Educause Security Discussion mailing list archives
Re: research data security
From: Tracy Mitrano <tbm3 () CORNELL EDU>
Date: Thu, 18 Feb 2010 11:36:08 -0500
If you already have an information security policy that covers classification of information as well as the rules for management of confidential/highly sensitive information (personally identifiable, patient health care records, etc.), then require compliance in IRB process, if not all research data, even if (as is the case at many institutions, including Cornell) research data is treated separately from administrative data in institutional policies. One idea :-) Tracy On Feb 18, 2010, at 11:30 AM, Steve Brukbacher wrote:
Hi, I'm trying to get my arms around our research data security situation at our institution. I'm fairly convinced we need a separate "protocol" for research data security, just like we all have an IRB requirement, requirements for animal care, etc. I know some will reply that this should "happen" in the IRB process, but unfortunately, a lot of data security detail is beyond the scope of what an IRB is tasked with doing. So my question is, does anyone feel like they have a success story to share in ensuring that researchers using data with high confidentiality requirements meet some sort of security standards? -- Steve Brukbacher, CISSP University of Wisconsin Milwaukee Information Security Architect UWM Computer Security Web Site www.security.uwm.edu Phone: 414.229.2224
Current thread:
- research data security Steve Brukbacher (Feb 18)
- <Possible follow-ups>
- Re: research data security Tracy Mitrano (Feb 18)
- Re: research data security Gary Dobbins (Feb 18)
- Re: research data security STEVE MAGRIBY (Feb 18)
- Re: research data security Doug Markiewicz (Feb 18)
- Re: research data security Bowden, Zeb (Feb 18)