1. Sensitive Data

2. Agenda Howard Noble – Research Support ACIT (IT Services) Rowan Wilson – Research Support ACIT (IT Services) Claudia Kozeny-Pelling – Research Services Duncan Tooke – Information Security John Southall – Bodleian You (25% Researchers, 75% Support Staff) Your approaches Your concerns

3. Why might data be sensitive? Personal data and sensitive personal data (DPA) Confidentiality IP ownership issues

4. What are we discussing today? Intersection of IT and policy/regulation How can we use our current systems to best meet our responsibilities? How can we make sure that we make best use of technology within the constraints of responsibilities? Are there solutions we need that we don’t have?

5. Data Protection Act Data Controller – University of Oxford, third party body/institution Determines the purpose of processing Data Processors – collaborating institutions, cloud service providers, us Personal data – relates to living, identifiable individuals Sensitive personal data – as above but concerning (a) race (b) political opinions, (c ) religious beliefs (or other beliefs of a similar nature) (d) Union membership (e) physical or mental health (f) sexual life, (g) offences or alleged offences (h) court history and outcomes

6. Confidentiality Data need not relate to individuals Often expressly stated as in Non-Disclosure Agreements, but not necessarily Circumstances can create an expectation of confidentiality How to identify it Context Labelling Nature Trade secrets Government secrets Commercially sensitive Know how Breach involves using the information in an unauthorised manner

7. IP ownership For example Trade secrets (by 2018, Brexit permitting) Copyright Database rights Patentable material Statutes make it possible/likely Oxford owns IP in research data (case by case analysis recommended)

8. Some IT requirements arising Access control Encryption Anonymization support Appropriate online survey tools Secure online collaboration tools Long term archiving with fine-grained access controls and adequate sensitivity metadata Audited disposal where appropriate

9. Why might you have to release your data? You want to Funder requirements Legal proceedings Boston College RIPA Keep metadata about sensitivity status and consents Consider a schema that allows your data to be divided into sensitive and ‘normal’ for partial release

10. Sensitive Data Some example queries

11. Emailing sensitive personal data Application proposes passworded Word docs Collaborators did not want to use that approach Third party secure email provider suggested EULA aimed at individual researcher

12. Travelling to gather data Going to a country where certain forms of encryption are in theory illegal Gathering data from subjects opposed to the state Backup over potentially insecure network infrastructure Risk to local storage (laptop, USB) of theft etc

13. Staying at home to gather data Interviewing colleagues in ways that generate sensitive personal data Storage unencrypted on departmental file server Unencrypted backup into HFS from departmental file server

14. Getting transcripts Using individual cloud storage from a well-known provider to store recordings and transcripts of interviews Subjects lightly anonymised Subjects personal safety at risk on breach – State actors Well-known provider webmail and file-sharing via URL into cloud store used to obtain transcripts

15. Some approaches Personal encrypted file store software such as Veracrypt Enabling encryption on your personal HFS backups End to end email security using OpenGPG or similar Consolidating sensitive material outside your email store Nexus Sharepoint as a secure location, possibly in encrypted form Departmental research data file stores for retention beyond project Data stewards? Encryption key management