Data and other records stored on computers and related devices may be vulnerable to exposure, either by accident or by malicious operations such as “phishing.” As a researcher charged with protecting your human subjects’ privacy, you are responsible for securing your data.
Here are some resources to help you think through research data security issues:
Data Security Inventory: Use this form to create a data security plan. (You will need to log in from your Carleton account). If you would like to preview the form, here is a PDF version. The form will ask you a series of questions about which kinds of data you’ll be collecting and how you’ll protect it. Upon submission, you will receive a copy of the form that you can refer to when completing the web-based IRB application form. Keep a copy with your research materials for later reference. You will be held to the standard you laid out in your IRB application.
Beyond the Password campus presentation: A brief introduction to data security.
Useful sites:
For general training in data security:
- Surveillance Self-Defense (Electronic Frontier Foundation)
- Security in a Box (Tactical Technology Collective and Front Line Defenders)
- Protecting Data (LevelUp)
On de-identification:
- How Unique Are You? (A simple tool from the Harvard Data Privacy Lab)
- An incredibly important paper on whether data can ever be “anonymized” and how we should handle release of large data-sets (Cory Doctorow, BoingBoing)
On Spectre and Meltdown (or why you should keep your systems and software updates):
- XKCD
- Why Software Updates Are So Important
- … did we mention that software updates are really quite important? Perhaps you could verify that all your software has been updated (this includes operating systems, web browsers, word processors, Adobe products, web plugins…)
On federal grant requirements & other legal issues:
- Federal Funding Agency Requirements (Northwestern University Library)
- EU’s General Data Protection Regulation (AACRAO)