NBDC_policy - NBDC Human Database

NBDC Data Sharing Policy (JGAP000001)

NBDC Guidelines for Human Data Sharing

5.3 Responsibilities of Data Users

5.3.1 Unrestricted-access data

In using data, the data user must utilize the data with his/her own responsibility and evaluation of the quality, content, and scientific validity of the data.
The data user must comply with the following rules.
Basic rules to be complied with in using data
- The use of data is limited for research purposes only.
- Identification of individuals is prohibited.
- The latest data should be downloaded and used.
When the research results including data downloaded from the NBDC Human Databases (the DDBJ Sequence Read Archive, the NBDC Human data Archive, the Genomic Expression Archive, and so on) are made public in a publication or a presentation, the data user must state the accession number of the data set used. In addition, a statement such as the following** must be included as reference to the paper in which the data set was originally reported, or as acknowledgment.

** Example of acknowledgement

(A part of) The data used for this research was originally obtained by AAAA research project/group led by Prof. /Dr. BBBB and available at the website of the National Bioscience Database Center (NBDC; http://biosciencedbc.jp/) of the Japan Science and Technology Agency (JST).

5.3.2 Controlled-Access Data

In using data, the data user must utilize the data with his/her own responsibility and evaluation of the quality, content, and scientific validity of the data.
The data user must take data with full responsibility (including responsibilities to third parties) for using data. The data user should understand that his/her responsibility will be extended to the head of his/her affiliated organization in case any problem occurs in data management and handling.
When using controlled-access data contained in the NBDC Human Database, the data user must comply with the “Ethical Guidelines for Human Genome/Gene Analysis Research” in Japan.^*[2] That is, the data user must go through a review by the Ethical Review Committee of his/her affiliated or an equivalent organization, with regard to the use of the NBDC Human Database, and obtain approval from the Ethical Review Committee. The application form for ethical review (the research protocol) must contain statements that are equivalent to the following.
Examples of Content of Application Form for Ethical Review (research protocol)

Descriptions included in the application form for ethical review

Required description
- Data contained in the NBDC Human Database (e.g. JGAS***********/hum******) are used for analysis in this research.
- *[2]: “Ethical Guidelines for Human Genome/Gene Analysis Research” in Japan
  - Section 5: Handling of Specimens/Information
  - 15. Use of Existing Specimens/Information from External Institutions
  - (1) In cases where research is to be conducted using an existing specimen/information received from an external institution (excluding where the specimen/information is collected and distributed), the principal investigator shall include in the research protocol details of the existing specimen/information being donated and the need for receiving the donation, and shall obtain authorization of the ethical review committee and approval of the director of the research institution.
The data user must comply with the following rules.
Basic rules to be complied with in using data
- The data users must be limited. (Access is granted only to the PI and his/her research collaborators who belong to the same organization as the PI.)
- The purpose of data use must be explicitly stated.
- The use of data for purposes other than those stated in the application is prohibited.
- The use of data is limited for research purposes only.
- Identification of individuals is prohibited.
- Redistribution of data is prohibited.
The data user must securely handle data, complying with the NBDC Security Guidelines for Human Data (for Data Users). Attention should be paid to the fact that the security level to be maintained varies for different data.* The data user must accept an audit conducted by the NBDC Human Data Review Board or a third party commissioned by the NBDC with regard to the state of implementation of security measures.

* Security levels:

Standard-level (Type I) security is required in principle, but high-level (Type II) security may be required based on consultation between the data submitter and the NBDC Human Data Review Board.For details on Type I and Type II security, see the NBDC Security Guidelines for Human Data (for Data Users).
The data user must establish a security control system depending on the security level (Type I, Type II) and submit Form 5 (Checklist for the NBDC Security Guidelines for Human Data) to the NBDC Human Data Review Board Office in order to demonstrate that the system conforms to the standards set forth by the NBDC.
The data user must follow the terms of each ”off-premise-server” use in addition to the NBDC Human Data Sharing Guidelines and the NBDC Human Data Security Guidelines when using the ”off-premise-server” for his/her data use.
Should a security incident such as data breach occur, the data user must immediately disconnect relevant devices from the network and report the incident to the NBDC. The data user must promptly implements post-incident measures, following instructions from the NBDC. When the “off-premise-server” is used, the data user must immediately take measures according to the terms of use etc.
When the data user is informed of withdrawal of consent, rejection by opt-out in relation to the data that he/she downloaded from the NBDC Human Database and is using, the data user must not use the relevant data thereafter.
When finished with using data, the data user must delete all data obtained from the NBDC Human Database (whole data, or any part of the data stored) and all the data that can restore the data in accordance with the NBDC Security Guidelines for Human Data, and report on the use (and deletion) of the data, using Form 3 (Report on the Use (and Deletion) of Controlled-Access Data). With regard to keeping secondary data (e.g., results of calculations or statistical analyses based on controlled-access data), see the section on the procedure for using controlled-access data (“5.4 Procedure for Data Use”; Subsection “5.4.2 Controlled-Access Data”). When the secondary data contains genetic data, the data must be properly managed as personal information and redistribution of the secondary data is prohibited.
When the research results including data downloaded from the NBDC Human Databases (the Japanese Genotype-phenotype Archive, the NBDC Human data Archive, and so on) are made public in a publication or a presentation, the data user must state the accession number of the data set used. In addition, a statement such as the following** must be included as reference to the paper in which the data set was originally reported, or as acknowledgment.

** Example of acknowledgement

(A part of) The data used for this research was originally obtained by AAAA research project/group led by Prof. /Dr. BBBB and available at the website of the National Bioscience Database Center (NBDC; http://biosciencedbc.jp/en/) of the Japan Science and Technology Agency (JST).

When the service of JGA was used, it is desirable to refer to the following paper: Nucleic Acids Res. 2015, 43 Database issue: D18-22.
The data user agrees that the NBDC may make certain statistical information or information about data user public upon release of the utilization conditions of the NBDC Human Database. Such information on data user that may be laid open includes the Dataset ID of the data used, the data user’s name, the data user's affiliated organization, the period of the data use, and the research title.
The data user agrees that, for the purpose of release of the utilization conditions of the NBDC Human Database, the NBDC holds information on data usage, including information on the data users that is obtained from the time of application to the time of reporting the end of data use and information gathered at the time of incidents.

In case the data user used human data in violation of the NBDC Human Data Sharing Guidelines etc., or caused information leakage etc. in using data intentionally or with negligence, the NBDC may take one or more further actions such as rescinding of permission for data use, reporting of the fact to the head of the organization to which the data user belongs, announcing of the fact on the website etc., and so on. Besides, the NBDC may seek compensation from the data user, if the NBDC determines that due to these reasons it has suffered damages such as inability of operation of “the NBDC Human Database” as stated in the section “1. Principles.” The above conditions are applied to not only the PI but also his/her research collaborators. The PI is responsible for his/her research collaborators' compliance with the Guidelines (this document) and the NBDC Security Guidelines for Human Data (for Data Users).

5.3 Responsibilities of Data Users

5.3.1 Unrestricted-access data

5.3.2 Controlled-Access Data

Examples of Content of Application Form for Ethical Review (research protocol)

Descriptions included in the application form for ethical review