Cookies on this website
We use cookies to ensure that we give you the best experience on our website. If you click 'Continue' we'll assume that you are happy to receive all cookies and you won't see this message again. Click 'Find out more' for information on how to change your cookie settings.
Information security Blogtrepreneur - Visual Content

Implications of collecting, storing, and using sensitive research data, such as confidential participant data from a clinical trial, individual survey data, or commercially sensitive data.

In October 2016, I attended a Research Data Oxford event held by the Academic IT Research Support team at IT Services. This article summarizes the event and the presentations with links to additional material.

Overview

Increasing emphasis is being placed on the information security of research data. This combined with increasing expectations of data sharing and reproducible research makes the effective management of data essential.  

To help you manage your data securely the Research Data Team are:

  • Looking at the systems that are currently available.
  • Aiming to bring together and disseminate sources of information and knowledge.
  • Looking at what additional resources and systems should be put in place.
  • Working with INFOSec to provide step by step advice on good practice and how you should handle your data to keep it secure, meet University and external guidelines and legal requirements.

Help with handling your data

The Research Data Oxford Team can help you.

Visit their website: http://researchdata.ox.ac.uk

Handling sensitive data: http://researchdata.ox.ac.uk/handling-sensitive-data/

They can also help with practical advice on how to:

  • Abide by University policy.
  • Meet funder conditions.
  • Maintain contractually mandated confidentiality.
  • Anonymise your data.
  • Encrypt your data.
  • Preserve your data safely after project completion.

To request a meeting email: researchdata@ox.ac.uk.   The enquiries team has representatives from the Bodleian Libraries, e-Research Centre, IT Services, and Research Services.

Summary and slides of the presentations (October 2016)

Introduction - Howard Noble

The team is currently at the start of a process: they don’t have all the answers and will need to work with you.

Future workshops will focus on solutions that will also be documented on the Research Data Oxford website.

Contact information: researchdata@ox.ac.uk

Howard Noble’s slides

Sensitive Data - Rowan Wilson

Looked at how IT and policies/regulations intersect, how the University's current systems can be used to meet responsibilities and how to make best use of technology, as well as considering whether they are solutions we need but don’t currently have.

  • Why data may be sensitive – personal data, sensitive personal data, data protection act, confidentiality, IP ownership.
  • IT requirements.
  • Why you might need to release your data.
  • Some examples of sensitive data queries/scenarios:
    • Emailing sensitive personal data
    • Gathering data in Oxford and further afield
    • Transcripts
    • Suggestions for current IT solutions to handling data.

Rowan Wilson’s slides

Research Ethics and personal/sensitive data at Oxford - Claudia Kozeny-Pelling

The presentation provided:

  • An overview of how the University governs research and ethics.
  • An outline of personal and sensitive data.
  • Guidance on sharing and re-using personal/sensitive data.
  • Collecting data – obtaining informed consent.
  • How to apply for ethical review.

Claudia Kozeny-Pelling’s slides

Securing Research Data - Duncan Tooke

A three step guide on securing your data both when in Oxford and when travelling: secure your device, secure your network and secure your data.

Duncan Tooke’s slides  (note: in this pdf notes are in an annotation layer)

Frameworks for Sensitive Data in the Research Lifecycle - John Southall

Consent, how data is managed during the project and how data is handled after the project is finished.

  • Data lifecycle models.
  • Internal and external frameworks.
  • Data management plans.
  • Consent agreements.
  • Approaches to managing data after a project has finished.

John Southall’s slides

Resources

Photo credit: Visual Content Data Breach via photopin (license)