Data Access Policy


A Data Access Policy is an established control put in place to ensure that data protection requirements are followed. The GDC Data Access Policy1 ensures that personally identifiable information in data made available in the GDC is kept from unauthorized users. GDC access control policies adhere to the National Institutes of Health (NIH) Genomic Data Sharing Policy (GDS) Policy2 as well as the NCI GDS Policy3. The GDC requires that users obtain authorization from the National Center for Biotechnology Information (NCBI) Database of Genotypes and Phenotypes (dbGaP) for accessing controlled data.


Any user accessing GDC open data must adhere to the NIH Genomic Data Sharing (GDS) Policy2 which indicates that investigators who download unrestricted-access data from NIH-designated data repositories should:

  • Not attempt to identify individual human research participants from whom the data were obtained
  • Acknowledge in all oral or written presentations, disclosures, or publications the specific dataset(s) or applicable accession number(s) and the NIH-designated data repositories through which the investigator accessed any data

Any user requesting access to GDC controlled data must apply for dbGaP authorization, which is granted by an NIH Data Access Committee (DAC). DACs review and approve or disapprove all requests from the research community for data access. Decisions to grant access are made based on whether the request conforms to the specifications within the NIH Genomic Data Sharing Policy and program specific requirements or procedures (if any). All uses proposed for controlled-access data must be consistent with the data use limitations for the data set as indicated by the submitting institution and identified on the public website for dbGaP. DACs also review and approve or disapprove all requests for access to dbGaP data for programmatic oversight by NIH employees.


  1. GDC Data Access Policies
  2. NIH GDS Policy
  3. NCI GDS Policy

Categories: General