Privacy and security

Cookies and web analytics

Like many websites, MIDAS uses cookies. Our cookie usage is governed by the cookie policy of the Wellcome Sanger Institute, where the MIDAS website is hosted. The main use for cookies in the site is to maintain user sessions, keeping track of whether you are signed in and therefore able to view privileged information within the site.

Also in common with many websites, MIDAS uses web analytics packages to monitor website usage. Specifically, we use Google Analytics to provide aggregate data on user behaviour and environment, such as which browsers, operating systems and screen sizes are being used when viewing the site. This information is helpful when developing websites and visualisations of complex data. The Sanger Institute also uses the Piwik tool to analyse server logs for all of the websites that it hosts, providing standard reporting of website usage across the whole institute.

If you have any concerns about cookie usage or data analytics on the MIDAS website, please contact us.

User data

Members of the HICF consortium may be given accounts on the MIDAS website, so that they are able to browse, search and download sample metadata from this site. If you have a user account on the site, we store the following items of personally identifiable data about you:

  • Name
  • Username
  • Email address
  • Password
  • API key

When your account is set up, a password and an API key will be issued to you. We strongly recommend that you reset your password immediately, and that you use a strong, unique password.

Since your API key can be used to make requests for privileged information using the MIDAS RESTful API, please treat this key as you would your password. It is important that you do not allow other people to use your key. If your API key is compromised, you can generate a new one.

Logging and auditing

All web servers keep detailed logs of their activity. In order to provide an audit log for the MIDAS resource, we archive these server logs for the website and RESTful interface. The logs include details of all requests made to the site, including, for privileged data, the username of the user making each request, either when signed in to the website or using their API key via a script or similar.

If you have any concerns about our logging policy, please contact us.

Data security

The MIDAS website uses HTTPS, meaning all data sent between our servers and your browser (or client script) is encrypted. As such, it should be impossible or extremely difficult for a third party to intercept and read privileged information while in transit across the wider network.

Sample data within the Sanger Institute is not encrypted, but is protected by user access controls and account management procedures. All data is accessible to systems and database administrators, but access for other users is restricted to those members of the Sanger Pathogens Informatics team who are directly responsible for managing the website and database.

If you have any concerns or questions about the storage of MIDAS sample metadata, please contact us.