Researchers may, for example, request that the data provider or a trusted third party link particularly sensitive individualized data to individual treatment status and outcome measures, so that the researchers themselves do not need to handle and store the sensitive data. Reduce the data security threat-level a priori by acquiring and handling only the minimum amount of sensitive data strictly needed for the research study. This will often simplify and accelerate the research data flow. Minimizing the research team’s contact with sensitive, individually identifiable data may substantially reduce the potential harm caused by a data breach and the required data security measures that need to be put in place. Sensitive data must be protected from all of these threats. Theft or a cyber-attack may target either a researcher’s specific data set or the researcher’s home institution more generally and inadvertently sweep up the researcher’s data set in the course of the attack. All hardware that comes into contact with study data should remain protected including: laptops, desktops, external hard drives, USB flash drives, mobile phones, and tablets.
#Crashplan boxcryptor software#
If data security protocols are not adhered to, data may be disclosed through email, device loss, file-sharing software such as Google Drive, Box or Dropbox, or improper erasure of files from hardware that has been recycled, donated or disposed of. 3 Sensitive data are vulnerable to both inadvertent disclosure and targeted attacks
There may, in some cases, be financial and/or criminal liability to the data provider and/or the research subjects. The data provider may require additional security protections or terminate access to the data. A breach will likely trigger additional compliance requirements, including reporting the data breach to the Institutional Review Board (IRB), and, in certain circumstances, to each individual whose data was compromised. Both the researcher’s home institution and the researcher may suffer reputational damage and may have more difficulty obtaining sensitive data in the future. Research subjects may suffer unintentional disclosure of sensitive identified information, which may expose them to identity theft, embarrassment, and financial, emotional, or other harms. 2 Data security breaches: Causes and consequencesĪ data security breach can result in serious consequences for research subjects, the researcher’s home institution, and the researcher. Harvard University’s classification system for data sensitivity and corresponding requirements for data security illustrate how this calibration may function in practice. Researchers should also ensure that their research assistants, students, implementing partners, and data providers have a basic understanding of data security protocols.ĭata-security measures should be calibrated to the risk of harm of a data breach and incorporate any requirements imposed by the data provider. In addition to working with data security experts, researchers should acquire a working knowledge of data security issues to ensure the smooth integration of security measures into their research workflow and adherence to the applicable data security protocols. Researchers should consult with their home institution’s IT staff in setting up data security measures, as the IT department may have recommendations and support for specific security software.
Many research universities provide support and guidance for data security through their IT departments and through dedicated IT staff in their academic departments. Through this, he was able to infer viewers’ political preferences and other potentially sensitive information (Narayanan and Shmatikov 2008). For example, computer scientist Arvind Narayanan successfully re-identified a public-use de-identified data set from Netflix. 1 Additionally, the information revealed in this process could be damaging in unexpected ways. Even seemingly de-identified data may be re-identified if enough unique characteristics are included. Data security is critical to protecting confidential data, respecting the privacy of research subjects, and complying with applicable protocols and requirements.
0 kommentar(er)
