ensuring that their registration information is up to date. //The Information Officer will ensure that the Data Providers are able to easily update their information on the platforms.// | [[https://inforegulator.org.za/wp-content/uploads/2020/07/InfoRegSA-act-2013-004.pdf|POPI]] |
 +| EAP-01-01-09 | Documentation | Processing history and documentation must be maintained. //All email correspondence relating to the collection of personal information for the registration process will be kept by the Information Officer.// | [[https://inforegulator.org.za/wp-content/uploads/2020/07/InfoRegSA-act-2000-002.pdf|PAIA]] |
 +| EAP-01-01-10 | Notification | The data subject/ provider must be provided with information about the system/ responsible party. This should form part of the contracting between the parties. //The Information Officer will ensure that all necessary information is included on the online platforms.// | [[https://inforegulator.org.za/wp-content/uploads/2020/07/InfoRegSA-act-2013-004.pdf|POPI]] |
 +| EAP-01-01-11 | Security | Prevent loss of or damage to personal information, and prevent unlawful access to such information. //The Data Providers’ information collected for registration on the platforms will be stored in the SAEON uLwazi online databases.// | [[https://inforegulator.org.za/wp-content/uploads/2020/07/InfoRegSA-act-2013-004.pdf|POPI]] |
 +| EAP-01-01-12 | %%Delegation%% | Subcontractors, employees, and operators with access to the data are bound by the same provisions. //Employees with access to the data will be made aware of the provisions surrounding it by the Information Officer.// | [[https://inforegulator.org.za/wp-content/uploads/2020/07/InfoRegSA-act-2013-004.pdf|POPI]] |
 +| EAP-01-01-13 | Notification of Breach | Where there are reasonable grounds to believe that personal information has been compromised, the responsible party must communicate this to the Regulator and the data subject in the prescribed way and within the prescribed time period. //The Information Manager will contact the Regulator and Data Provider should the data be compromised.// | [[https://inforegulator.org.za/wp-content/uploads/2020/07/InfoRegSA-act-2013-004.pdf|POPI]] |
 +| EAP-01-01-14 | Notification Content | The content must enable the data subject to understand the consequences and take action to take protective measures and describe corrective steps taken by the responsible party. //This will be taken into account by the Information Officer when writing the notification.// | [[https://inforegulator.org.za/wp-content/uploads/2020/07/InfoRegSA-act-2013-004.pdf|POPI]] |
  
  
  • saeon_data_policy.1656058439.txt.gz
  • Last modified: 2022/06/24 08:13
  • by lindsay