Educause Security Discussion mailing list archives
Re: Policy and Procedure for Electronic Research Tools
From: "Kenneth G. Arnold" <bkarnold () CBU EDU>
Date: Tue, 5 Jul 2005 11:27:11 -0500
We have had two instances recently where we needed feedback from students and faculty/staff. 1. We needed permission from the students to include their ID picture in the video year book that was being created by the yearbook staff. 2. We wanted the students and faculty/staff to complete an online evaluation survey of our technology services. In both cases an email was sent out to the person including a link to a web page. The link was similar to the following: http://www.cbu.edu/survey.cgi?email=user () cbu edu&pin=543823 The email address was to limit the responses to one response per user. The pin was to verify that this was the person who actually received the email. The pin numbers were generated randomly prior to sending out the emails and a mass emailing program inserted the correct link in each email as it was sent out. If the person did not use the pin number associated with that email address, the response would be considered an error. The cgi collected the email addresses of the people who had followed the link to indicate their approval to use their ID picture for the yearbook. The email for the survey stated that the email address was being used only to make sure that each person responded only once and that the email address would not be associated with any response they gave to the survey. Of course the cgi could have been written to know exactly who said what in the survey but ours was not written that way. The users just had to trust us on this. At 10:54 AM 7/5/2005, you wrote:
Recently, I visited with our Research and Compliance Training Officer (IRB) concerning some of the electronic tools researchers are using to gather data for projects from human subjects on both sensitive and non sensitive topics. Some of the tools discussed were e-mail questionnaires and online surveys. If possible can any of you share with us what your institution or research group/board has done to ensure that data is secure and is only viewed and accessed by those who have to the right to it. Can you share what you have in the way of policy, procedure, education, training and security tools used? Theresa Semmens, CISA IT Security Officer North Dakota State University IACC 210C Ph: 701-231-5870 E-mail: theresa.semmens () ndsu edu "If you believe you cannot do something, it makes you incapable of doing it. But when you believe you can, you acquire the ability to do it, even if you did not have the ability in the beginning." Mahatma Gandhi
Brother Kenneth Arnold System Administrator Information Technology Services Christian Brothers University (901) 321-4333
Current thread:
- Policy and Procedure for Electronic Research Tools Theresa Semmens (Jul 05)
- <Possible follow-ups>
- Re: Policy and Procedure for Electronic Research Tools Kenneth G. Arnold (Jul 05)