Dialog Box

E.8.3 Data Access Compliance Office Policies and Procedures

E.8.3 Data Access Compliance Office Policies and Procedures

Version 2.0 August 2021 

Download as pdf

1. Introduction

The purpose of the DACO is to manage access to ICGC’s controlled data through application requests (DACO Application for Access to the Controlled Data). Researchers submit their access requests directly to the DACO, who in turn reviews these access requests to ensure compliance with ICGC policies.  Compliance includes, but is not limited to, policies concerning the purpose and relevance of the research, the protection of donors, and the security of donors’ data. These practices facilitate responsible sharing of genomic and associated data and the development of harmonized standards for data access. Specifically:

  • ICGC ARGO observes purposeful, proportionate and responsible use and sharing of genomic and health-related data. 
  • A primary aspiration of DACO is the balance between ICGC policies and goals of data sharing. 
  • Wherever possible DACO adheres to global standards and guidelines for data access and responsible sharing, specifically the Global Alliance for Genomics and Health’s Framework for Responsible Sharing of Genomic and Health Related data (2014) and the GA4GH Data Access Committee Guiding Principles and Procedural Standards.
2. Background

While committed to open data sharing, the International Cancer Genome Consortium (ICGC) adopted a controlled access model for potentially re-identifiable and personal data as a response to privacy risk concerns for research participants. The Data Access Compliance Office (DACO) was created as an independent body to review access requests for ICGC’s controlled data.  Operational since July 2010, the DACO evaluates projects to ensure that they comply with the goals and policies of the ICGC.  Over 1500 new applications submitted by scientists from more than 37 countries have been reviewed by the DACO in the past 11 years. The office’s procedures, the application process and the online submission system have evolved over the years to adapt to the increasing number of applications.

3. Eligible Project Guidelines Summary

The DACO provides controlled access to public and private researchers (PIs) that apply for access and that access conditions are the same for both types of researchers.  The application must be completed and submitted through the online submission system: https://daco.icgc-argo.org. Generally, qualification requirements for applicants are:

  • Be an independent researcher affiliated with a legal entity (e.g. university professor, researcher in a private company, independent researchers able to apply for federal research grants, etc.)
  • Have an institutional representative at your institution
  • Have a scientific abstract outlining the desired use of the ICGC Controlled Data
  • Have at least 3 relevant publications of which you were an author/co-author

 A project and its authorized users are approved for access to the data for 2 years, or sooner upon completion of a final report if a study ceases. If a user wishes to extend the term of the agreement they may do so by submitting a Renewal Application.

  • Authorizations to access controlled data will be broad, so that authenticated users will get permission to obtain access to controlled data generated from all samples studied by any participating ICGC project. 
  • The application can be completed by the Principal Investigator of the project or someone from the research team who will be completing the application on behalf of the project's Principal Investigator.
Detailed instructions for application requirements and user instructions can be found on the ICGC ARGO Documentation Data Access Page
4. Data Access Review Committee Members

The Data Access Committee consists of three to six individuals, including the Data Access Officer and other assistants independent of the DACO. The Committee members include individuals with expertise in computational Biology, Law, IT Security and Machine Learning. Meetings are held weekly to a scheduled agenda.

5. Ethical Approval

ICGC ARGO bears no responsibility for ethical approval- maintaining appropriate ethical approval (if so required) is the responsibility of the PI. If Ethical approval is required in an applicant's jurisdiction, it must be current for the duration of the approved Data Access Period and adequately disclosed on the DACO application. Applicants should confirm requirements for ethical approval to use ICGC Controlled Data by contacting the relevant local institutional review board / research ethics committee (IRB/REC) to clarify the matter.

6. DACO Review Process
Detailed application review procedures and instructions can be found on the ICGC ARGO Documentation Data Access Page

All decisions, except for approval, will be accompanied with a detailed justification. The objective is to standardize the review of submitted applications. Generally, DACO assesses applications across 3 Core components of the application, which consist of: 

  1. Qualification of users:  Confirming bonafide researchers with real and current affiliations, credible institutions and track records. 
  2. Feasibility and scientific merit: clear descriptions of objectives, scientific rationale, planned outputs and how ICGC Controlled data will be used. 
  3. Ethical considerations: Potential ethical issues and adherence to ICGC policies, including confirming the project poses minimal risk of re-identifying participants. 
7. Data Access Approval Period

The DACO approval expires after 2 years of access. A notification will be sent to the user 45 days before the application expires. If the project remains active, the user may wish to renew beyond the 2 years. The option to renew the application will be available 45 days before the application expires (and 90 days after it expires). The user may reopen the application,  make any changes (if necessary) to their currently approved application before re-submitting it for renewal. A signed copy of the application must be sent to the DACO via the online application system.   If a renewal is not received within 90 days of the application's expiry, it will be considered closed and access will be revoked.   If there are no issues and/or the application remains the same as last year, the application should be approved for an additional two years.

8. DACO Reporting Requirements and Transparency
  • The DACO office will report activities and metrics to the Management Committee on a monthly basis as per the DACO Monthly Report Template. 
  • Annually the office will report to the Executive Board upon instruction.
  • A copy of the Annual report will be published on the ICGC ARGO website for public viewing. 
  • Data users will be published on the ICGC ARGO public website monthly. 
9. Security Incidents and Data Breach

Management of data security is detailed in the ICGC Security Best Practices for Controlled-Access Data (link). In addition, all users of ICGC data must familiarise themselves with the ICGC ARGO Data Breach Policy. All security incidents (even those not resulting in a data breach) must be reported without delay, where the incident will be investigated and managed as per the policy.  

10. Administrative Access

Nominated individuals within the ICGC community require administrative access for purposes of auditing, monitoring, ensuring compliance and quality control of data. Administrative access will require completion of a standard application and be governed by the same terms and conditions outlined in the Data Access Agreement.

11. Appeals Process

All decisions (excluding approvals) are accompanied by detailed justification. Applicants may request a review of a rejection decision by emailing daco@icgc-argo.org, quoting their name and application number, and associated details around the request for review. DACO will review appeals requests and provide a written response within 30 days of receiving the request. If further review is required, DACO may consult the Management Committee for further advice.

12. Sanctions Policy

Failure to comply with terms and conditions of the Data Access Policies may result in access being removed or access terminated for any reason (including upon breach of the terms of the data access agreement). Failure to comply with these requirements may also carry financial or legal repercussions. Any misuse of controlled data is taken very seriously and other sanctions may apply including notification of organisations or other federal agencies.

13. Retention of Data

DACO and its affiliates will retain data related to DACO applications and processing for 10 years in line with the purposes for data processing. If you would like to inquire about data held about you please contact secretariat@icgc-argo.org.

14. Requirement of Lay Summaries

All applications to ICGC require an accompanying lay language summary of their research and proposed use of ICGC Controlled data.  A lay Summary is simply the ability to convey the details and significance of research to non-experts. In the context of ICGC ARGO, a lay summary is an overview of a research project described in a way that can be easily understood by those without prior experience of the project or broader subject of cancer genomics. It is not a slight modification of the abstract or a simplification of the research; a well-written lay summary allows the public and broader scientific and clinical communities to understand the research and its goals, impact and applications. Lay summaries as one avenue to communicate with the broader community forms part of the fundamental principles of ICGC ARGO. We have a strategic commitment to public engagement and making data widely available beyond scientific publications and into the patient and public communities. 

Lay summaries are used within ICGC ARGO to: 

  1. Support wider public engagement with ICGC ARGO research  by increasing the visibility of ICGC related research
  2. Uphold core principles of responsibility and commitment; ensuring the benefits of ICGC ARGO research are tangible, recognized and valued by the communities we aim to benefit 
  3. Encourage multidisciplinary work by helping other disciplines understand each other's research and work together
  4. Promote trust and transparency in the research process by robust governance processes communicating the use of ICGC ARGO data to the general public
  5. Foster a culture of data sharing and raise awareness of the duty to share data for societal benefit and value 
  6. Increase the relevance, visibility and impact of ICGC research
  7. Reporting to the ICGC ARGO Executive Board and funding agencies 
  8. Develop communication tools and assist in media relations. 

Conveying the significance of research to those outside their field is a challenge for many researchers. Therefore we have developed guidelines for researchers: How to Write a Lay Summary, which you can access here.