Information Security

Using data responsibly

Genomics plc is committed to the responsible use of genetic, phenotypic and associated data in our work.

We are proud that our Information Security Management System – our data processing and analysis infrastructure – has been ISO 27001 certified by bsi. Maintaining this independent certification requires us to demonstrate that all our data handling practices are continually and systematically reviewed and improved. Our in house research and analysis activities have also been approved by independent Institutional Review Boards.

In addition to the independent oversight of our use of data, we have always had a collective ethos and commitment for responsible data use. Everyone working for Genomics plc must abide by our own ‘Data Standards’:  

Responsibility – We will use data responsibly and in accordance with all applicable laws.

Benefit We will use data to try and better understand human biology in ways that can help improve healthcare, including the development and use of therapeutics.

ContextWe will assume that the original providers of data are bound by: obligations of confidentiality and privacy towards research participants; the consent given by donors of biological samples that generated data; and conditions of approval by research ethics committees / institutional review boards for use and generation of data in research.  

Sensitivity We will acknowledge that the sensitivity of data depends on the nature of its use – ie. how data may relate to other information, people, decisions and actions – rather than how we or others may categorise data.

Purpose We will use data only for the purposes communicated to and permitted by the data provider.

Anonymity We will assume that certain data could, either alone or in combination with other data or associated information in our possession, identify a person. However, we will not use any data in order to identify any individuals.

Security We will store all data securely; grant access only to those who need to use for Genomics plc business; and always act in accordance with company policies relevant to data security.  

Acknowledgement We will acknowledge the sources of data appropriately, and will always include relevant details of data providers in any papers that we publish.

Accuracy We will take all reasonable steps to: keep data updated and accurate; and permanently delete and remove data from our systems if requested to do so by a data provider.