Presentation is loading. Please wait.

Presentation is loading. Please wait.

Confidentiality of benchmarking information Bencheit workshop in Paris, December 4, 2013 Pekka Kähkipuro.

Published byChester Cannon Modified over 9 years ago

Similar presentations

Presentation on theme: "Confidentiality of benchmarking information Bencheit workshop in Paris, December 4, 2013 Pekka Kähkipuro."— Presentation transcript:

1 Confidentiality of benchmarking information Bencheit workshop in Paris, December 4, 2013 Pekka Kähkipuro

2 Agenda Background Examples Group work Discussion and conclusions Bencheit workshop, Paris, December 4, 20132

3 Background There is a need to protect critical IT related information to avoid –the misuse of information by vendors (risk of financial loss) –time-consuming discussions on the use of IT resources –disclosure of critical plans too early, etc. There are different rules in different benchmarking initiatives this, such as –”full confidentiality” (e.g. consulting companies conducting benchmarks may keep the ownership of the data and the details to themselves, only disclosing average data for comparison purposes to participants) –”open among participants” (e.g. all data of all participants are available to all other participants, but not any outsiders) Bencheit workshop, Paris, December 4, 20133

4 Example: Bencheit Disclaimer This IT Benchmarking survey is intended for non-profit educational institutions on a per invitation/agreement only basis. Any data or analysis collected and created from participants is used solely for the purposes of measuring and benchmarking IT functions of various higher education institutes and for identifying best practices. All data shall be handled as confidential. Raw data may be used for further academic research by specific permission of the EUNIS Bencheit Steering Committee and only in such a way that an individual participating institutions´ exact and detailed financial or technical data cannot be identified. This survey questionnaire is open to all European HEIs willing to participate. HEIs participating are required to accept the condition of total openness: By giving its own information, the individual HEI gets all the information from all other HEIs and agrees that its information may and will be sent to all other participants. Information collected is intended only for internal use within the HEIs participating. Any further publishing or commercial use of the results is forbidden. Bencheit workshop, Paris, December 4, 20134

5 Example: EDUCAUSE 1/2 Core Data Service Appropriate Use Policy—for Participants Appropriate use policies establish how the identified data must be protected by CDS participants, as well as how EDUCAUSE may use the data to communicate the state of IT and to enhance services to its diverse membership. All CDS Managers, Authors, and Reviewers are expected to read and comply with the CDS Appropriate Use Policy (AUP) for participants. A fundamental tenet of the participant AUP is that access to identified data is limited to survey participants. In addition, advance approval from EDUCAUSE is required for use of any CDS data, even aggregated data, in public presentations or publications. … Copyright Data contributed to the Core Data Service by a participating institution remain the property of that institution. EDUCAUSE otherwise owns the copyright to the contents of the Core Data Service database, survey, and website. To protect data confidentiality on behalf of contributors, users may only use the contents of the Core Data Service as set forth in this Core Data Service Appropriate Use Policy. Bencheit workshop, Paris, December 4, 20135

6 Example: EDUCAUSE 2/2 Terms and Conditions of Use I affirm that I have been authorized by my institution to use the Core Data Service, that I have accessed CDS via my unique credentials, and that I will not share these credentials. I will limit disclosure and use of data obtained from CDS to those in my institution with formal responsibilities related to the use of such data (e.g., executive, budget, and planning officers, IT oversight committees, and senior staff of cognizant IT organizations). This limitation applies to both institutionally identifiable and aggregated data. I will store and provide data access, as appropriate, in a secure manner. I will not share or make public any CDS data about other institutions beyond my institution unless I have received prior approval from EDUCAUSE to do so. I understand that permission from EDUCAUSE is required prior to my using any data—even in aggregated form—in professional publications, public documents, or presentations beyond my institution. If I am employed by a corporation but working on a campus through a consulting, outsource, or partnership arrangement, I will not share any data with the corporation. As an exception, for the purposes of reaccreditation, peer review, or similar studies being conducted on behalf of my institution, I am permitted to provide data from CDS to reviewers not affiliated with my institution, so long as a copy of this Policy accompanies the data provision and is understood to govern the use made of the data. Bencheit workshop, Paris, December 4, 20136

7 Group work results 1.Data visibility and the possibility to identify individual institutions in the data set –Approach #1: Data is visible to all participants –Approach #2: Perhaps a dual approach with full details within Bencheit and less details somewhere else 2.Data ownership and IPRs –Each institution owns its own data, EUNIS owns the rest? 3.Rules for sharing the data within the institution and with other organizations –The goal: open data at least at an aggregate level 4.How to deal with product vendors and service providers –There is a need to compare license costs across countries –What about working together with NRENs 5.What kind of organizations are allowed to participate –For-profit HEIs perhaps, other parts of the world perhaps –Consortia would be facilitating the process 6.Using the data for research purposes –Yes with clear rules for what can be published with/without permission (respecting the confidentiality of individual contributors) 7.The need for all participating groups/initiatives to change their internal rules. 8.What results should be public –Need to analyze the side effects –Open the data to the extent that is not causing harmful side effects (possible side effects could come from vendors, ministries, etc.) –Report is needed to avoid misunderstandings and for ensuring the perceived quality of the work –Aggregation at the national level not needed by HEIs Bencheit workshop, Paris, December 4, 20137

Download ppt "Confidentiality of benchmarking information Bencheit workshop in Paris, December 4, 2013 Pekka Kähkipuro."

Similar presentations

The Role of the IRB An Institutional Review Board (IRB) is a review committee established to help protect the rights and welfare of human research subjects.

The Role of the IRB An Institutional Review Board (IRB) is a review committee established to help protect the rights and welfare of human research subjects.
Module N° 4 – ICAO SSP framework

Module N° 4 – ICAO SSP framework
Consortium Agreements and how we can learn to love them… Andrew Charlesworth Senior Research Fellow in IT & Law University of Bristol.

Consortium Agreements and how we can learn to love them… Andrew Charlesworth Senior Research Fellow in IT & Law University of Bristol.
Office Of Purchasing and Contracts Procurement Outreach Training Level II - Module C Specialized Agreements.

Office Of Purchasing and Contracts Procurement Outreach Training Level II - Module C Specialized Agreements.
ARMENIA: Quality Assurance (QA) and National Qualifications Framework (NQF) Tbilisi Regional Seminar on Quality Management in the Context of National.

ARMENIA: Quality Assurance (QA) and National Qualifications Framework (NQF) Tbilisi Regional Seminar on Quality Management in the Context of National.
Data Protection: Health. Data Protection & Health Data Data on physical or mental health or condition or sexual life are ‘sensitive personal data’ with.

Data Protection: Health. Data Protection & Health Data Data on physical or mental health or condition or sexual life are ‘sensitive personal data’ with.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) 252-9321; Victoria Nemerson.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
Bencheit - Benchmarking higher education IT Ilkka Siissalo and Yvonne Falk University of Helsinki.

Bencheit - Benchmarking higher education IT Ilkka Siissalo and Yvonne Falk University of Helsinki.
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.

ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
NORDRESS Consortium Agreement highlights. All participating institutions have signed the CA This presentation gives a brief overview of the main items.

NORDRESS Consortium Agreement highlights. All participating institutions have signed the CA This presentation gives a brief overview of the main items.
The AMA Code of Ethics Could Egyptian Marketing Professionals Agree on a List of Rules, Perhaps Similar to This? The IMI Journal. Members of the AMA are.

The AMA Code of Ethics Could Egyptian Marketing Professionals Agree on a List of Rules, Perhaps Similar to This? The IMI Journal. Members of the AMA are.
Version 6.0 Approved by HIPAA Implementation Team April 14, 2003 1 HIPAA Learning Module The following is an educational Powerpoint presentation on the.

Version 6.0 Approved by HIPAA Implementation Team April 14, HIPAA Learning Module The following is an educational Powerpoint presentation on the.
Audit Planning and Documentation

Audit Planning and Documentation
Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.

Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.
INTERNET and CODE OF CONDUCT

INTERNET and CODE OF CONDUCT
Risk Assessment 101 Kelley Bradder VP and CIO Simpson College.

Risk Assessment 101 Kelley Bradder VP and CIO Simpson College.
WORLD BANK Publications The reference of choice on development The Promise, and Challenge, of Implementing Open Access at the World Bank Carlos Rossel.

WORLD BANK Publications The reference of choice on development The Promise, and Challenge, of Implementing Open Access at the World Bank Carlos Rossel.
Data Management. 2 Data Management Practices RESPONSIBLE CONDUCT IN RESEARCH.

Data Management. 2 Data Management Practices RESPONSIBLE CONDUCT IN RESEARCH.
Data Protection Recruitment Process

Data Protection Recruitment Process
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Similar presentations

Ads by Google