Presentation is loading. Please wait.

Presentation is loading. Please wait.

Safeguarding Research Data Policy and Implementation Challenges Miguel Soldi February 24, 2006 THE UNIVERSITY OF TEXAS SYSTEM.

Published byRandall Shelton Modified over 9 years ago

Similar presentations

Presentation on theme: "Safeguarding Research Data Policy and Implementation Challenges Miguel Soldi February 24, 2006 THE UNIVERSITY OF TEXAS SYSTEM."— Presentation transcript:

1 Safeguarding Research Data Policy and Implementation Challenges Miguel Soldi February 24, 2006 THE UNIVERSITY OF TEXAS SYSTEM

2 2 Copyright Miguel Soldi 2006. This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

3 3 Outline Background Policy Objective Things to Consider What Is the Best Approach? Issues Proposed Policy Feedback Received Challenges The Outcome Lessons Learned

4 4 Background In June of 2004, the State Auditor Office (SAO) issued a public report on the protection of research data Higher education institutions should do more to protect research data Security of research data was inconsistent and sometimes inadequate. Institutions rely on decentralized departments and individual researchers to protect research data. Findings are tracked by the Chancellor and Audit Committee of the Board of Regents.

5 5 Policy Objectives Protect the confidentiality and integrity of research data without creating unjustified obstacles to the conduct of research activities Establish accountability. Identify sensitive research data based on Risk Develop and Implement a Security Plan to protect confidentiality and integrity of research data

6 6 Things To Consider What is the Environment? Single or multiple institutions? Centralized, Decentralized or Hybrid Policy Development? Centralized, Decentralized or Hybrid IT and Research Governance? Level of influence of Administrative IT or Information Security in academic departments and research activities.

7 7 Things To Consider (cont.) What is the Environment? Who Is (or Should be) Involved? Faculty Advisory Council Chief Academic and Research Officers Chief Business Officers Chief Information Officers, IT Management and Security Officers Legal Office Audit Office

8 8 Things To Consider (cont.) What is the Environment? Who Is (or Should be) Involved? What Is Already In Place? Data Classification Guidelines? Confidential / Sensitive Data Protection Policies? Information Resources Use and Security Policies? Common definitions and understanding of terms and requirements? How much can be leveraged?

9 9 What Is the Best Approach? Depends on Environment and Policies already in place. Issue policy specifically for safeguarding research data Align policy with Texas Administrative Code 202 and institutional security policies Issue umbrella policy for safeguarding all Confidential and Sensitive data Provide guideline for data classification Include all data classified as confidential or most sensitive Serve as baseline for current legal requirements (e.g., HIPAA, FERPA) and for future mandates requiring protection of confidentiality, integrity and availability of data Amend existing IT security policies to address the requirements of the SAO

10 10 Issues Is all research data equal? Or equally important? Research is all about collaboration, collaborative evaluation, peer reviews, and exchange of data = Sharing Are we going to require more stringent control over research data than we do on patient information, HR or other sensitive data? Do we create separate data classification systems in regards to confidentiality, security, criticality, and risk? What is “inappropriate disclosure” when dealing with research data

11 11 Proposed Policy Safeguard all research data Establish accountability Institutional Research Security Coordinator Establish schedule for risk assessments Control access based on data sensitivity and risk assessments Prepare written security plan to protect research data with safeguards Provide training

12 12 Feedback Received General Overwhelming majority was negative, and in some cases, markedly negative Policy is a well-intentioned attempt to provide direction to better protect research data but it is onerous and problematic. Much of the intent of the draft Policy is covered by the Texas Administrative Code TAC 202 and by other institutional policies. In its present form, the policy would: ºimpose an enormous logistical and economic burden on investigators and institutions ºseverely impede the conduct of research and research collaboration ºundermine the principles and practices of the research community with respect to the sharing of information among scientists The scope of the definition of research data is too broad

13 13 Feedback Received (cont.) Control Access to Research Data The chilling effect of discouraging the free exchange of data, information and ideas among investigators by the imposition of penalties for “unapproved” data sharing. Providing access to research data to only those who need access to the data for approved research and other University business related activities is unreasonable given that PI’s routinely share research information for collaboration and review.

14 14 Feedback Received (cont.) Accountability Burdensome cost of establishing a large bureaucracy to monitor, review and adjudicate issues related to data access, data sharing, data retention encompassed by the draft BPM Protect Research Data with Security Safeguards Concern about the cost of providing the highest level of secure storage and archiving for the many terabytes of digital information generated by the researchers of a research university per year Enormous cost in time and effort of staff to implement a formal and thorough risk assessment process for the management of all research data generated by the researchers of a typical research university

15 15 Challenges How to safeguard research data while meeting the requirements of: federal research grants, regulations related to the Responsible Conduct of Research scientific journals How to guarantee problem resolution to every PI and security of their corresponding unique environments given the large number of researchers? Decisions based on risk = risk assessments? How to implement in a large research institution?

16 16 Safeguard all research data Establish accountability Institutional Research Security Coordinator Control access based on data sensitivity and risk assessments Prepare written security plan to protect research data with safeguards Establish schedule for risk assessments Provide training The Outcome

17 17 The Outcome (cont.) Applies only to “sensitive” digital research data for which there are clear scientific and institutional grounds for monitored secure storage, controlled access and guaranteed retention Clearly establishes accountability at different levels Allows each institution determine how its data is classified and the appropriate measures to meet the policy requirements Requires a plan to classify digital research data into sensitive and non-sensitive based on risk Control access to sensitive digital research data Protect sensitive digital research data. Includes an audit requirement to ensure compliance

18 18 Lessons Learned It is a very complex and politically charged undertaking – gauge your audience carefully. Get all constituencies involved early Communicate openly and communicate often Start as broad and specific as possible Do not lose heart – it is a long process Do not take feedback personally – even if it is.

19 19 Thank You THE UNIVERSITY OF TEXAS SYSTEM

Download ppt "Safeguarding Research Data Policy and Implementation Challenges Miguel Soldi February 24, 2006 THE UNIVERSITY OF TEXAS SYSTEM."

Similar presentations

The Role of the IRB An Institutional Review Board (IRB) is a review committee established to help protect the rights and welfare of human research subjects.

The Role of the IRB An Institutional Review Board (IRB) is a review committee established to help protect the rights and welfare of human research subjects.
Copyright Kathy J. Lang and Ed Mahon, 2006. This work is the intellectual property of the authors. Permission is granted for this material to be shared.

Copyright Kathy J. Lang and Ed Mahon, This work is the intellectual property of the authors. Permission is granted for this material to be shared.
Technology Across the Curriculum Programs Keys to Success Beth Secrist, TAC Coordinator Copyright Beth Secrist, 2005. This work is the intellectual property.

Technology Across the Curriculum Programs Keys to Success Beth Secrist, TAC Coordinator Copyright Beth Secrist, This work is the intellectual property.
Office of Information Technology Affiliates/Guests – Who are these people and how do we give them services? Copyright, Barbara Hope, University of Maryland,

Office of Information Technology Affiliates/Guests – Who are these people and how do we give them services? Copyright, Barbara Hope, University of Maryland,
PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER.

PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER.
Making Sense out of the Information Security and Privacy Alphabet Soup in terms of Data Access A pragmatic, collaborative approach to promulgating campus-wide.

Making Sense out of the Information Security and Privacy Alphabet Soup in terms of Data Access A pragmatic, collaborative approach to promulgating campus-wide.
Campus Improvement Plans

Campus Improvement Plans
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna 412-396-4419.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.

ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
Ethical Considerations when Developing Human Research Protocols A discipline “born in scandal and reared in protectionism” Carol Levine, 1988.

Ethical Considerations when Developing Human Research Protocols A discipline “born in scandal and reared in protectionism” Carol Levine, 1988.
Making the Case for Security: An Application of the NIST Security Assessment Framework to GW January 17, 2003 David Swartz Chief Information Officer Guy.

Making the Case for Security: An Application of the NIST Security Assessment Framework to GW January 17, 2003 David Swartz Chief Information Officer Guy.
The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.

The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.
Data Ownership Responsibilities & Procedures

Data Ownership Responsibilities & Procedures
Process for Policy Development and Mechanism for Policy Concerns.

Process for Policy Development and Mechanism for Policy Concerns.
Advancing Security Programs through Partnerships Cathy HubbsShirley Payne IT Security Coordinator Director for Security Coordination & Policy George Mason.

Advancing Security Programs through Partnerships Cathy HubbsShirley Payne IT Security Coordinator Director for Security Coordination & Policy George Mason.
Information Security Policies and Standards

Information Security Policies and Standards
UWM CIO Office A Collaborative Process for IT Training and Development Copyright UW-Milwaukee, 2007. This work is the intellectual property of the author.

UWM CIO Office A Collaborative Process for IT Training and Development Copyright UW-Milwaukee, This work is the intellectual property of the author.
1 IT Security-related Legislation Judy Borreson Caruso CUMREC 2004 May 18, 2004 Copyright Judy Borreson Caruso, 2004. This work is the intellectual property.

1 IT Security-related Legislation Judy Borreson Caruso CUMREC 2004 May 18, 2004 Copyright Judy Borreson Caruso, This work is the intellectual property.
Purpose of the Standards

Purpose of the Standards

Similar presentations

Ads by Google