Responsible Data Use: Data restrictions Robert R. Downs, PhD Center for International Earth Science Information Network (CIESIN), Columbia University Version.

Slides:

Advertisements

Similar presentations

The Role of the IRB An Institutional Review Board (IRB) is a review committee established to help protect the rights and welfare of human research subjects.

Advertisements

Cellular Telephone Use Guidelines AA Roundup June 27, 2007.

Evolution of Data Use and Stewardship Recent University-wide Data Stewardship Enhancements Integrated System Data Stewardship Shirley C. Payne, CISSP,

University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.

National Science Foundation Division of Science Resources Statistics May The Confidential Information Protection and Statistical Efficiency Act.

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

NAU HIPAA Awareness Training

SIU School of Medicine Identity Protection Act and Associated SIU Policy.

Auditing Computer Systems

Research Development for Android Coopman Tom. What is Android?  Smartphone operating system  Google  Popular  ‘Easy to develop’  Open-Source  Linux.

Contractor Management and ISO 14001:2004

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Data Management Awareness January 23, University of Michigan Administrative Information Services Data Management Awareness Unit Liaisons January.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

NSF Data Management Plan Requirements Alex Kanous

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Informed Consent and HIPAA Tim Noe Coordinating Center.

Scientific Data Management for the Protection of Human Subjects Robert R. Downs NASA Socioeconomic Data and Applications Center (SEDAC) Center for International.

ACCEPTABLE An acceptable use policy (AUP), also known as an acceptable usage policy or fair use policy, is a set of rules applied by the owner or manager.

Session 3 – Information Security Policies

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.

CUI Statistical: Collaborative Efforts of Federal Statistical Agencies Eve Powell-Griner National Center for Health Statistics.

Session 16: Distribution of Geospatial Data 1 Distribution of Geospatial Data in the Public Environment Hazard Mapping and Modeling.

Providing access to your data Robert R. Downs, PhD Socioeconomic Data and Applications Center (SEDAC) Center for International Earth Science Information.

HIPAA PRIVACY AND SECURITY AWARENESS.

“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.

Providing Access to Your Data Matthew Mayernik National Center for Atmospheric Research Version 1.0 Review Date.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

HQ Expectations of DOE Site IRBs Reporting Unanticipated Problems and Review/Approval of Projects that Use Personally Identifiable Information Libby White.

Concepts of Database Management Eighth Edition

Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.

Responsible Data Use: Data restrictions Robert R. Downs, PhD NASA Socioeconomic Data and Applications Center (SEDAC) Center for International Earth Science.

World Data Center for Human Interactions in the Environment Needs Assessment for Managing and Preserving Geospatial Electronic Records: Preliminary Results.

WORKING WITH SPO AND IAO Lynne HollyerNoam Pines Associate Director Research Administrator Industry Alliances OfficeSponsored Projects Office

Use of U.T. Austin Property Computers: Security & Acceptable Use The University of Texas at Austin General Compliance Training Program.

April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.

LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.

Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.

Information Security Training for People who Supervise Computer Users.

NCSC Test Security. NCSC vs States’ role NCSC is not a vendor and does not handle data with PII except for prescribed research study roles by one organizational.

Responsible Data Use: Data Restrictions Robert R. Downs, PhD NASA Socioeconomic Data and Applications Center (SEDAC) Center for International Earth Science.

Providing Access to Your Data: Rights Robert R. Downs, PhD NASA Socioeconomic Data and Applications Center (SEDAC) Center for International Earth Science.

Research & Economic Development Office of Grants and Contracts Administration Data Security Presented by Debbie Bolick September 24, 2015.

Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.

ISO/IEC 27001:2013 Annex A.8 Asset management

Responsible Data Use: Copyright and Data Matthew Mayernik National Center for Atmospheric Research Version 1.0 Review Date.

Office of Human Research Protection Georgia Health Sciences University.

ISO DOCUMENT CONTROL. ISO Environmental Management Systems2 Lesson Learning Goals At the end of this lesson you should be able to: 

Authorization and Inspection of Cyclotron Facilities The Authorization Process.

A REVIEW OF THE NPSD’S ACCEPTABLE USE POLICIES AND ADMINISTRATIVE REGULATIONS JUNE 17 TH & 20 TH TEACHER IN-SERVICE The Acceptable Use of Technology 1.

SEDAC Long-Term Archive Development Robert R. Downs Socioeconomic Data and Applications Center Center for International Earth Science Information Network.

Providing access to your data: Handling sensitive data Robert R. Downs, PhD NASA Socioeconomic Data and Applications Center (SEDAC) Center for International.

A REVIEW OF THE NPSD’S ACCEPTABLE USE POLICIES AND ADMINISTRATIVE REGULATIONS JUNE 17 TH & 20 TH TEACHER IN-SERVICE The Acceptable Use of Technology 1.

Session 11 Data protection. 1 Contents Part 1: Introduction Part 2: Applicability and responsibility Part 3: Our procedures on data protection Part 4:

Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.

COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.

By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.

Somerset ISD Online Acceptable Use Policy. Somerset Independent School District Electronic Resources Acceptable Use Policy The purpose of this training.

SECURITY AND ELECTRONIC COMMUNICATIONS WHAT YOU NEED TO KNOW FOR YOUR AUDIT.

The Acceptable Use of Technology

Providing Access to Your Data: Handling sensitive data

Managing the IT Function

IS4680 Security Auditing for Compliance

HQ Expectations of DOE Site IRBs

Data Protection What can I do? GDPR Principles General Data Protection

Good clinical practice

Presentation transcript:

Responsible Data Use: Data restrictions Robert R. Downs, PhD Center for International Earth Science Information Network (CIESIN), Columbia University Version 1.0 Review Date

Module Template: Subtitle; Version 1.0, Reviewed 9/15/11 Overview Some data contain restrictions on who may access them and how they may be used. Restrictions may be placed on data for various reasons and may be permanent or temporary. Restrictions that apply to a data product or service must be recognized, managed, and complied with so that the restrictions are not violated. Data managers must ensure that restricted data are adequately protected so that they are not disseminated to unauthorized persons. Data users must ensure that their use does not violate any restrictions that have been placed on the data they are using.

Module Template: Subtitle; Version 1.0, Reviewed 9/15/11 Relevance to Data Management Restrictions may be placed on data to protect individuals or interests. Intellectual property rights or licensing restrictions may apply. Laws, regulations, or policies may restrict access to some data. Security – Information about locations or property may be restricted. Confidentiality – Information about individuals may be restricted. Environmental Protection – Information about locations or inhabitants may be restricted. Violating restrictions that have been placed on data is unethical and could result in civil or criminal penalties, such as fines, loss of privileges, or incarceration.

Module Template: Subtitle; Version 1.0, Reviewed 9/15/11 What kinds of restrictions are placed on data? Access and use Restrictions may limit who may have access to the data or how they are used. Access may be authorized only for specific purposes, such as educational use. Restrictions may limit whether data may be used to create new products or services. Modifications or derivations of the data may be prohibited. Dissemination and copies Restrictions may limit who is authorized to distribute the data, how the data may be distributed, and whether copies of the data may be created. Distribution may be limited to a specific location or service. Distribution may be limited to a specific time period, which may be in the future. Restrictions on dissemination may apply to the data and to all derivations or products created from the data.

Module Template: Subtitle; Version 1.0, Reviewed 9/15/11 Methods for restricting data Identify data that must be restricted. Label data as restricted. Store data in secure facilities. Transport data using secure means. Include with the data, a description of the conditions under which the data are restricted along with acceptable uses. Establish infrastructure and procedures for storing, managing, disseminating, accessing, copying, transmitting, and using restricted data. Train staff on how to protect data from unauthorized use.

Module Template: Subtitle; Version 1.0, Reviewed 9/15/11 Methods of providing access to restricted data Limit access to authorized individuals or roles Enable access within a facility only accessible by authorized persons. Limit access to authorized individuals with password-protection. Establish a data enclave without capabilities to copy or transmit data. Provide options for accessing restricted data Require evidence of approval or expertise. Require users to sign a confidentiality, non-disclosure, or data use agreement. Require approval of data protection plan from potential users. Request an exception or waiver of restrictions under certain conditions. Request clearance for specific individuals to access restricted data. Request declassification of restricted data from relevant authority. Modify the data to protect restricted portions Change aspects of data that are restricted (recode, generalize) Remove or obscure the portions of data that are restricted (redact)

Module Template: Subtitle; Version 1.0, Reviewed 9/15/11 Providing access to restricted data Review or establish organizational policies on restricted data Identify conditions under which restricted data may be disseminated. Select a dissemination method that does not violate restrictions. Create a data dissemination plan that complies with restrictions. Request approval from authorities for data dissemination plan. Disseminate data in accordance with data dissemination plan. Monitor data dissemination to ensure compliance with all restrictions on data. Cease dissemination if restrictions on data are violated and immediately report any violations to authorities.

Module Template: Subtitle; Version 1.0, Reviewed 9/15/11 References and Resources Where to go for more information Best Practices for Sharing Sensitive Environmental Geospatial Data Data_Guide_EN_v1.pdf Computer Security Act of Confidentiality Issues in Geospatial Data Applications Dealing With Sensitive Data sensitive-datahttp:// sensitive-data ICPSR – Restricted Data Guidelines for Providing Appropriate Access to Geospatial Data in Response to Security Concerns

Module Template: Subtitle; Version 1.0, Reviewed 9/15/11 Other Relevant Modules Data Management Plans: Data access, sharing, and re-use policies Providing access to your data: Handling Sensitive Data Providing access to your data: Rights Submission agreements: Constraints