The BNR Data Sharing Guide
To guide the sharing and re-use of data generated by the BNR
11 May 2026
Why Data Sharing and Re-use Matter
The Barbados National Registry for Chronic Non-Communicable Disease (BNR) exists to turn information about disease into action for better health.
Every record in the registry represents a person, a family, and a story — but when combined, these records become a powerful national resource.
Responsible data sharing and re-use allow the BNR to:
- Make the best possible use of information already collected.
- Enable new research without repeating expensive data collection.
- Encourage collaboration across the Caribbean and with global partners.
- Increase transparency and public trust in how health data are used.
- Attract funding and strengthen national visibility in health research.
The value of the BNR’s work grows when its data are not just collected, but shared responsibly and re-used intelligently.
Understanding the Types of Data Held by the BNR
BNR data come from multiple sources — hospitals, clinics, death certificates, and follow-up systems — and vary in how identifiable they are.
For that reason, the BNR uses a tiered access model that defines how each category of data can be shared.
| Tier | Data Type | Description | Example Use | Access Level |
|---|---|---|---|---|
| Public | Fully anonymised and aggregated data | Numbers, rates, or percentages summarised by sex, age, or year. Cannot identify individuals. | Public reports, infographics, policy briefs, dashboards. | Openly available through the BNR website and on recognised open data repositories such as Zenodo, with a permanent DOI for citation. |
| Restricted | De-identified individual-level data | Personal identifiers removed, but still includes record-level information (e.g., age, sex, event date). | Approved research projects or audits. | Shared under a signed Data Sharing Agreement and ethics approval. |
| Controlled | Identifiable or linkable data | Contains personal identifiers or linkage keys. Used only within BNR for registry operations. | Data cleaning, validation, linkage to hospital systems. | Access limited to authorised BNR staff under strict governance. |
This model supports openness while protecting individuals’ privacy and complies with the Barbados Data Protection Act (2019).
The Legal and Ethical Framework
The Barbados Data Protection Act (2019) provides the foundation for how personal data must be collected, stored, and shared. It requires all organisations that handle personal information to:
- Collect data fairly and lawfully.
- Use data only for stated, legitimate purposes.
- Keep data accurate, relevant, and limited to what is necessary.
- Protect data from unauthorised access or loss.
- Maintain accountability and be able to demonstrate compliance.
The BNR, as a data controller, must therefore ensure that any release of data meets these standards. However, the Act also explicitly allows the processing and sharing of data when it is for the public good — particularly in health, education, or scientific research — provided that:
- Individuals cannot reasonably be identified, and
- Appropriate safeguards are in place to protect their rights.
This balance between protection and public benefit underpins the BNR’s data sharing policy.
Balancing Openness and Confidentiality
Open data promotes learning, innovation, and collaboration, but confidentiality ensures that the people behind the data remain safe and respected.
In a small country, this balance is especially delicate — a few details may be enough to identify someone, even in anonymised tables.
To manage this, the BNR follows three core principles:
- Share as openly as possible, protect as strongly as necessary.
- De-identify and aggregate wherever feasible before data leave the BNR.
- Be transparent about what data are shared, with whom, and why.
When this balance is maintained, the BNR can achieve both scientific value and public trust.
Flexibility for Research and Collaboration
The Barbados Data Protection Act recognises that not all data use carries the same level of risk.
When data are properly de-identified and the purpose is bona fide research or public health improvement, there is flexibility for how long and how widely they may be used.
The BNR can therefore share data with approved third-party researchers if:
- The data contain no direct identifiers;
- The project has ethical approval or institutional oversight;
- The use is clearly for research or public health benefit; and
- The recipient agrees to security and confidentiality safeguards.
In such cases, the Data Sharing Agreement for Research Use permits:
- Secure retention of data within institutional archives for reproducibility.
- Reuse for directly related projects with BNR notification.
- Creation of new, fully anonymised datasets that may be shared publicly.
This flexible model encourages collaboration while remaining compliant with the law.
How Purpose Affects Data Sharing
| Type of Use | Typical Data Form | Governance Requirements | Level of Openness |
|---|---|---|---|
| Academic or Public Health Research | De-identified datasets | Ethics approval and institutional safeguards | Moderate — longer retention and reuse allowed |
| Policy or Service Planning | Aggregated summaries | Oversight by Ministry or BNR Advisory Committee | High — wide sharing encouraged |
| Public Information | Fully anonymised or aggregated data | Internal review only | Very high — open release (e.g. via Zenodo) |
| Commercial or Consultancy Use | Usually de-identified but project-specific | Written approval and full DSA | Low — strict access and retention limits |
The type of use determines the level of protection and oversight required.
Public Data Repository
To support transparency and re-use, the BNR will make public, fully anonymised datasets available through recognised open data repositories such as Zenodo.
Each dataset will:
- Include a permanent DOI (Digital Object Identifier) to ensure proper citation.
- Be accompanied by metadata, documentation, and a clear data dictionary.
- Be updated periodically as new reporting cycles are completed.
This approach ensures that valuable national health information is discoverable and citable, while sensitive details remain protected.
Putting It All Together — An Action Plan for Responsible Sharing
The BNR Refit introduces a structured system to manage how data are shared and tracked.
Step 1. Confirm the Data Type and Intended Use
- Determine whether the requested data are public, restricted, or controlled.
- Check if the request is for research, policy, or public communication.
- Apply the principle of minimum necessary detail.
Step 2. Review for Legal and Ethical Compliance
- Confirm alignment with the Barbados Data Protection Act (2019).
- Ensure ethics approval where required.
- Verify that the request serves public health or research goals.
Step 3. Apply the Right Governance Tool
Data Sharing Agreement (DSA):
Used for all restricted data shared outside the BNR.
Sets the terms for security, permitted use, and data retention.
Required before any de-identified dataset is released.Data Trust Framework:
Oversees the entire data sharing process.
The Data Trust (initially supported by the BNR Advisory Committee) reviews and approves requests, tracks active agreements, and reports publicly on data use.
It ensures decisions are fair, transparent, and accountable.
Step 4. Record Every Approval
- Log each request in the BNR Data Release Register (hosted in REDCap).
- Capture project details, dataset version, purpose, and approval history.
- Maintain traceability for all shared data.
Step 5. Communicate and Report
- Publish summaries of approved projects on the BNR website.
- Share datasets and visualisations on Zenodo and other open repositories.
- Provide annual updates to the Ministry of Health and Wellness and the Data Trust committee.
- Encourage users to share back results and derived insights.
Summary
The Barbados Data Protection Act allows responsible sharing of health data for public benefit.
The BNR’s role is to manage this sharing carefully — protecting individuals while enabling learning, research, and policy improvement.
In practice: - Use Data Sharing Agreements for all restricted data leaving the BNR.
- Apply the Data Trust Framework for oversight and transparency.
- Publish fully anonymised public data through open repositories with permanent DOIs.
- Keep ethics, security, and accountability central to every sharing decision.
Through this system, the BNR can make its data work harder — improving understanding, guiding action, and contributing to better health outcomes for Barbados and the wider Caribbean.