Educause Security Discussion mailing list archives
Re: rules for dealing with human subjects data
From: Michael Sinatra <michael () RANCID BERKELEY EDU>
Date: Sun, 20 Mar 2005 12:48:52 -0800
Scott Bradner wrote:
do any of you know of any specific rules for university-based researchers protecting data that involves personally identifiable info? I know that some data sources include security instriuctions with their data but not all do and that does not cover data generated by the researcher him/herself. e.g. "no computer that contains names matched with social security numbers can be connected to the Internet" (so as to avoid things like http://www.aunty-spam.com/california-notifies-over-1-million-that-they-may-have-been-hacked/ )
Hi Scott: As we're the campus where the above-referenced hacking actually occurred (the researcher and the data were from two different places, making lines of responsibility even fuzzer :( ), the Human Subjects Committee has drafted a policy to this end. The policy draft isn't available, but an excellent response by Prof. Dave Messerschmitt has been posted publicly on the Academic Senate's Computing Committee web page (http://www.eecs.berkeley.edu/~messer/Campus/COMP/). Since it's readily accessible and searchable via Google, I don't think it will be a problem to post it here: http://www.eecs.berkeley.edu/~messer/Campus/COMP/Docs/CPHS-policy-response.pdf On the administrative side, we have a Data Stewardship Council (http://dataintegration.vcbf.berkeley.edu/) and they have recently publicly published a provisional policy regarding sensitive data on the administrative side. (This effort preceded the compromise you refer to, but it was more geared toward administrative data rather than research.) The full policy is here: http://dataintegration.vcbf.berkeley.edu/documents/ProvisionalDMUP1.1.pdf michael Speaking for myself, not my institution. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- rules for dealing with human subjects data Scott Bradner (Mar 20)
- <Possible follow-ups>
- Re: rules for dealing with human subjects data Dan Updegrove (Mar 20)
- Re: rules for dealing with human subjects data Michael Sinatra (Mar 20)
- Re: rules for dealing with human subjects data Christopher E. Cramer (Mar 21)
- Re: rules for dealing with human subjects data Chris Allison (Mar 21)
- rules for dealing with human subjects data Karen Eft (Mar 23)