Educause Security Discussion mailing list archives
Re: Chapel Hill researcher demoted after security breach
From: Gene Spafford <spaf () CERIAS PURDUE EDU>
Date: Thu, 7 Oct 2010 16:43:40 -0400
There is a basic issue here that goes somewhat beyond IT that cuts across campus. When researchers conduct experiments that require approval of IRB (Institutional Research Board) approval, a component of that involves ethical treatment of subjects. When the subjects are humans, that includes issues of privacy, informed consent, security of records, protection and preservation of data, and other issues. Too often the people on the IRBs as well as the scientists making the requests simply don't understand the issues and threats. Thus, we end up with cases similar to the one at UNC where sensitive data is potentially compromised in one way or another. There is plenty of blame to go around -- the researchers, who are using technology they don't fully understand and thus are unable to control and protect; the IRBs, for not providing appropriate oversight and staffing to ensure that issues of privacy, data preservation, data integrity, accuracy, deidentification, etc; and campus IT staff for not asserting some leadership in providing in these areas. It is really unfair to blame the researcher for 100% of the problem at UNC if she was following an approved protocol and security plan, but that was not something that was described in the news article. Expect to see more such incidents as time goes on. Fines and losses are likely to increase, and institutions are not going to take them on all by themselves. --spaf
Current thread:
- Chapel Hill researcher demoted after security breach Nicole Kegler (Oct 07)
- Re: Chapel Hill researcher demoted after security breach David Escalante (Oct 07)
- Re: Chapel Hill researcher demoted after security breach Doty, Timothy T. (Oct 07)
- Re: Chapel Hill researcher demoted after security breach Allen Barrett (Oct 07)
- Re: Chapel Hill researcher demoted after security breach Gene Spafford (Oct 07)
- Re: Chapel Hill researcher demoted after security breach John Ladwig (Oct 07)
- Re: Chapel Hill researcher demoted after security breach Doty, Timothy T. (Oct 07)
- Re: Chapel Hill researcher demoted after security breach David Escalante (Oct 07)
- Re: Chapel Hill researcher demoted after security breach Plesco, Todd (Oct 07)
- Re: Chapel Hill researcher demoted after security breach Martin Manjak (Oct 08)
- Re: Chapel Hill researcher demoted after security breach Koerber, Jeff (Oct 21)
- <Possible follow-ups>
- Re: Chapel Hill researcher demoted after security breach Dennis Bohn (Oct 22)