Triple-negative breast cancer sequencing data

Introduction and Scope This Data Access Committee (DAC) policy governs access to controlled human datasets deposited in the European Genome-Phenome Archive (EGA), including single-cell RNA sequencing (scRNA-seq), Visium HD spatial transcriptomics data, and associated H&E histology slide images. These datasets contain sensitive human-derived molecular and imaging data that require appropriate safeguards to protect participant privacy while enabling valuable research. Eligibility for Data Access Data access is restricted to qualified researchers who meet the following criteria: 1. The applicant must be affiliated with an academic institution, research institute, or non-profit research organization. 2. The research must be conducted for non-commercial purposes only. Use of the data for product development, patent applications, or commercial gain is strictly prohibited. 3. The proposed research must be consistent with the disease-specific consent (cancer) under which the data were collected. 4. The applicant must have appropriate ethical approval from their institutional review board (IRB) or equivalent ethics committee for the proposed research. Data Use Requirements and Restrictions Approved data users must adhere to the following conditions: 5. Disease-Specific Research: Data may only be used for research related to the specific disease(s) for which the data were collected (cancer). Use for unrelated research questions requires separate approval. 6. Non-Commercial Use: Data must be used exclusively for academic research purposes. Commercial use, including but not limited to drug development, diagnostic test development, or patent applications, is prohibited. 7. No Re-identification Attempts: Researchers must not attempt to identify individual participants through any means, including but not limited to linking data with other datasets, contacting participants, or using genomic data to infer identity. 8. No Transfer or Sharing: Data may not be shared with, transferred to, or accessed by any individual or institution not explicitly named in the approved data access application. All users must be listed in the application and approved by the DAC. 9. Institution-Specific Use: Data use is restricted to the approved institution only. Multi-institutional collaborations require all collaborating institutions and researchers to be named in the application and approved by the DAC. Data Security and Storage Requirements Data users must implement appropriate technical and organizational measures to protect data security: 10. Secure Computing Environment: Data must be stored and analyzed in a secure computing environment with appropriate access controls, encryption at rest and in transit, and regular security updates. 11. Restricted Access: Access to data files must be restricted exclusively to the named researchers listed in the approved application. Access controls must be implemented using password protection, two-factor authentication, or equivalent security measures. 12. Encryption: Data must be stored in encrypted format using industry-standard encryption protocols (e.g., AES-256 or equivalent). 13. Physical Security: Physical access to systems storing the data must be restricted to authorized personnel only. 14. Network Security: Data must not be stored on portable devices, personal computers, or cloud services that do not meet institutional security standards. Use of institutional high-performance computing resources or approved secure cloud platforms is required. 15. Audit Trail: Researchers should maintain logs of data access and use where feasible to support security audits. Data Retention and Deletion 16. Project Completion: Upon completion of the approved research project or expiration of the data access period (whichever comes first), all copies of the original data files must be securely deleted. 17. Deletion Confirmation: Researchers must confirm in writing to the DAC that all data have been deleted, including any copies, backups, or derivative files containing individual-level data. 18. Retention of Aggregate Results: Summary statistics, aggregate results, and published findings may be retained indefinitely, provided they do not contain individual-level data that could enable re-identification. 19. Secure Deletion Methods: Data deletion must be performed using secure methods that render data irrecoverable (e.g., cryptographic erasure, secure file deletion utilities, or physical destruction of storage media). Publication and Acknowledgment 20. Publication Rights: Researchers are encouraged to publish findings derived from the data in peer-reviewed scientific journals. 21. Acknowledgment: All publications, presentations, and other dissemination of research results must acknowledge the data source, cite the originating manuscript and the European Genome-Phenome Archive (EGA) with the appropriate dataset accession numbers. 22. Notification: Researchers should notify the DAC of publications resulting from use of the data by providing citations or preprints. 23. Data Deposition: Where feasible and consistent with consent, researchers are encouraged to deposit derived summary data, processed datasets, or novel findings back to public repositories to benefit the broader research community. Ethical and Legal Compliance 24. IRB/Ethics Approval: Researchers must obtain and maintain appropriate ethics approval for their research from their institutional review board or ethics committee. Proof of ethics approval must be provided with the data access application. 25. Regulatory Compliance: Researchers must comply with all applicable laws and regulations, including but not limited to data protection regulations (e.g., GDPR), human subjects research regulations, and institutional policies. 26. Consent Respect: Researchers must respect the scope of consent provided by study participants. Use of data beyond the scope of participant consent is prohibited. 27. Participant Privacy: Researchers must take all reasonable steps to protect participant privacy and confidentiality, including implementing additional safeguards beyond those specified in this policy where appropriate. Reporting Breaches and Policy Violations 28. Immediate Notification: Any breach of data security, unauthorized access, or suspected violation of this policy must be reported to the DAC immediately (within 24 hours of discovery). 29. Investigation: The DAC will investigate all reported breaches and violations and may request additional information from the data user. 30. Consequences: Violations of this policy may result in immediate termination of data access, notification to institutional authorities, and prohibition from future data access. Serious violations may be reported to relevant regulatory authorities. Data Access Application Process 31. Application Submission: Researchers must submit a complete data access application through the EGA Data Access Committee portal, including: a) Research proposal describing the scientific aims and methodology b) List of all researchers who will access the data c) Evidence of institutional affiliation for all named researchers d) IRB/ethics committee approval letter e) Description of data security measures and computing environment 32. Review Process: The DAC will review applications within 30 days of receipt. The DAC may request additional information or clarification during the review process. 33. Approval Criteria: Applications will be evaluated based the criteria detailed above. 34. Access Period: Data access is typically approved for a period of 12 months, renewable upon request with justification for continued access. 35. Data Access Agreement: Upon approval, researchers must sign a Data Access Agreement acknowledging acceptance of all terms and conditions outlined in this policy. Amendments to Approved Access 36. Adding Researchers: Addition of new researchers to an approved project requires submission of an amendment request including the new researcher's information and updated ethics approval if required. 37. Scope Changes: Significant changes to the research aims or methodology require DAC review and approval before implementation. 38. Institutional Changes: If a researcher changes institutions during the access period, they must notify the DAC and may need to submit a new application from the new institution. DAC Contact Information For questions about this policy or the data access application process, please contact: Tobias Janowitz (janowit@cshl.edu) and Hiro Furukawa (furukawa@cshl.edu) at Cold Spring Harbor Laboratory, NY.