University of Cambridge, Department of Public Health and Primary Care Data Protection Statement for the Web-based CanRisk Tool

Access for researchers and medical professionals only.

Explicit Patient Consent to supply their data is a pre-condition of use.

1. Introduction

The CanRisk Tool is a computer program that is used to calculate the risks of breast and ovarian cancer in women based on their family history. It is also used to calculate the probability that they are carriers of cancer-associated mutations in the BRCA1, BRCA2, PALB2, CHEK2, ATM, RAD51D, RAD51C or BRIP1 gene. It is only for use by medical professionals, strictly within the terms of the Purpose permitted in the Licence Agreement provided on registration (see https://www.canrisk.org/accounts/register/).

This page explains what personal information we gather from you as a researcher/patient medical adviser when you visit the specific website within the University of Cambridge domain called https://canrisk.org.

YOU MUST HAVE YOUR PATIENT'S EXPLICIT CONSENT TO PROVIDE THEIR PERSONAL INFORMATION AS DESCRIBED BELOW.

Users are required to register and create a user account to use the CanRisk Tool and Web services. This page sets out the personal information that we gather when you visit the following Web sites in order to:

  1. setup a CanRisk user account using the online registration form (https://www.canrisk.org/accounts/register/);
  2. compute theoretical breast/ovarian cancer risks using the CanRisk Tool (https://www.canrisk.org/canrisk_tool/).

2. Who will process the personal information?

The information published here applies to the use of your and your patient's personal information (also known as 'personal data') by the University of Cambridge through the viewing or use of this Web site.

3. General personal information collected on our websites

When you visit any of the websites within the University of Cambridge domain, we hold certain information about you for service and security reasons. For more information on this, please see. http://www.cam.ac.uk/about-this-site/privacy-policy.

4. Specific personal information collected on this website

This Web site asks you to provide information about yourself and others set out below.

4.1 Your personal data collected when you setup your CanRisk user account

When you setup your CanRisk user account using the registration form (https://www.canrisk.org/accounts/register/), we collect the parameters listed in Table 1.

Table 1. Your personal data.

Parameter
First name
Last name
E-mail address
Job title (Clinical Geneticist, General Practitioner, Genetic Counsellor, Surgeon, Oncologist, Practice Nurse, Other Health Care Professional (please specify))
We ask you to confirm that: “I have personal medical indemnity cover and/or am covered by my employer”
Country
CanRisk username
CanRisk password

Note to Table 1:

We collect your first name, last name and E-mail address (Table 1) so that we can contact you if there is a technical problem with the software. We will add your E-mail address to the CanRisk mailing list (administered by the University of Cambridge). We do this so that we can inform you when there are any interruptions to service, and when new software is released.

As a security measure, your E-mail address is used to send an E-mail to activate your CanRisk user account. It is also used when we send you a link to reset your password. We sometimes use country data (Table 1) to illustrate how the CanRisk Tool is used worldwide.

In addition, we ask you to specify your own CanRisk username and password (Table 1) so that you can use this information to login to the software after you have setup your CanRisk user account.

Registration data are used to broadly track usage, to ensure that sufficient computer resources are provisioned, and to keep users informed of CanRisk news and services. Registration data are not shared with any 3rd parties. They may be used in the context of providing broad usage details, e.g. number of cancer risk calculations carried out by certain groups (e.g. Clinical Geneticists) to better inform us and funding bodies of the impact of the tool.

Please contact us if you would like your CanRisk user account data to be deleted.

4.2 Anonymised patient personal data collected when you run a CanRisk Tool risk calculation

The CanRisk Tool and Web-services (https://www.canrisk.org/canrisk_tool/) are used to estimate theoretical breast and ovarian cancer risks and mutation carrier probabilities on the basis of anonymised pedigree data, risk factors and model parameters that you provide.

To run a risk calculation, you input the risk factor and pedigree datasets (see Tables 2 and 3 below) into your Web browser (e.g. Chrome, FireFox) and they are sent (excluding the patient's oophorectomy, mastectomy, day of birth (see table 2), and the name/IDs of all relatives (see table 3) to a University of Cambridge Web server for processing.

4.2.1 Risk factor data

The risk factor data listed in Table 2 are collected for the patient (the subject of the risk calculation). Date of birth (Table 2) is mandatory in order to compute risks, but the other parameters are optional.

The CanRisk Tool gathers date of birth (Table 2). However, only the age and year of birth (extracted from this parameter) are submitted to the University of Cambridge server for processing. Similarly, details of oophorectomy and mastectomy (Table 2) are not transmitted to the University of Cambridge server for processing (see * in Table 2).

Table 2. Risk Factor data.
Parameter
Sex†‡
Country of residence†‡
Date of birth†‡* Used to obtain the patient's year of birth and to compute their age that are both transmitted.
Height (used to compute patient's BMI)†‡
Weight (used to compute patient's BMI)†‡
Daily alcohol intake in grams per day
Age at menarche
Age at menopause
Current use of oral contraception†‡
Current use of menopause hormone therapy†‡
Parity†‡
Sex of each child†‡
Year of birth of each child (used to compute patient's age at first live birth)
Mammographic density as measured by BI-RADS
Endometriosis
Tubal ligation procedure
Oophorectomy* Used to prevent computation of the patient's ovarian cancer risks under these circumstances.
Mastectomy* Used to prevent computation of the patient's breast cancer risks under these circumstances.
Polygenic Risk Score (Breast Cancer)
Polygenic Risk Score (Ovarian Cancer)

† Breast Cancer Risk Factor; ‡ Ovarian Cancer Risk Factor; * patient data not transmitted

4.2.2 Pedigree data

When you input a pedigree dataset using the CanRisk Tool, we ask you to specify the parameters listed in Table 3 for all family members (including the patient).

The CanRisk Tool collects the name or ID of each family member (Table 3). However, this parameter is not submitted to the University of Cambridge server for processing.

Table 3. Pedigree data.
Parameter
Name and/or ID of the family member
Sex (for the patient, this is obtained from Sex in Table 2)
Vital status
Age at last follow up
Year of birth (for the patient, this is obtained from date of birth in Table 2)
Age at first breast cancer diagnosis
Age at contralateral breast cancer diagnosis
Age at ovarian cancer diagnosis (for females)
Age at prostate cancer diagnosis (for males)
Age at pancreatic cancer diagnosis
ER status of first breast cancer
PR status of first breast cancer
HER2 status of first breast cancer
CK14 status of first breast cancer
CK5/6 status of first breast cancer
BRCA1 genetic test type and result
BRCA2 genetic test type and result
PALB2 genetic test type and result
CHEK2 genetic test type and result
ATM genetic test type and result
RAD51D genetic test type and result
RAD51C genetic test type and result
BRIP1 genetic test type and result
Identical twin status

4.2.3 Model parameter data

When you input model parameter data using the CanRisk Tool, we ask you to specify the parameters listed in Table 4.

Table 4. Model parameter data.
Parameter
BRCA1 mutation frequency
BRCA2 mutation frequency
PALB2 mutation frequency
ATM mutation frequency
CHEK2 mutation frequency
RAD51D mutation frequency
RAD51C mutation frequency
BRIP1 mutation frequency
BRCA1 mutation search sensitivity
BRCA2 mutation search sensitivity
PALB2 mutation search sensitivity
ATM mutation search sensitivity
CHEK2 mutation search sensitivity
RAD51D mutation search sensitivity
RAD51C mutation search sensitivity
BRIP1 mutation search sensitivity
Country of residence (equivalent to the country of residence specified in Table 2)

The risk factor data, pedigree data and model parameter data (Tables 2, 3 and 4) are required by the CanRisk tool to:

  1. Estimate theoretical breast/ovarian cancer risks and mutation carrier probabilities;
  2. Control how they are displayed on screen and in the processing report PDF;
  3. Generate a drawing of the input pedigree.

5. Data storage and security

Technical organisational and security measures are in place to ensure security appropriate to the type of data submitted and processed or stored.

Patient data (see section 4.2 above):

We will hold your personal data (Table 1) until you ask us to delete it so that we can keep in touch as described above (Note to Table 1).

We do not share any data collected from you for the CanRisk Tool with 3rd parties or enrich it (i.e. integrate it with other personal data).

6. Secure Connection

The CanRisk Tool Web site uses HTTPS which is a protocol for securing the communication between your Web browser and the University of Cambridge server. HTTPS connections are encrypted. The CanRisk Web site (https://canrisk.org) automatically redirects you to HTTPS when you access it.

7. Contacting Us

E-mail inquiries and support requests are sent to the CanRisk service desk details of which can be found on the CanRisk website. When sending support requests, data must always be sent in an anonymised format.

8. Cookies and Web Storage data

8.1 Cookie data

The CanRisk Web site (https://canrisk.org) uses cookies. A cookie is a small amount of data (<4Kb) that is sent to your computer or Web-enabled device browser from the University of Cambridge server. Cookies are used in this website to hold information about the user session.

We also use a Content Delivery Network (CDN) jsDelivr to access 3rd party libraries which improve the functionality and responsiveness of the CanRisk Tool. CDNs also reduce latency and provide faster loading of a website.

Table 5 lists some of the cookies used by the CanRisk Web site. As the names, numbers, and purposes of these cookies may change over time, this page may be updated from time to time to reflect those changes.

Table 5. Cookie data.
Cookie Hostname Description Criteria Duration Type
cookieControl canrisk.org Used to remember when a user has accepted CanRisk's cookie use notice. Necessary 30 days Cookie
cookieControlPrefs canrisk.org Array of accepted cookie types e.g. ["preferences"]. Necessary 1 year Cookie
csrftoken canrisk.org Helps prevent Cross-Site Request Forgery (CSRF) attacks. Necessary Persistent for 1 year Cookie
sessionid canrisk.org Current session identifier. Necessary Only if you are logged in to this site. Until the end of the session Cookie

8.1.1 Deleting cookies

You can choose to allow, block, or delete cookies installed on your computer by adjusting the settings of the Web browser you use. Note that doing so might limit your ability to visit certain parts of the website or take advantage of some of our services.

For more information on how to manage cookies in your browser, please see:

8.2 Web storage data

Alongside cookies, the CanRisk Web site utilises 'web storage', which means the website loads faster. Web storage parameters (listed in Table 6) are used to enhance the functionality of the CanRisk Tool. Web storage data are not transferred to the University of Cambridge server for processing.

Table 6. Web storage data.
Name Hostname Description Criteria Duration Type
SESSION_LOCALE canrisk.org Locale identifier, e.g. en-gb. Necessary No expiration date Local Storage
PEDIGREE_pedigree_history* canrisk.org This is used to provide a history of family pedigree structures to facilitate editing and specifically used in the undo and redo functionality. Necessary Until the end of the session Session Storage
PEDIGREE_pedigree_history_COUNT canrisk.org This is a count of the pedigree history stored in PEDIGREE_pedigree_history*. Necessary Until the end of the session Session Storage
USERS_HGT_UNITS canrisk.org Defines default height units to be imperial. User Preferences No expiration date Local Storage
USERS_WGT_UNITS canrisk.org Defines default weight units to be imperial. User Preferences No expiration date Local Storage
COUNTRY canrisk.org Defines default country of residence. User Preferences No expiration date Local Storage

Further information

For more information about how we handle your personal information, and your rights under data protection legislation, please see https://www.information-compliance.admin.cam.ac.uk/data-protection/general-data.