Educause Security Discussion mailing list archives
Re: rules for dealing with human subjects data
From: "Christopher E. Cramer" <chris.cramer () DUKE EDU>
Date: Mon, 21 Mar 2005 09:17:50 -0500
Hi Scott, This is an area that I've worked extensively with our IRB on. It is my understanding that for issues where an IRB does not have direct experience wrt the risks involved, they are required (by the NIH and others) to have a consultant on hand to discuss. That said, we don't have any hard and fast rules - every research protocol is different and the security risks need to be weight accordingly. I'm not certain this helps, but... thanks -c On Sun, 20 Mar 2005, Scott Bradner wrote:
do any of you know of any specific rules for university-based researchers protecting data that involves personally identifiable info? I know that some data sources include security instriuctions with their data but not all do and that does not cover data generated by the researcher him/herself. e.g. "no computer that contains names matched with social security numbers can be connected to the Internet" (so as to avoid things like http://www.aunty-spam.com/california-notifies-over-1-million-that-they-may-have-been-hacked/ ) Scott ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- rules for dealing with human subjects data Scott Bradner (Mar 20)
- <Possible follow-ups>
- Re: rules for dealing with human subjects data Dan Updegrove (Mar 20)
- Re: rules for dealing with human subjects data Michael Sinatra (Mar 20)
- Re: rules for dealing with human subjects data Christopher E. Cramer (Mar 21)
- Re: rules for dealing with human subjects data Chris Allison (Mar 21)
- rules for dealing with human subjects data Karen Eft (Mar 23)