Hi Adam,
Do take a look at the 5 Safes model that is in use by use by some national data archives, and some government departments. It focuses on trusted data providers, user and settings.
http://blog.ukdataservice.ac.uk/access-to-sensitive-data-for-research-the-5-safes/
We recently held a workshop on this and a brochure will be out by Xmas. http://ukdataservice.ac.uk/news-and-events/eventsitem/?id=4058
Best
Louise
__________________________
Louise Corti
Director, Collections Development and Producer Relations
__________________________
T +44(0) 1206 872145
E [log in to unmask]
W www.data-archive.ac.uk
__________________________
UK Data Service
UK Data Archive
University of Essex
Wivenhoe Park
Colchester
Essex CO4 3SQ
New book: Corti, L., Van den Eynden, V., Bishop, L and Woollard, M. Managing and Sharing Research Data: A Guide to Good Practice. Sage Publications Ltd. http://www.uk.sagepub.com/books/9781446267264
Legal Disclaimer: Any views expressed by the sender of this message are not necessarily those of the UK Data Service or the UK Data Archive. This email and any files with it are confidential and intended solely for the use of the individual(s) or entity to whom they are addressed
-----Original Message-----
From: Research Data Management discussion list [mailto:[log in to unmask]] On Behalf Of Adam Riches
Sent: 12 October 2015 17:28
To: [log in to unmask]
Subject: Sensitive Research Data Management
Importance: High
Good afternoon,
We’re interested in finding improvements to our procedures and technological solutions for storing sensitive research data.
Contrary to talks about Research Data Management - which generally focus on making research data open access - this sensitive data needs to be restricted and be auditable.
To provide further context; this data may take the form of (but not limited to), research into terrorism, extremism, abuse or any criminal activity. Essentially any data which would be classed as suspicious or risks public safety.
A document produced by Universities UK (October 2012) provides some recommendations, but only to state that there is a password protected secure storage area where files should be deposited to prevent circulation.
We believe that from the document the minimum requirements would be:
• A named individual* should know who has been given access.
• A named individual* should know what documents are on it.
• The researcher should only be able to access their own files.
• The data should be secure (physical site and server infrastructure).
• A named individual* should have access to Audit trail; which will record who and when files are created, accessed, modified and deleted.
[*such as a governance manager, who would be the first point of contact for police enquiries]
1) Has anyone managed to define a solid set of procedures which they would be willing to share?
2) What technical solutions (or providers) would provide this level of assurance?
If you respond to me directly, I'll anonymise any feedback before sharing with the wider group.
Regards,
Adam Riches
Information Systems Manager (RKE)
Manchester Metropolitan University
"Before acting on this email or opening any attachments you should read the Manchester Metropolitan University email disclaimer available on its website http://www.mmu.ac.uk/emaildisclaimer "
|