Data ownership and protecting data
Data in Life QI comes in three types and the ownership is dependent on type:
- Personal data - owned by the data subject (i.e. the user).
- Content data - owned by the originating party, in the case of Projects this is defined as the Lead Organisation.
- Meta data - owned by Life QI.
Users and organisations will not be able to publish, sell or distribute data that they do not own without the permission of the originating party. There may be instances where a licence holder (organisation) has permission to report on project data from the organisations which form part of its subscription.
For information on such instances please contact your licence holder or email Life QI on firstname.lastname@example.org.
Life QI will not publish, sell or distribute data that we do not own without the permission of the originating party.
Life QI is hosted on secure servers that comply with a range of information governance (IG) policies, standards and regulations. Amazon Web Services’ (AWS) physical protection against environmental risks has been validated by an independent auditor and has been certified as being in compliant with the ISO 27001 best practice standard for information security management.
Additionally, access to data is controlled by the Life QI platform itself:
- Login protected
- Password complexity enforcement (all passwords must be of a certain length and contain multiple character types)
- In project/document privileges - controlling access to project data is the responsibility of the project team members (as listed on the project).
Life QI is built to be a system that others can learn from, so by default we would not remove content data if an organisation ceases to use the system. This data will continue to benefit the QI community using Life QI so by default it remains on the system so others can learn from it. However, there is the facility to arrange for your content data to be removed from the system. Within 30 days of contract termination you may request removal of all content data (content data being defined as: data added to the system by users to populate a project, resource, or discussion thread, such as project titles, SPC chart data, and uploaded documents). This will be done within 90 days of the request being made in writing. After which point it will have been removed from the system and any backups.
Personal data will only be removed upon request from the data subject.
Meta data will be retained for as long as the system continues to be in use.