A Arenas, S Crompton, B Matthews, M Wilson, B Aziz, Science and Technology Facilities Council Emil Lupu, E Scalavino, Imperial College London. F Martinelli,

Slides:



Advertisements
Similar presentations
The Role of the IRB An Institutional Review Board (IRB) is a review committee established to help protect the rights and welfare of human research subjects.
Advertisements

Module N° 4 – ICAO SSP framework
GEOSS Data Sharing Principles. GEOSS 10-Year Implementation Plan 5.4 Data Sharing The societal benefits of Earth observations cannot be achieved without.
Access to and Use of Traditional Knowledge A view from industry Bo Hammer Jensen.
Procedural Safeguards
NSF Data Management Plan
University Contracting The University of Arizona Office of Research and Contract Analysis (ORCA)
Implementing NSERC’s IP Policy June 30 th, 2010 CAURA Webinar Stéphanie Michaud.
University Contracting The University of Arizona Contracting & Research Services (CRS)
ICAT Developer Workshop : Consequence Shirley Crompton, ESC, STFC Daresbury Laboratory.
Research Contracts and IP Services TRAINING WORKSHOPS ON HORIZON 2020 – 27 NOV 2014 The Grant Agreement Roger Wallace – Research Contracts & IP Services.
Complying with Privacy to Enable Innovation & Research
Data Ownership Responsibilities & Procedures
Data-Sharing and Governance Consultation ANALYSIS OF RESPONSES.
1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,
Brussels, 29 October 2007 Bart Janse DG Research IPR in FP7.
Supportive Services for Veteran Families (SSVF) Data Bigger Picture Updated 5/22/14.
Information Security Policies and Standards
NSF Data Management Plan Requirements Alex Kanous
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Anglican Province of Canada Privacy Policy. Commitment to Privacy The Privacy Policy, including the Web Privacy Statement, is the Anglican Province of.
Data Protection Recruitment Process
April 2, 2013 Longitudinal Data system Governance: Status Report Alan Phillips Deputy Director, Fiscal Affairs, Budgeting and IT Illinois Board of Higher.
Peer Information Security Policies: A Sampling Summer 2015.
Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.
A project implemented by the HTSPE consortium This project is funded by the European Union SUSTAINABLE GROWTH LIFE
CUI Statistical: Collaborative Efforts of Federal Statistical Agencies Eve Powell-Griner National Center for Health Statistics.
University Contracting The University of Arizona Office of Research and Contract Analysis (ORCA)
Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.
HIPAA PRIVACY AND SECURITY AWARENESS.
Responsible Conduct of Research (RCR) Farida Lada October 16, 2013
Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.
Security of the Distributed Electronic Patient Record: A Case-Based Approach James G. Anderson, Ph.D. Purdue University.
IPR related obligations DG Research & Innovation Research and Innovation.
Main Requirements on Different Stages of the Licensing Process for New Nuclear Facilities Module 4.1 Steps in the Licensing Process Geoff Vaughan University.
Strengthening Science Supporting Fishery Management  Standards for Best Available Science  Implementation of OMB’s Peer Review Bulletin  Separation.
Open Government, Social Media, and Information Policy: Constraints and Barriers John Carlo Bertot Professor and Director Center for Library & Information.
Providing Access to Your Data Matthew Mayernik National Center for Atmospheric Research Copyright 2012 Matthew Mayernik. Version 1.0 October 2012 Section:
LEGAL ASPECTS OF DIGITAL LIBRARIES By TALWANT SINGH ADDL DISTT. & SESSIONS JUDGE; DELHI.
Confidentiality A Training Without the Video. Laws FERPA (1976) or the Buckley Amendment (1994) IDEA (1991) KY Safe Schools (1998)
WP1: IP charter Geneva – 23rd June 2009 Contribution from CERN.
A project implemented by the HTSPE consortium This project is funded by the European Union SECURITY AND CITIZENSHIP RIGHT AND CITIZENSHIP
© 2004 The IPR-Helpdesk is a project of the European Commission DG Enterprise, co-financed within the fifth framework programme of the European Community.
Volvox The EC Contract Angela Pettit – Contracts Officer.
Intellectual Property Rights Economy and Ownership of Results in IST Projects The Research Council of Norway Niels Peter Thorshaug.
Moscow, Russia, 10 September 2012 HSE Intellectual Property Policy Aliya Ermakova, Head of IP Department, Innovation and Enterprise Office, HSE
The United States Department of Transportation. The United States Department of Transportation Public Access Plan is still under development and is subject.
NATIONAL CONFERENCE Intellectual Property Policies for Universities and Innovation dr. sc. Vlatka Petrović Head, Technology Transfer Office Acting Head,
Policy on the Management of Intellectual Property in Technology Transfer Activities at CERN CERN/FC/5434/RA Technology Transfer Network Meeting – 10 th.
DOE Data Management Plan Requirements
© 2004 The IPR-Helpdesk is a project of the European Commission DG Enterprise, co-financed within the fifth framework programme of the European Community.
Lecture 27 Intellectual Property. Intellectual Property simply defined is any form of knowledge or expression created with one's intellect. It includes.
Review of Research-Related Agreements Between Academic Institutions and Other Entities. Manoja Ratnayake Lecamwasam, PhD Intellectual Property and Innovation.
WIPO Guidance – Intellectual Property Policy for Universities and Research Institutions for Countries in Transitions Prague, April 21 and 22, 2016 Mr.
HIPAA Training. What information is considered PHI (Protected Health Information)  Dates- Birthdays, Dates of Admission and Discharge, Date of Death.
COMMUNITY-WIDE HEALTH INFORMATION EXCHANGE: HIPAA PRIVACY AND SECURITY ISSUES Ninth National HIPAA Summit September 14, 2004 Prepared by: Robert Belfort,
Responsible Data Use: Data restrictions Robert R. Downs, PhD Center for International Earth Science Information Network (CIESIN), Columbia University Version.
Nassau Association of School Technologists
iSecurity Compliance with HIPAA
Financing Small Firm Innovation in the United States
Providing Access to Your Data: Handling sensitive data
Research Data Context Preservation in SCAPE
Obligations of Educational Agencies: Parents’ Bill of Rights
National Contact Points (NCP) Training
GEOSS Data Sharing Principles
University & Industry Collaborative IP Development
Privacy & Access to Information
IPR in FP7 Bart Janse DG Research A.2.
The partnership principle in the implementation of the CSF funds ___ Elements for a European Code of Conduct.
INTELLECTUAL PROPERTY RIGHTS (IPR) IN FP7
Presentation transcript:

A Arenas, S Crompton, B Matthews, M Wilson, B Aziz, Science and Technology Facilities Council Emil Lupu, E Scalavino, Imperial College London. F Martinelli, M Petrocchi. CNR Istituto di Informatica e Telematica, Pisa, Italy Security policies in scientific data sharing agreements

The Issue The on-line publication of data is encouraged by funding bodies to promote re-analysis and interdisciplinary research. The publication of scientific data is governed by legislation and data sharing agreements between the different parties. Agreements are drafted by senior managers and lawyers to express what can be decided in court, rather than what can be enforced computationally. But, what can be enforced computationally … ? 1

2 A Research Council awards a grant to a consortium to study an enzyme that is essential to the lifecycle of HIV virus. The project will pave the way for the development of new drugs, so is co- funded by a drug company. The consortium includes researchers from international Universities, and a commercial partner. STFC Diamond synchrotron beamline is used to:  collect X-ray diffraction patterns of an enzyme bound to the interacting host proteins  In vitro experiment of docking drug compounds STFC store the experimental data Who has access to it and when ? Data Sharing Scenario

Actors 1.Funding bodies 2.Exploiting companies 3.STFC facilities management 4.Annually over visiting Scientists from around the world from both Academia and Industry. 5.The collaborative projects the scientists work in 6.The team at each university 7.Universities who employ scientists Each have their own data policies

a policy use case The national funding body who has paid for the research has a data policy which states that the funded researchers, staff in the funding body and their reviewers should have access to the data for 3 years, but nobody else. The researchers work in a university who have a data access policy that all researchers in the university should retain IPR on their data and not allow others access to it for 5 years. All researchers in the university have access to the data of all other researchers in the university in order to facilitate interdisciplinary research. The pharmaceutical company who co-sponsor the research have a policy that although others can have access to the data, they are the only ones who can use the data for commercial purposes. One researcher on the project is submitting part of the work to her university to acquire a PhD, and does not want anybody else, even in the university, to see it for 3 years. STFC has a policy that our staff can have access to the data produced on our facilities for administration and for use in developing the facilities.

5 DSA – Example Policies Funding Agency  Grantees  Research data with no outstanding IP must be made publicly available after project completion or on publication, whichever the earlier.  Its reviewers have read only access to data during project lifetime. Facility Provider  Facility Users  All results from non-commercial experiments older than 3 years will be made public unless an extension has been granted by the Director.  Appropriate personnel (instrument scientists, administrators) can access facility user’s data or metadata for facility-related purposes (eg. maintenance, beamline development). All relevant staff are bound by standard non-disclosure restrictions. Participating Organisation (academic)  Employees  In-house colleagues have read access to other researchers’ data to facilitate cross- discipline research.  External researchers are barred from accessing data arising from employee’s research for a period of 5 years.  Retains IP arising from staff’s research. Participating Organisation (Commercial)  Consortium Partners  Access to its proprietary libraries and data derived from its application are restricted to –the EU –named investigators –the project lifetime  Retains share of IP on data and patent/s derived from the use of its library.  Has exclusive licence to take targeted active compounds into drug development. Consortium Member (Ph.D. Student)  The World  Nobody can access his research data until after the completion of the project which is tied to the submission deadline of his thesis.

6 Example Policies in Data Sharing Agreements 5 DATA SHARING AND ACCESS 5.1 The parties agree in principle to the open and free sharing between the parties of meteorological, air, water and terrestrial data gathered from monitoring locations; 5.7 The parties agree to seek opportunities to provide the public with seamless Web access to federal and provincial environmental data and information; 5.8 Data or information acquired by one party from the other under the Agreement shall not be disseminated commercially or otherwise disclosed, transmitted or sold to any organizations other than the parties to the Agreement without the written consent of the party that owns the information. The parties thus recognize that the organization that produces a particular set of data or information item is the only one, at its option, entitled to receive payment for subsequent distribution or use; Environmental Data Sharing AGREEMENT Between Environment Canada, Pacific and Yukon Region and British Columbia Ministry of Water Land and Air Protection, April 29, Quality controlled data or information acquired by one party from the other under the Agreement may be disseminated or otherwise disclosed or transmitted without cost to any individual or organization without the need for written consent from the party that owns the information providing that (1) the data or information are not modified, (2) the jurisdictional ownership is clearly acknowledged and (3) the release does not compromise the privacy or commercial competitiveness of the data source; 5.10 Raw data or draft information acquired by one party from the other under the Agreement may not be disseminated or otherwise disclosed to any individual or organization other than the parties to the Agreement without the written consent of the party that owns the data or produced the information; 5.12 The Agreement authorizes the production, dissemination and sale of derivatives by the parties. Where appropriate (e.g., in scientific reports and articles), the party that owns the data shall be explicitly acknowledged as the owner of the data used; 5.15 The parties agree to acquire and use data and information in a manner that respects the scientific value of the data, legislation and intellectual property rights of the parties;

7 US Restrictive data policies VI. LOCATION OF MATCHED DATA AND CUSTODIAL RESPONSIBILITY This agreement represents and warrants further that, except as specified in an attachment or except as authorized in writing, that such data shall not be disclosed, released, revealed, showed, sold, rented, leased, loaned, or otherwise have access granted to the data covered by this agreement to any person. Access to the data covered by this agreement shall be limited to the minimum number of individuals necessary to achieve the purpose stated in this section and to those individuals on a need-to-know basis only. VII. CONFIDENTIALITY The User agrees to establish appropriate administrative, technical, and physical safeguards to protect the confidentiality of the data and to prevent unauthorized use or access to it. See - OMB Circular No. A-130, Appendix III VIII. DISPOSITION OF DATA The requestor and its agents will destroy all confidential information associated with actual records as soon as the purposes of the project have been accomplished and notify the providing agency to this effect in writing. Inter-Agency Data-Sharing Agreement, Centers for Medicaid and Medicare Services,

8 UK restrictive data policies 3 Nomination of Staff State team members working within the project To whom data shall be sent To whom disclosures should be made Who are responsible for Data Protection and Security Requests from non-authorised personnel / organisations shall be declined. 4 Commitment to compliance [Make reference to Policies and Procedures and State that all staff will be made aware of their responsibilities under the Data Protection Act 1998 and related legislation] 5 Security Measures [Identify specific Security requirements to allow for the secure transfer of data] e.g. [Passwords] [encryption] [Personnel security] [Classification guide – allocate level of security to specific sets of data] [Data Storage – compatible with Classification guide] 6 Destruction of information [Process] [Retention Periods for sets of data] [Define how data will be destroyed after Retention period] [Make reference to Policies already in place where possible] Hammersmith & Fulham Borough Council, Draft Data Sharing Protocol

Analysing Data Sharing Policies Policies need: 1)to be refined down to policy languages where they can be analysed and conflicts resolved, 2)further refined to languages which can be enforced at run time. Informally: If B receives object o from A on c1, then B will not send o to any other principal for 1 year Formally: (forall T o) if c1.rcv(o) then (forall Channel c) if (c.dest ≠ A) then (not c.send(o) until 1 year) at B until 17/04/2009 9

10 Enforcing Policies The established scientific approach is to apply access controls on the data server data usage is not addressed. The established commercial approach is to apply digital rights management which constrains the use of the data in the reader or player programme these technologies are coarse and simplistic – play/no-play Need to combine these two approaches, will also allow control over both data access and data usage

11 The Consortium High demand testbeds Industrial innovators Researchers

12 Main objectives Define an architecture within a framework  to enable dynamic management policies  based on agreements that  ensure end-to-end secure protection  of data-centric information. Implement the architecture in software. Evaluate the technical and business benefits of the implementation and framework via two test beds:  Sensitive scientific data  Crisis management data

Policy Management & Enforcement Architecture 13

Diamond Light Source £175 million facility Electrons are accelerated in a synchrotron ring Electrons are passed through magnets Light and x rays are piped to experimental stations

DLS experiments X-rays are 1 billion times brighter than hospital x-rays X rays are focussed on materials Detectors collect diffracted x-rays Computers re-construct the materials structure

17 Mini-scenario 1 : Beamline Experiment Workflow

18 Mini-scenario 2 – Concurrent Research Activities

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.