Safeguarding Research Data Policy and Implementation Challenges Miguel Soldi February 24, 2006 THE UNIVERSITY OF TEXAS SYSTEM.

Slides:

Advertisements

Similar presentations

The Role of the IRB An Institutional Review Board (IRB) is a review committee established to help protect the rights and welfare of human research subjects.

Advertisements

Copyright Kathy J. Lang and Ed Mahon, This work is the intellectual property of the authors. Permission is granted for this material to be shared.

Technology Across the Curriculum Programs Keys to Success Beth Secrist, TAC Coordinator Copyright Beth Secrist, This work is the intellectual property.

Office of Information Technology Affiliates/Guests – Who are these people and how do we give them services? Copyright, Barbara Hope, University of Maryland,

PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER.

Making Sense out of the Information Security and Privacy Alphabet Soup in terms of Data Access A pragmatic, collaborative approach to promulgating campus-wide.

Campus Improvement Plans

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna

ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.

Ethical Considerations when Developing Human Research Protocols A discipline “born in scandal and reared in protectionism” Carol Levine, 1988.

Making the Case for Security: An Application of the NIST Security Assessment Framework to GW January 17, 2003 David Swartz Chief Information Officer Guy.

The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.

Data Ownership Responsibilities & Procedures

Process for Policy Development and Mechanism for Policy Concerns.

Advancing Security Programs through Partnerships Cathy HubbsShirley Payne IT Security Coordinator Director for Security Coordination & Policy George Mason.

Information Security Policies and Standards

UWM CIO Office A Collaborative Process for IT Training and Development Copyright UW-Milwaukee, This work is the intellectual property of the author.

1 IT Security-related Legislation Judy Borreson Caruso CUMREC 2004 May 18, 2004 Copyright Judy Borreson Caruso, This work is the intellectual property.

Purpose of the Standards

National Research Agenda to Support Transformation National Learning Infrastructure Initiative Focus Session June, 2003 Copyright Jillian Kinzie, 2003.

FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.

Risk Assessment 101 Kelley Bradder VP and CIO Simpson College.

Security Issues on Campus: Government Initiatives Rodney J. Petersen University of Maryland Educause/Internet2 Security Task Force Copyright Rodney J.

1 Outsourcing Student & Other Collaboration Services Wendy Woodward Director, Technology Support Services Copyright Wendy Woodward This work.

BRIEFING TO THE PORTFOLIO COMMITTEE ON THE DPSA’S RISK MANAGEMENT STRATEGY PRESENTATION TO THE PORTFOLIO COMMITTEE 12 MAY

Intellectual Property Protocol and Assessment for Distance Learning Liz Johnson Project Manager Advanced Learning Technologies Board of Regents of the.

C AMPUS-WIDE E -PORTFOLIO I NITIATIVE: WHY DID IT HAPPEN, HOW DID IT WORK? : Monique Fuchs Learning Technology Solutions Project Lead – E-portfolio Initiative.

Basic Research Administration Principles Presented by Ronald Kiguba Research Coordinator, Makerere Medical School.

The Influence of Intellectual Property Rights Over Distance Education Jonathan Alger University of Michigan April 17, 2002 Copyright Jonathan Alger, 2002.

Sharing Information and Controlling Content: Continuing Challenges for Higher Education Susanna Frederick Fischer Assistant Professor Columbus School of.

Internal Auditing and Outsourcing

CUI Statistical: Collaborative Efforts of Federal Statistical Agencies Eve Powell-Griner National Center for Health Statistics.

Managing Intellectual Property for Distance Learning Liz Johnson Project Manager Advanced Learning Technologies Board of Regents of the University System.

HIPAA PRIVACY AND SECURITY AWARENESS.

Higher Education and the New International Imperative David Ward President American Council on Education Global Challenges and Higher Education Duke University.

Office of Information Technology Balancing Technology and Privacy – the Directory Conundrum January 2007 Copyright Barbara Hope and Lori Kasamatsu 2007.

Effective Management and Compliance 1 ANA GRANTEE MEETING  FEBRUARY 5, 2015.

Responsible Conduct of Research (RCR) Farida Lada October 16, 2013

Value & Excitement University Technology Services Oakland University Information Technology Strategic Planning Theresa Rowe October 2004 Copyright Theresa.

Archived File The file below has been archived for historical reference purposes only. The content and links are no longer maintained and may be outdated.

Institutional Research Compliance Juliann Tenney, JD Research Compliance and Privacy Officer Director, Institutional Research Compliance Program.

INTOSAI Public Debt Working Group Updating of the Strategic Plan Richard Domingue Office of the Auditor General of Canada June 14, 2010.

Session 5 Integrating CLAS Into Policy and Practice CLAS Training [ADD DATE] [ADD PRESENTER NAME] [ADD ORGANIZATION NAME]

Policy Review (Top-Down Methodology) Lesson 7. Policies From the Peltier Text, p. 81 “The cornerstones of effective information security programs are.

ໂດຍ: ວິສອນ ໄຊສົງຄາມ ກົມຄຸ້ມຄອງສະຖາບັນການເງິນ, ທະນາຄານແຫ່ງ ສປປ ລາວ

Environmental Management System Definitions

Copyright © 2007 Pearson Education Canada 1 Chapter 1: The Demand for Auditing and Assurance Services.

CHAPTER V Health Information. Updates on new legislation (1)  Decision No.1605/2010/QĐ-TTg approving the National Program for Application of information.

Data Governance 101. Agenda  Purpose  Presentation (Elijah J. Bell) Data Governance Data Policy Security Privacy Contracts  FERPA—The Law  Q & A.

Anyone can build a mobile App so how they heck do you govern that? BRETT POLLAK UC SAN DIEGO.

November 2, 2006 LESSONS FROM CIPAG 1 Lessons from Critical Infrastructure Group Bill Bojorquez November 2, 2006.

1 PARCC Data Privacy & Security Policy December 2013.

A Strategy for Moving from Commercial to an Open Source Environment Jeshua Pacifici, GEDI Assistant Director and Learning Systems Consultant.

1 Effective Incident Response Presented by Greg Hedrick, Manager of Security Services Copyright Purdue University This work is the intellectual property.

IT Security Challenges In Higher Education Steve Schuster Cornell University Copyright Steve Schuster This work is the intellectual property of.

1 Top 10 Challenges of the Academic Technology Community John P. Campbell & Dennis A. Trinkle EDUCAUSE Live! Monday, May 21, :00-2:00 PM Copyright.

Top 10 Challenges of the Academic Technology Community Veronica Diaz, John Campbell, Dennis Trinkle Wednesday, October 24, :50 p.m. - 4:40 p.m.

THE INSTITUTIONAL REVIEW BOARD. WHAT IS AN IRB? An IRB is committee set up by an institution to review, approve, and regulate research conducted under.

The statistical act, its application and challenges BY ABERASH TARIKU ABAYE NATIONAL STATISTICAL DATA QUALITY AND STANDARDS COORDINATION DIRECTORATE DIRECTOR.

1 HIPAA’s Impact on Depository Financial Institutions 2 nd National Medical Banking Institute Rick Morrison, CEO Remettra, Inc.

Julian Hooker Assistant Managing Director Educause Southwest

HIPAA Implementation Strategies for Compliance Professionals

Project for OnLine Instructional Support (POLIS)

HIPAA Implementation Strategies for Compliance Professionals

myIS.neu.edu – presentation screen shots accompany:

An App A Day Copyright Tina Oestreich and Brian Yuhnke This work is the intellectual property of the author. Permission is granted for this material.

HIPAA Policy & Procedure Strategies

Kenya Mann Faulkner Chief Ethics & Compliance Officer April 2019

HUD’s Coordinated Entry Data & Management Guide

Presentation transcript:

Safeguarding Research Data Policy and Implementation Challenges Miguel Soldi February 24, 2006 THE UNIVERSITY OF TEXAS SYSTEM

2 Copyright Miguel Soldi This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

3 Outline Background Policy Objective Things to Consider What Is the Best Approach? Issues Proposed Policy Feedback Received Challenges The Outcome Lessons Learned

4 Background In June of 2004, the State Auditor Office (SAO) issued a public report on the protection of research data Higher education institutions should do more to protect research data Security of research data was inconsistent and sometimes inadequate. Institutions rely on decentralized departments and individual researchers to protect research data. Findings are tracked by the Chancellor and Audit Committee of the Board of Regents.

5 Policy Objectives Protect the confidentiality and integrity of research data without creating unjustified obstacles to the conduct of research activities Establish accountability. Identify sensitive research data based on Risk Develop and Implement a Security Plan to protect confidentiality and integrity of research data

6 Things To Consider What is the Environment? Single or multiple institutions? Centralized, Decentralized or Hybrid Policy Development? Centralized, Decentralized or Hybrid IT and Research Governance? Level of influence of Administrative IT or Information Security in academic departments and research activities.

7 Things To Consider (cont.) What is the Environment? Who Is (or Should be) Involved? Faculty Advisory Council Chief Academic and Research Officers Chief Business Officers Chief Information Officers, IT Management and Security Officers Legal Office Audit Office

8 Things To Consider (cont.) What is the Environment? Who Is (or Should be) Involved? What Is Already In Place? Data Classification Guidelines? Confidential / Sensitive Data Protection Policies? Information Resources Use and Security Policies? Common definitions and understanding of terms and requirements? How much can be leveraged?

9 What Is the Best Approach? Depends on Environment and Policies already in place. Issue policy specifically for safeguarding research data Align policy with Texas Administrative Code 202 and institutional security policies Issue umbrella policy for safeguarding all Confidential and Sensitive data Provide guideline for data classification Include all data classified as confidential or most sensitive Serve as baseline for current legal requirements (e.g., HIPAA, FERPA) and for future mandates requiring protection of confidentiality, integrity and availability of data Amend existing IT security policies to address the requirements of the SAO

10 Issues Is all research data equal? Or equally important? Research is all about collaboration, collaborative evaluation, peer reviews, and exchange of data = Sharing Are we going to require more stringent control over research data than we do on patient information, HR or other sensitive data? Do we create separate data classification systems in regards to confidentiality, security, criticality, and risk? What is “inappropriate disclosure” when dealing with research data

11 Proposed Policy Safeguard all research data Establish accountability Institutional Research Security Coordinator Establish schedule for risk assessments Control access based on data sensitivity and risk assessments Prepare written security plan to protect research data with safeguards Provide training

12 Feedback Received General Overwhelming majority was negative, and in some cases, markedly negative Policy is a well-intentioned attempt to provide direction to better protect research data but it is onerous and problematic. Much of the intent of the draft Policy is covered by the Texas Administrative Code TAC 202 and by other institutional policies. In its present form, the policy would: ºimpose an enormous logistical and economic burden on investigators and institutions ºseverely impede the conduct of research and research collaboration ºundermine the principles and practices of the research community with respect to the sharing of information among scientists The scope of the definition of research data is too broad

13 Feedback Received (cont.) Control Access to Research Data The chilling effect of discouraging the free exchange of data, information and ideas among investigators by the imposition of penalties for “unapproved” data sharing. Providing access to research data to only those who need access to the data for approved research and other University business related activities is unreasonable given that PI’s routinely share research information for collaboration and review.

14 Feedback Received (cont.) Accountability Burdensome cost of establishing a large bureaucracy to monitor, review and adjudicate issues related to data access, data sharing, data retention encompassed by the draft BPM Protect Research Data with Security Safeguards Concern about the cost of providing the highest level of secure storage and archiving for the many terabytes of digital information generated by the researchers of a research university per year Enormous cost in time and effort of staff to implement a formal and thorough risk assessment process for the management of all research data generated by the researchers of a typical research university

15 Challenges How to safeguard research data while meeting the requirements of: federal research grants, regulations related to the Responsible Conduct of Research scientific journals How to guarantee problem resolution to every PI and security of their corresponding unique environments given the large number of researchers? Decisions based on risk = risk assessments? How to implement in a large research institution?

16 Safeguard all research data Establish accountability Institutional Research Security Coordinator Control access based on data sensitivity and risk assessments Prepare written security plan to protect research data with safeguards Establish schedule for risk assessments Provide training The Outcome

17 The Outcome (cont.) Applies only to “sensitive” digital research data for which there are clear scientific and institutional grounds for monitored secure storage, controlled access and guaranteed retention Clearly establishes accountability at different levels Allows each institution determine how its data is classified and the appropriate measures to meet the policy requirements Requires a plan to classify digital research data into sensitive and non-sensitive based on risk Control access to sensitive digital research data Protect sensitive digital research data. Includes an audit requirement to ensure compliance

18 Lessons Learned It is a very complex and politically charged undertaking – gauge your audience carefully. Get all constituencies involved early Communicate openly and communicate often Start as broad and specific as possible Do not lose heart – it is a long process Do not take feedback personally – even if it is.

19 Thank You THE UNIVERSITY OF TEXAS SYSTEM