Our site is TRUSTe certified! ORCID has been awarded TRUSTe’s Privacy Seal signifying that our privacy statement and practices have been reviewed for compliance with TRUSTe’s program requirements including transparency, accountability and choice regarding the collection and use of your personal information.
Privacy is a fundamental concern for ORCID. One of our bedrock principles that guides our operations is, “Researchers will control the defined privacy settings of their own ORCID record data.” Researchers decide what information they share, and who they share it with. We are committed to this principle even though the information in an ORCID Record is often available publicly from other sources.
ORCID is an international organization with users in 230 countries and territories. It is very important to us that all of our users, no matter where they are located, feel comfortable with our privacy practices. In developing these practices, we have looked to the Safe Harbor Privacy Principles developed by the US Department of Commerce, the European Commission and the Federal Data Protection and Information Commission of Switzerland, which permit EU and Swiss entities to transfer personal data to the US. From our launch we structured our privacy policy and procedures to reflect the spirit of these principles.
As a not-for-profit organization, we are unable to self-certify compliance with the Safe Harbor Program on the Department of Commerce Website. However, our privacy policy and practices are consistent with the Safe Harbor Privacy Principles. ORCID has member organizations throughout the world, and in Europe we have members in France, Germany, Latvia, Portugal, Spain, Sweden, Switzerland, Romania, and the UK. We are delighted that Universitätsbibliothek Bern and Forschungszentrum Jülich have joined ORCID as members, signaling their conclusion that organizations can create ORCID iDs on behalf of faculty and staff consistent with Swiss and German privacy laws. We also are pleased that following a thorough legal consultation, Jisc, in collaboration with ARMA, have launched a pilot project to develop best practices for a potential UK-wide adoption of ORCID in higher education.
To demonstrate our commitment to user privacy and provide an independent means for certification of our practices, we have completed a rigorous and comprehensive privacy review with TRUSTe. This process includes a check of our policies, a review of how we communicate our handling of data and privacy, and a review of our dispute procedures. Not surprisingly, our privacy policy was in great shape already and required only minor updates, though we took this opportunity to simplify the language, and make the policy itself much clearer and easier to read. Some highlights:
- Clearer privacy setting information. We simplified the language to describe the privacy settings that researchers can control. Our new section includes images of the privacy controls and clear information about who can see data under each setting.
- Control ORCID’s use of your information. We primarily use your data to provide you with excellent tools and services. Our policy provides more detail about how we use the information we collect, and describes how to manage your inclusion or exclusion in those uses.
- Details about commercial access. We always had strong restrictions and guidelines over how commercial entities can use your data. Our updated privacy policy clarifies commercial use, and provides more details about how to control it. (Spoiler alert: if you have not made the data public, you need to explicitly grant access to a commercial entity for them to see your data.)
- Controlling ORCID data even when you no longer can. We now include information about how records are managed once someone is deceased.
- Addressing issues when all else fails. We now provide more detail about where ORCID data comes from, and what we do when errors are found, including our dispute procedure.
Thank you for your continued trust in ORCID.