key for linking subject to identification

[robertoostenveld]

TBD: This last paragraph [linking key to persoonsgegevens] is subject to change following discussions involving TG1 and the Security Officer.

[robertoostenveld]

The text now states: "The key that relates the participant identification code and the participant’s personal information (name, address, telephone number,…) may not be kept in the DAC. Instead, this key must be kept in a locked room on a medium that cannot be accessed via the intra- or the internet (e.g., on paper). The DI centers determine where and on which medium the key is kept."

This touches upon whether we want the protocol to ONLY describe how researchers should use the ICT system, or whether it should also describe how researchers should behave OUTSIDE the ICT infrastructure. I think we should only document procedures relating to the ICT system, which means that details of where the key is to be stored are not part of this text.

[robertoostenveld]

@EricMaris please consider my comment above

[hadrianswall]

I agree that the protocol must only deal with the ICT system, and the second sentence of your quote should go out. I will do so.

However, whether we may/must store a pseudonimization key will be discussed in the next TG1 meeting. The protocol may have to be updated after that meeting.