ICMP Policy on Personal Data Processing and Protection
ICMP.POL.DG.04.13.W.docDEFINITIONS
BIOLOGICAL SAMPLE refers to any sample of biological material (for example blood and bone cells) in which nucleic acids are present and which contains the characteristic genetic make-up of a data subject.
COLLECTING DATA refers to asking a data subject to provide personal data and recording such data.
CONSENT refers to the informed and free affirmation of the wish of a data subject to allow his or her personal data to be used for the specific purpose for which data is intended according to information provided at the time the personal data is given.
DATA PROCESSING refers to any operation or set of operations to which personal data is subjected, including data collection or receiving data, registration, recording, storing, arrangement, transformation, utilization, transfer, transmission and dissemination, “freezing” or deletion.
DATA PROCESSING SYSTEM refers to a structured body of personal data records and data management tools that permit data processing, including storage, access and analysis of the data records.
DATA RECIPIENT refers to a natural or a legal person to whom personal data is disclosed or provided.
DATA SUBJECT refers to a natural person who may be directly or indirectly identified by personal data.
PERSONAL DATA refers to any information relating to a natural person.
RECORD refers to any document, correspondence, original paper, map, drawing, chart, index, plan, memoranda, sound recordings, microfilm, motion-picture or other photographic records or materials in the possession or under the control of ICMP including electronic or computer generated records, databases and data processing systems for defining, creating, manipulating, controlling, managing, and using databases and the system that controls the creation, organization, and modification of a database and access to the data stored within it.
SENSITIVE PERSONAL DATA refers to personal data that indicate race, ethnic origin, religious, philosophical or political convictions of a data subject, or the health or sexual life of a data subject, as well as data on the characteristic genetic make-up of a data subject, or data relating to criminal prosecution and convictions.
STAFF MEMBER refers to anyone who holds a full or part-time office for wages, salary, or other remuneration with ICMP, as well as interns.
THIRD PARTY refers to anyone, including legal persons, other than data subjects and ICMP.
APPLICABILITY
This Policy applies to members of ICMP staff and others specifically referred to hereunder.
Biological samples and data derived from such samples shall be regarded as sensitive personal data.
POLICY
- It is ICMP policy to protect personal data from unauthorized processing.
-
Personal data, other than sensitive personal data, may be processed, provided such processing is
mandated by ICMP’s purposes and functions, there are no contrary stipulations under
agreements or other binding commitments that ICMP has undertaken in the exercise of its
purposes and functions, and at least one of the following conditions is met:
- a) The data subject concerned has given his or her express or implied consent;
- b) The data processing conforms to a substantial public interest, is not excessive in relation to the purpose for which it is performed and respects the rights of data subjects concerned;
- c) The data processing is necessary for the needs of scientific or statistical research and respects the rights of data subjects concerned, including the right to privacy;
- d) The data is in the public domain.
-
Processing sensitive personal data is permitted under the conditions set forth in paragraph 2 of
this section, if at least one of the following conditions is met:
- a) The data subject has provided his or her informed, free and express consent for the processing of his or her sensitive personal data. In lieu of expressing consent in writing, a data subject may provide a fingerprint to a Missing Persons Form (ICMP.DSDC.121.doc, Form A – Reference Donor Statement) and Information Sheet on Personal Data Processing and Protection (ICMP.DG.1356.doc) read to the data subject and signed by a witness;
- b) The processing is necessary to protect the vital interests of the data subject or another person, and the data subject is unable to express consent or seek other remedies;
- c) The processing is necessary as part of scientific or statistical research performed by ICMP, or the validation of such research or its outcomes, provided the processing dissociates (i.e. anonymizes) the sensitive personal data from other personal data that would permit identifying the data subject concerned;
- d) The processing is applied to sensitive personal data, which at the time of processing is not associated to, and cannot be associated with, other personal data identifying the data subject concerned, directly or indirectly;
- e) Where consent may be replaced by legal proceedings under law, such as by order of a Court of Law, ICMP may accept such proceedings in lieu of consent by the data subject concerned, provided ICMP can reliably ascertain that such proceedings conform to a substantial public interest, that the processing of data is not excessive in relation to the purpose for which it is to be performed, and that such legal proceedings and the processing of data are commensurate with the rights of data subjects.
- When receiving data from a data subject, the data subject shall be provided with the address and other coordinates of the recipients, as well as information on the purpose for the data processing. The data subject shall also be given information on his or her right to gain access to, to amend and to withdraw personal data.
- Data shall be processed in a manner that ensures that personal data is accurate, updated, rectified or erased in a timely manner. Data processing shall be performed solely on a need-to- know basis and provide for commensurate confidentiality levels.
-
Personal data, including sensitive personal data, provided to ICMP not by data subjects
concerned by such data, but by a third party may be accepted and processed by ICMP, provided
the following conditions are met:
- a) The third party is mandated under public law, whether domestic or international, to process the personal data concerned;
- b) The third party and ICMP have concluded an instrument constituting an agreement between them providing for appropriate measures to ensure the effective application of the provisions of this policy;
- c) In the event that the third party is, or considers itself, legally precluded from implementing the provisions of this policy, the third party shall undertake measures as necessary to assign the implementation of the provisions concerned to ICMP or another entity that is prepared to implement these provisions.
- Any transfer of records by ICMP containing personal data shall be conducted in a manner protecting the integrity of the data. In particular, electronic transfer of personal data shall employ adequate protective encryption or similar measures and shall respect the provisions of this policy, in particular paragraph 5 above.
- Personal data, including sensitive personal data, shall at all times be treated as confidential and shall be processed in accordance with the ICMP Policy on Confidentiality (ICMP.POL.DG.05.doc).
- Personal data, including sensitive personal data, shall be securely retained in line with the Policy on the Retention of Data, Records and Physical Evidence (ICMP.POL.DG.06.doc).
- The Information Sheet on Personal Data Processing and Protection (ICMP.DG.1356.doc) shall conform to this Policy at all times.
INFORMATION SHEET ON PROCESSING AND PROTECTING GENETIC AND OTHER PERSONAL DATA
ICMP.DG.1356.7.docWHAT IS PERSONAL DATA?
Personal data is any information relating to an individual human being. This may include a person’s name, date and country of birth, and gender. Sensitive personal data refers to personal data that indicates race, ethnic origin, religious, philosophical, or political association, or other potential grounds for discrimination. Genetic data, that is a person’s DNA, always constitutes sensitive personal data.
WHY DOES ICMP ASK FAMILY MEMBERS TO PROVIDE PERSONAL DATA?
ICMP asks family members of missing persons to provide personal data, including DNA, to assist government institutions and other authorities to account for missing persons. DNA may be necessary to identify mortal remains of missing persons. DNA can also be used to reunite children with their families if they have been separated, or to locate victims of trafficking.
WHAT DOES ICMP DO WITH PERSONAL DATA?
ICMP combines personal data about missing persons provided by relatives with data obtained from other sources. For instance, a photograph of a missing person provided to ICMP by a family member, combined with information from someone who has seen the person, can lead to locating the missing person. ICMP collects blood or saliva samples from family members and extracts DNA, which is then compared through a mass database with DNA extracted from unidentified human remains. When there is a DNA match, it is possible to make a conclusive identification.
Many sources may hold data relevant to locating missing persons. These sources may also hold data concerning family members themselves. ICMP does not search data sources for information on family members. Automated searches are automatically prevented from combining personal data from other sources with family members’ personal data in a manner that would identify the family member.
ICMP may use personal data to support other international organizations or government institutions in the exercise of their functions. ICMP will transmit personal data of family members to other organizations or institutions only with the free, informed and express consent of family members who are capable of expressing such consent.
ICMP may share personal data of missing persons that is not sensitive with other international organizations, government institutions and the public. ICMP will not process personal data provided by a family member in the event that the family member objects to sharing of the missing person’s non-sensitive personal data.
HOW DOES ICMP PROCESS PERSONAL DATA?
ICMP uses a dedicated data processing system to store and analyze data on missing persons and their family members, including their genetic data. The Integrated Data Management System (iDMS) is operated on ICMP’s own data servers at ICMP Headquarters in The Hague. ICMP also uses an online platform called the Online Inquiry Center (OIC). The OIC is an interactive reporting and search tool that allows family members and others to obtain and provide information on missing persons. Missing persons may have been seen alive. Families can publish a photograph of their missing persons on the OIC’s MyFace page. The photograph can be seen by anyone who accesses MyFace, and anyone who may have seen the missing person can provide information on the person’s whereabouts by clicking on the photograph. Such information will not be visible to the public.
WHAT PROTECTIONS DOES ICMP GIVE TO PERSONAL DATA?
Data protection is the systematic application of a set of institutional, technical and physical safeguards that preserve the right to privacy with respect to the collection, storage, use and disclosure of personal data. To guard against the various risks associated with personal data processing – such as accidental loss of data, theft, manipulation or other forms of unauthorized processing – ICMP has adopted data protection measures that enable family members to control their personal data.
Family members have the right to withdraw, amend or correct their personal data. In the event that genetic and other personal data form part of official conclusions, such as in a family reunification or the identification of the mortal remains of a missing person, such personal data can no longer be withdrawn by the family members concerned.
The iDMS and OIC in particular have been designed to ensure a high degree of control over access to sensitive personal data. Data administrators, including DNA analysts, have access to data only on a “need to see” basis. Sensitive personal data, in particular DNA samples and profiles, are processed in an anonymous, coded form. The iDMS operates automated controls to ensure that personal data is not retained beyond its useful life. For instance, once all persons reported missing by a family have been accounted for, personal data on ICMP servers will be deleted within a specified period of time. As a treaty-based intergovernmental organization, ICMP benefits from privileges and immunities that guarantee international legal protections of data, and the database and data processing systems.
FURTHER QUESTIONS
For further information about data processing and protection, please contact ICMP at [email protected] or visit the ICMP website at www.icmp.int.