NBDC Data Sharing Policy (JGAP000001)

NBDC Guidelines for Human Data Sharing

5.1 Eligibility for Data Use

5.1.1 Unrestricted-access data

Anyone can use unrestricted-access data.

5.1.2 Registered-access data

Data are available to investigators during the data usage period who have been approved by the NBDC Human Data Review Board for the usage of controlled-access data. At the time of registration, the investigator needs to present an e-mail address issued by the organization to which he/she belongs.

5.1.3 Controlled-access Data

An investigator can apply for data use as the PI if he/she satisfies the data user requirements indicated in the limitation added for each data set. When applying for data use, the investigator must present the mail address issued by his/her affiliated organization.

1. An investigator who has research experience in relevant studies (one who belongs to a university, public research institute, private-sector company, or the like and who has research experience in conducting relevant studies). The use is limited to academic research or research that contributes to the improvement of public health. At the time of application, publications related to the data that the investigator plans to use must be presented.

5.2 Rights of Data Users

5.2.1 Unrestricted-access data

1. Data users can freely make the result of the study for which data from the NBDC Human Database are used public, as long as the responsibilities of data users and the limitation added for each data set are fulfilled.
2. Data users can freely acquire intellectual property rights based on the result of the study for which data from the NBDC Human Database are used, as long as the responsibilities of data users and the limitation added for each data set are fulfilled.

5.2.2 Registered-access Data

1. Data users who have completed the registration for registered-access data use can view the data.

5.2.3 Controlled-access Data

1. Data users can freely make the result of the study for which data from the NBDC Human Database are used public, as long as the responsibilities of data users and the limitation added for each data set are fulfilled.
2. Data users can freely acquire intellectual property rights based on the result of the study for which data from the NBDC Human Database are used, as long as the responsibilities of data users and the limitation added for each data set are fulfilled.
3. Data users can download, store, and use the data from the database center in the designated area of an “off-premise-server,” in addition to the data server connected to the affiliated organization LAN.
4. Data users can use the data processed by the NBDC and the DDBJ Center (data such as alignment data, variant call data, and statistical data, processed by a specific analysis pipeline).

5.3 Responsibilities of Data Users

5.3.1 Unrestricted-access data

1. In using data, the data user must utilize the data with his/her own responsibility and evaluation of the quality, content, and scientific validity of the data.
2. The data user must comply with the following rules for the data obtained from the NBDC Human Database as well as any data derived therefrom.

   Basic rules to be complied with in using data

   • The use of data is limited for research and/or development purposes only.
   • The use of data for weapons development or military applications is prohibited.
   • Identification of individuals is prohibited.
   • The latest data should be downloaded and used.
3. When the research results including data downloaded from the NBDC Human Databases (the DDBJ Sequence Read Archive, the NBDC Human data Archive, the Genomic Expression Archive, and so on) are made public in a publication or a presentation, the data user must state the accession number of the data set used. In addition, a statement such as the following** must be included as references to the paper in which the data set was originally reported, or as acknowledgments.

   ** Example of acknowledgement

   (A part of) The data used for this research was originally obtained by AAAA research project/group led by Prof. /Dr. BBBB and available at the website of the NBDC Human Database (http://humandbs.biosciencedbc.jp/en/) of the Japan Science and Technology Agency (JST).

5.3.2 Registered-access Data

1. In using data, the data user must utilize the data with his/her own responsibility and evaluation of the quality, content, and scientific validity of the data.
2. When conducting research that uses registered-access data, it is necessary to apply for the use of the original data and receive approval from the NBDC Human Data Review Board.
3. The data user must ensure that no one other than the person who has completed the registration to use the registered-access data may view the registered-access data.
4. When citing registered-access data in a publication or the like, the data user must state the accession number of the data set being cited.

5.3.3 Controlled-access Data

1. In using data, the data user must utilize the data with his/her own responsibility and evaluation of the quality, content, and scientific validity of the data.
2. The data user must take full responsibility (including responsibilities to third parties) for using data. The data user should understand that his/her responsibility will be extended to the head of his/her affiliated organization in case any problem occurs in data management and handling.
3. When using controlled-access data contained in the NBDC Human Database, the data user must comply with the “Ethical Guidelines for Medical and Biological Research Involving Human Subjects” in Japan. That is, among others, before carrying out any medical or biological research involving human subjects using data obtained from the NBDC Human Database, the data user must prepare the research protocol, go through a review by an Ethical Review Committee of his/her affiliated or an equivalent organization, and obtain approval therefrom and authorization from the head of his/her affiliated organization.
4. The data user must comply with the following rules for the data obtained from the NBDC Human Database as well as any data derived therefrom.

   Basic rules to be complied with in using data

   • The data users must be limited. (Access is granted only to the PI and his/her research collaborators who belong to the same organization as the PI.)
   • The purpose of data use must be explicitly stated.
   • The use of data for purposes other than those stated in the application is prohibited.
   • The use of data is limited to research and/or development purposes only.
   • The use of data for weapons development or military applications is prohibited.
   • Identification of individuals is prohibited.
   • Redistribution of data is prohibited. (Distribution of processed data with no or very low personal identifiability or primary data recoverability does not constitute redistribution subject to prohibition. However, in principle, an application for retention of secondary data or distribution of processed data is required.)
5. The data user must securely handle data, complying with the NBDC Security Guidelines for Human Data (for Data Users). Attention should be paid to the fact that the security level to be maintained varies for different data.* The data user must accept an audit conducted by the NBDC Human Data Review Board or a third party commissioned by the NBDC with regard to the state of implementation of security measures.

   * Security levels:

   Standard-level (Type I) security is required in principle, but high-level (Type II) security may be required based on consultation between the data submitter and the NBDC Human Data Review Board. For details on Type I and Type II security, see the NBDC Security Guidelines for Human Data (for Data Users).

6. The data user must establish a security control system depending on the security level (Type I, Type II) and submit "Checklist for the NBDC Security Guidelines for Human Data" to the NBDC Human Data Review Board Office in order to demonstrate that the system conforms to the standards set forth by the NBDC.
7. The data user must follow the terms of each ”off-premise-server” use in addition to the NBDC Human Data Sharing Guidelines and the NBDC Human Data Security Guidelines when using the ”off-premise-server” for his/her data use.
8. Should a security incident such as data breach occur, the data user must immediately disconnect relevant devices from the network and report the incident to the NBDC. The data user must promptly implement post-incident measures, following instructions from the NBDC. When the “off-premise-server” is used, the data user must immediately take measures according to the terms of use etc.
9. When the data user is informed of withdrawal of consent, rejection by opt-out in relation to the data that he/she downloaded from the NBDC Human Database and is using, the data user must not use the relevant data thereafter.
10. When finished with using data, the data user must delete all data obtained from the NBDC Human Database (whole data, or any part of the data stored. When the off-premise-server is used, all the data stored on the off-premise-server, including backup data on the off-premise-server.) and all the data that can restore the data in accordance with the NBDC Security Guidelines for Human Data (for backup data on the off-premise-server, confirm when the data will be deleted), and report on the use (and deletion) of the data, using "Report on the Use (and Deletion) of Controlled-access data". With regard to keeping secondary data (e.g., results of calculations or statistical analyses based on controlled-access data) or distribution of processed data with no or very low personal identifiability or primary data recoverability, see the section on the procedure for using controlled-access data (“5.4 Procedure for Data Use”; Subsection “5.4.3 Controlled-access Data”). When the secondary data contains genetic data, the data must be properly managed as personal information and redistribution of the secondary data is prohibited.
11. When the research results including data downloaded from the NBDC Human Databases (the Japanese Genotype-phenotype Archive, the NBDC Human data Archive, and so on) are made public in a publication or a presentation, the data user must state the accession number of the data set used. In addition, a statement such as the following** must be included as a reference to the paper in which the data set was originally reported, or as acknowledgment.

    ** Example of acknowledgement

    (A part of) The data used for this research was originally obtained by AAAA research project/group led by Prof. /Dr. BBBB and available at the website of the NBDC Human Database (http://humandbs.biosciencedbc.jp/en/) of the Japan Science and Technology Agency (JST).

    When the service of JGA was used, it is desirable to refer to the following paper: Nucleic Acids Res. 2015, 43 Database issue: D18-22.

12. The data user agrees that the NBDC may make certain statistical information or information about data user public upon release of the utilization conditions of the NBDC Human Database. Such information on data user that may be laid open includes the Dataset ID of the data used, the data user’s name, the data user's affiliated organization, country and state, the period of the data use, and the research title.
13. The data user agrees that, for the purpose of release of the utilization conditions of the NBDC Human Database, the NBDC holds information on data usage, including information on the data users that is obtained from the time of application to the time of reporting the end of data use and information gathered at the time of incidents.

In case the data user used human data in violation of the NBDC Human Data Sharing Guidelines etc., or caused information leakage etc. in using data intentionally or with negligence, the NBDC may take one or more further actions such as rescinding of permission for data use, reporting of the fact to the head of the organization to which the data user belongs, announcing of the fact on the website etc., and so on. Besides, the NBDC may seek compensation from the data user, if the NBDC determines that due to these reasons it has suffered damages such as inability of operation of “the NBDC Human Database” as stated in the section “1. Principles.” The above conditions are applied to not only the PI but also his/her research collaborators. The PI is responsible for his/her research collaborators' compliance with the Guidelines (this document) and the NBDC Security Guidelines for Human Data (for Data Users).

5.4 Procedure for Data Use

5.4.1 Unrestricted-access data

The data user can freely use unrestricted-access data available from the website for the NBDC Human Database (https://humandbs.biosciencedbc.jp/en/), as permitted under laws and regulations.

5.4.2 Registered-access Data

1. Among investigators who have been approved by the NBDC Human Data Review Board and are during the data use period, those who wish to use the registered-access data register their investigator information as designated by the NBDC.
2. The information necessary to access the data is provided, and the data user can access the data.

5.4.3 Controlled-access Data

1. The data user applies for data use in accordance with the procedure of application for data use. If multiple investigators from different organizations conduct a collaborative study, an application for data use must be submitted for each organization.
2. After going through a review by the Ethical Review Committee of his/her affiliated or an equivalent organization with regard to the use of the NBDC Human Database and obtaining approval from the Ethical Review Committee, the data user submits, at the time of application for data use, a copy of a notification of permission obtained from the head of his/her affiliated organization. However, if the Ethical Review Committee decided to waive the review, the data user submits a document such as a notification of the fact.
3. At the time of application for data use, the data user submits "Checklist for the NBDC Security Guidelines for Human Data" as well as other information and documents required by the NBDC Human Data Review Board.
4. The NBDC Human Data Review Board decides whether access to the controlled-access data may be granted.
5. After the NBDC Human Data Review Board approves the application for data use, the data user is granted access to the data and can access the data.
6. In principle, the data user reports on data use status every year, using "Report on the Use of Controlled-access Data". In addition, at the time of reporting, the data user resubmits "Checklist for the NBDC Security Guidelines for Human Data".
7. When the data user plans to distribute processed data with no or very low personal identifiability or primary data recoverability, the data user must apply to the NBDC Human Data Review Board Office using the "application for reporting on the completion of data use".
8. When the data user needs to use the data set beyond the term originally stated in the application for data use, the data user may file an application with the NBDC Human Data Review Board Office, at least a month before the original expiration date, with a document such as the approval notification by the Ethical Review Committee of the affiliated organization or an equivalent organization (by which document the term approved can be confirmed) and a statement of desired term to be extended.
9. When the data use is finished, the data user must promptly delete all data (whole data, or any part of the data stored. When the off-premise-server is used, all the data stored on the off-premise-server, including backup data on the off-premise-server.) and all data that can restore the data according to the NBDC Human Data Security Guidelines (for backup data on the off-premise-server, confirm when the data will be deleted) and report his/her data use (and deletion) to the NBDC Human Data Review Board Office, using the "application for reporting on the completion of data use". At the same time, the data user may apply for retention of secondary data (e.g., results of calculations based on controlled-access data) or distribution of processed data with no or very low personal identifiability or primary data recoverability by submitting "keep secondary data derived from controlled access data" or "distributing processed data" in the "application for reporting on the completion of data use" to the NBDC Human Data Review Board Office, and may retain the secondary data. Depending on the degree of data processing and the storage period, however, the application may be rejected.

5.5 Cost of Data Use

The data user bears costs incurred in connection with data use, if any (e.g., in cases where data media are needed for sending data or where an ”off-premise-server” is used).

5.6 Termination of Data Use

1. If the data user is suspected of a breach of any of responsibilities listed in the section “5.3 Responsibilities of Data Users” or the NBDC Security Guidelines for Human Data, the NBDC investigates the matter. The NBDC Human Data Review Board makes a judgement on whether there was any misconduct, based on the result of the investigation, and if it is determined that misconduct occurred, the JST/NBDC:
   • Orders the data user to stop using the data and revokes the permission to access the data set being used.
   • Do not accept, for a certain period, a new application for data use from the data user who committed the misconduct. This period is determined by the NBDC Human Data Review Board.
   • Report the misconduct to the head of the data user's affiliated organization, if necessary.
   Depending on the situation, termination of data use may be ordered at the stage when suspicion is raised. Upon receiving an order to terminate data use, the data user must immediately delete all data that have been obtained and all secondary data. In addition, the data user must promptly report the state of data deletion to the NBDC Human Data Review Board Office, using "Report on the Use (and Deletion) of Controlled-access Data".
2. In case the data in use are made unavailable due to a breach of the responsibilities of the data submitter, the data users may be requested to stop using the data. In that case, the data users are requested to follow the same procedure as those at the time of data use termination. Regardless of the reason, the NBDC shall not bear any responsibility for any damage or the like caused by the breach of responsibility of the data submitter.