Educause Security Discussion mailing list archives

Re: research data security

From: Tracy Mitrano <tbm3 () CORNELL EDU>
Date: Thu, 18 Feb 2010 11:36:08 -0500

If you already have an information security policy that covers classification of information as well as the rules for 
management of confidential/highly sensitive information (personally identifiable, patient health care records, etc.), 
then require compliance in IRB process, if not all research data, even if (as is the case at many institutions, 
including Cornell) research data is treated separately from administrative data in institutional policies.

One idea :-)

Tracy


On Feb 18, 2010, at 11:30 AM, Steve Brukbacher wrote:

Hi,
I'm trying to get my arms around our research data security situation at 
our institution.  I'm fairly convinced we need a separate "protocol" for 
 research data security, just like we all have an IRB requirement, 
requirements for animal care, etc.

I know some will reply that this should "happen" in the IRB process, but 
unfortunately, a lot of data security detail is beyond the scope of what 
an IRB is tasked with doing.

So my question is, does anyone feel like they have a success story to 
share in ensuring that researchers using data with high confidentiality 
requirements meet some sort of security standards?


-- 
Steve Brukbacher, CISSP
University of Wisconsin Milwaukee
Information Security Architect
UWM Computer Security Web Site
www.security.uwm.edu
Phone: 414.229.2224

Current thread:

research data security Steve Brukbacher (Feb 18)
- <Possible follow-ups>
- Re: research data security Tracy Mitrano (Feb 18)
- Re: research data security Gary Dobbins (Feb 18)
- Re: research data security STEVE MAGRIBY (Feb 18)
- Re: research data security Doug Markiewicz (Feb 18)
- Re: research data security Bowden, Zeb (Feb 18)