Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: rules for dealing with human subjects data

From: "Christopher E. Cramer" <chris.cramer () DUKE EDU>
Date: Mon, 21 Mar 2005 09:17:50 -0500
Hi Scott,

This is an area that I've worked extensively with our IRB on.  It is my
understanding that for issues where an IRB does not have direct experience
wrt the risks involved, they are required (by the NIH and others) to have
a consultant on hand to discuss.  That said, we don't have any hard and
fast rules - every research protocol is different and the security risks
need to be weight accordingly.

I'm not certain this helps, but...

thanks
-c

On Sun, 20 Mar 2005, Scott Bradner wrote:


do any of you know of any specific rules for university-based researchers
protecting data that involves personally identifiable info?
I know that some data sources include security instriuctions with their
data but not all do and that does not cover data generated by the
researcher him/herself.

e.g. "no computer that contains names matched with social security
numbers can be connected to the Internet"  (so as to avoid things like
http://www.aunty-spam.com/california-notifies-over-1-million-that-they-may-have-been-hacked/
)

Scott

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.



**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.
Previous By Date Next
Previous By Thread Next

Current thread: