data security policies for research data

["Youngquist, Jason R." <jryoungquist () CCIS EDU>]

About two months ago there was a news article where a researcher at the University of North Carolina at Chapel Hill had 
a server with confidential information for her research project get hacked.  We have a committee for the Protection of 
Human Subjects, and while we require that all information should be kept confidential, I'm looking for some best 
practices from other schools, especially for student research data.

For faculty, we can make a policy stating that all research information must be stored on their personal network space. 
 For students, this becomes a bigger issue, because we have a main campus, ~35 remote campuses, and an on-line campus.  
For research being done by students how do you make sure their data is kept confidential?  Do you require data to not 
include any personal identifying information such as first name/last name, to be stored on encrypted USB drives (is 
this provided by the college or does the student need to provide their own), provide loaner laptops that have whole 
disk encryption installed, etc?


Thanks.
Jason Youngquist
Information Technology Security Engineer
Technology Services
Columbia College
1001 Rogers Street, Columbia, MO  65216
(573) 875-7334
jryoungquist () ccis edu
http://www.ccis.edu