1 / 21

Data Security

Data Security. Gabriella Perez Research Technology Compliance Specialist ITS Research Services Gabriella-perez@uiowa.edu 319-467-0003. October 2, 2019. Why is Data Security important?.

eromeo
Download Presentation

Data Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Data Security Gabriella Perez Research Technology Compliance Specialist ITS Research Services Gabriella-perez@uiowa.edu 319-467-0003 October 2, 2019 Academy for Research Professionals - Data Security

  2. Why is Data Security important? • The protection of research data is a fundamental responsibility, rooted in regulatory and ethical principles and should be upheld by all data stewards • Breaches can negatively impact future funding • Good data security practices protect: • Human subjects • Researchers’ reputations • The institutions’ reputation • Data integrity • Etc. Academy for Research Professionals - Data Security

  3. Why is Data Security Important (cont.)? • Data security is important at every stage of the research lifecycle • Planning: Data Management Plan • Collection & Analysis: Devices, Systems, Software, Storage, Sharing • Publication: De-identification, long-term storage Academy for Research Professionals - Data Security

  4. Who owns UI research data? • UI Research Handbook, Policy 7g – • “The University of Iowa owns the primary research results generated from all research, development, and related activities conducted under its jurisdiction.” • It is important for UI researchers to follow UI guidelines for data security Academy for Research Professionals - Data Security

  5. Classifying Institutional Data • Public:data that is public or published with no restrictions.  Examples include published "white pages" directory information, maps, academic course descriptions, news releases. • University-Internal:data that is non-public or internal data.  Examples include official university records, financial reports, unofficial student records, de-identified research data.  • Restricted:data that is confidential or restricted due to personal privacy considerations or compliance regulations and laws.  Examples include student transcripts, identifiable human subjects research data, full-face photogenic images or videos, financial aid data. • Critical:data that has the most stringent legal or regulatory requirements and requires special security controls.  Examples include data governed by HIPAA (personal health information), SSNs, personal identifiers (passport/driver's license numbers), data governed by ITAR (export-controlled). Academy for Research Professionals - Data Security

  6. Classifying Institutional Data (cont.) • HIPAA:protected health information (PHI) from the University of Iowa Hospitals and Clinics.  Examples of restricted data combined with any health information from the medical record (e.g. Name + blood pressure). • Export-Controlled:U.S. defense-related data where disclosure to a foreign national must be prevented.  Examples include military items, space-related technology, technical defense data. Academy for Research Professionals - Data Security

  7. The Data Classification Game! • What is the classification level? • Year of birth • Gender • Randomly assigned ID • MRI scan information • NOTE: Some scans are purely from research participants and are not entered in the medical chart.  Some scans are from medical patients at UIHC that have consented to research and data extraction involves looking in the medical chart. Academy for Research Professionals - Data Security

  8. The Data Classification Game! • What is the classification level? • Sexual orientation • Mother’s maiden name • Gender • Public social media posts Academy for Research Professionals - Data Security

  9. The Data Classification Game! • What is the classification level? • Activity Tracker ID Number (no name) • Gender • Height • Weight • Daily steps taken • GPS location to the nearest zip code Academy for Research Professionals - Data Security

  10. Campus Storage Options Academy for Research Professionals - Data Security

  11. Campus Storage Options (cont.) Academy for Research Professionals - Data Security

  12. Other IT Tools & Services Academy for Research Professionals - Data Security

  13. Table Legend: Academy for Research Professionals - Data Security

  14. Collaboration Tools • In terms of real-time collaboration, OneDrive, ShareFile, REDCap (all approved for highly sensitive data) and Confluence (approved for university-internal data) are the best on-campus options for researchers.  • For easier data sharing, outside collaborators can be provisioned a HawkID to access some of our services (e.g. RDSS drive, VPN, HawkIRB) by using this Guest Account Creation Tool: https://iam.uiowa.edu/accounts Academy for Research Professionals - Data Security

  15. How to Securely Transmit/Transport Data  • To ensure you are in compliance with Data Use Agreement terms for data transmission and using approved transfer mechanisms, contact research-computing@uiowa.edu.  • Recommendations for data transfer: • 1.) Secure File Transfer Protocol (SFTP) • 2.) Provide access to specific file/folder (e.g. RDSS drive or OneDrive folder) • 3.) Globus Online with encryption enabled for large datasets: https://wiki.uiowa.edu/display/hpcdocs/Globus+Online • 4.) Email (if absolutely necessary) - recommended way is to store file in OneDrive and email an authenticated link to the recipient rather than attaching file to the email itself • *Note* Secure transfer mechanism is no longer secure if username/password is sent via email Academy for Research Professionals - Data Security

  16. Technology & Security Reviews • Do you want to use a third-party application to collect, store, and/or analyze your research data? • Before use, submit the software/service for Technology & Security Reviews: • Technology Review: https://its.uiowa.edu/campus-software-program/technology-reviews • Security Review: https://workflow.uiowa.edu/form/security-review Academy for Research Professionals - Data Security

  17. What is an IT Security Plan and why do I need to fill one out? • The IT Security Plan is an internal document that is used to make sure research teams are following best practices when it comes to data security.  This document becomes very important in the case of a breach. Documentation is your friend! • In some cases, an IT Security Plan must be filled out to ensure compliance with Data Use Agreements, Contract/Grant requirements, and/or because your project is dealing with highly sensitive data. Academy for Research Professionals - Data Security

  18. How to Fill Out a Data Security Plan • 1.) If using campus resources, contact your local IT support admin for assistance in filling out this document.  If unknown, contact research-computing@uiowa.edu. • 2.) List out all data points collected and determine data classification. • 3.) List out all services your data will touch – storage locations, collaboration tools, university-owned or personal computer/laptop, etc. • 4.) Submit completed IT Security Plan to research-computing@uiowa.edu for review. • The Principal Investigator and the Technical Lead should not be the same person. • *Recommendation - be as detailed as possible! Academy for Research Professionals - Data Security

  19. IT Security Plan Example Academy for Research Professionals - Data Security

  20. Data Security Resources • Protecting Sensitive Data Webpage: https://its.uiowa.edu/protect-sensitive-data • Data Classification Guide: https://its.uiowa.edu/support/article/110901 • IT Security & Policy Office Website: https://itsecurity.uiowa.edu/ • Core Security Standards for devices, servers, and applications: https://itsecurity.uiowa.edu/security-standards Academy for Research Professionals - Data Security

  21. Questions? Contact Info: Gabriella Perez​ Research Technology Compliance Specialist​ ITS Research Services​ Gabriella-perez@uiowa.edu​ 319-467-0003 Academy for Research Professionals - Data Security

More Related