Cookies on this website

We use cookies to ensure that we give you the best experience on our website. If you click 'Accept all cookies' we'll assume that you are happy to receive all cookies and you won't see this message again. If you click 'Reject all non-essential cookies' only necessary cookies providing core functionality such as security, network management, and accessibility will be enabled. Click 'Find out more' for information on how to change your cookie settings.

Accept all cookies Reject all non-essential cookies Find out more

Annex 2: Data handling and physical security

Records are processed securely within the Nuffield Department of Population Health (NDPH), with the University of Oxford as sponsor and data controller. Data security complies with the Data Protection Act (University of Oxford: registration Z575783X) and NDPH and University data security policies. NDPH has current NHS data security protection toolkit accreditation for storage of linked NHS data (ref: EE133863-MSD-NDOPH-NDPH); relevant data security and governance policies are available on request. Files are stripped of identifiers (name, address, date of birth, NHS number) before any data analyses. All working on AgeX are legally bound not to identify participants. Datasets with identifiers can be accessed only by those responsible for data linkage and de-identification, not by the study investigators or analysts. People analysing the de-identified dataset have only read access to it, and have no access to any other part of the database, and cannot link the IDs used in it to any other part of the database. The study is expected to continue until around 2033, after which the data will be de-identified and retained in accordance with the funder’s requirements for at least 25 years.

Electronic records are held securely in secure buildings with swipe card access on all external doors, which are monitored by CCTV. Visitors and deliveries report to reception for verification. High-security areas such as server rooms are physically separate from other facilities, have additional security locks, and are restricted to relevant staff. Offices are locked outside normal working hours. The NDPH IT disaster recovery plan covers responses to environmental and external threats. Server rooms have air conditioning to ensure servers operate within limits specified by the manufacturers and are supplied from multiple mains feeds, with equipment split between feeds, and are protected by uninterruptible power supply units (UPS) to prevent corruption of information, with a back-up generator in case of prolonged power outage. The internal telephones system provides 24-hour access to on-site security staff and public emergency services.

In this section