Sensitive Data

Agenda Howard Noble – Research Support ACIT (IT Services) Rowan Wilson – Research Support ACIT (IT Services) Claudia Kozeny-Pelling – Research Services Duncan Tooke – Information Security John Southall – Bodleian You (25% Researchers, 75% Support Staff) Your approaches Your concerns

Why might data be sensitive? Personal data and sensitive personal data (DPA) Confidentiality IP ownership issues

What are we discussing today? Intersection of IT and policy/regulation How can we use our current systems to best meet our responsibilities? How can we make sure that we make best use of technology within the constraints of responsibilities? Are there solutions we need that we don’t have?

Data Protection Act Data Controller – University of Oxford, third party body/institution Determines the purpose of processing Data Processors – collaborating institutions, cloud service providers, us Personal data – relates to living, identifiable individuals Sensitive personal data – as above but concerning (a) race (b) political opinions, (c ) religious beliefs (or other beliefs of a similar nature) (d) Union membership (e) physical or mental health (f) sexual life, (g) offences or alleged offences (h) court history and outcomes

Confidentiality Data need not relate to individuals Often expressly stated as in Non-Disclosure Agreements, but not necessarily Circumstances can create an expectation of confidentiality How to identify it Context Labelling Nature Trade secrets Government secrets Commercially sensitive Know how Breach involves using the information in an unauthorised manner

IP ownership For example Trade secrets (by 2018, Brexit permitting) Copyright Database rights Patentable material Statutes make it possible/likely Oxford owns IP in research data (case by case analysis recommended)

Some IT requirements arising Access control Encryption Anonymization support Appropriate online survey tools Secure online collaboration tools Long term archiving with fine-grained access controls and adequate sensitivity metadata Audited disposal where appropriate

Why might you have to release your data? You want to Funder requirements Legal proceedings Boston College RIPA Keep metadata about sensitivity status and consents Consider a schema that allows your data to be divided into sensitive and ‘normal’ for partial release

Sensitive Data Some example queries

ing sensitive personal data Application proposes passworded Word docs Collaborators did not want to use that approach Third party secure provider suggested EULA aimed at individual researcher

Travelling to gather data Going to a country where certain forms of encryption are in theory illegal Gathering data from subjects opposed to the state Backup over potentially insecure network infrastructure Risk to local storage (laptop, USB) of theft etc

Staying at home to gather data Interviewing colleagues in ways that generate sensitive personal data Storage unencrypted on departmental file server Unencrypted backup into HFS from departmental file server

Getting transcripts Using individual cloud storage from a well-known provider to store recordings and transcripts of interviews Subjects lightly anonymised Subjects personal safety at risk on breach – State actors Well-known provider webmail and file-sharing via URL into cloud store used to obtain transcripts

Some approaches Personal encrypted file store software such as Veracrypt Enabling encryption on your personal HFS backups End to end security using OpenGPG or similar Consolidating sensitive material outside your store Nexus Sharepoint as a secure location, possibly in encrypted form Departmental research data file stores for retention beyond project Data stewards? Encryption key management