研究中的资料保安

十大博彩推荐排名州立大学 IRB Data Security Considerations for 研究‌ 数据存储计划样例

All 十大博彩推荐排名州立大学 information that is stored, 加工过的 or transmitted by any means shall be classified into one of four levels of sensitivity: Public, 内部, 保密及私人. The sensitivity classification identifies information in terms of what it is, 以及这些信息是如何被获取的, 加工过的, 通信和存储. If more than one sensitivity level could apply to the information, the highest level (most restrictive) will be selected.

大学 Requirements for Electronic Data in 研究

 Minimum data security for protocols involving electronic data:

• All data collection and storage devices must be password protected.
• Non-大学 devices for use in research should have up-to-date antivirus protection software.
• Identifiers or keys should be placed in a separate, password-protected or encrypted file.
• Identifiers should not be stored on mobile devices, flash drives or other portable devices [excludes laptop]. If the protocol deems use of a portable device as necessary then the data files should be encrypted. The PI is responsible for consulting with their departmental IT liaison to determine the most secure method(s) for portable devices.
• If using email for communication the PI should include statement(s) to the participants that email is not secure.
• No protected health information or highly sensitive information should be transmitted via email.
• PI must plan for regular back-ups of data in an encrypted format.
• 纸质文件.e. 签署同意表格、调查等. must be stored on campus in a locked cabinet or drawer. 数据不能存储在个人家中.

Additional required data security for confidential or private information

• All data should be transferred onto the PIs 十大博彩推荐排名州立 files location or access controlled department shared drive, and should not be stored permanently on the local hard drives, 闪存驱动器, portable devices or cloud-based services such as Google Drive or DropBox.
• The data file used for data analysis should be free of IP addresses or other electronic identifiers. 如果IP地址是通过调查工具收集的, the addresses should be deleted from the downloaded data file.
• The IRB standard and regulations require maintaining original data for three years after project completion. 然而, if the risk to the participant is primarily breach of confidentiality through an identifiable data record then the PI should consider, 作为协议的一部分, a method of deleting or destroying identifiable information (i.e. 视频文件). Data destruction prior to the regulatory requirement must be approved by the IRB.
• Standard security measures like encryption and secure socket layer (SSL) must be considered. Additional protections may include certified digital signatures for informed consent, 数据传输加密, 以及标识符的技术分离.

信息分类类型

私人(限制最多)

All personally identifiable information pertaining to individuals that is protected by Federal or State law shall be Private. Release of private information in any way other than what is described in your research protocol must be reported to the IRB immediately as an Adverse Event.

例子:

• Student and employee ID numbers (CWIDs) combined with full names and/or birth dates
• 健康保险单的身份证号码
• 个人健康或精神健康记录

保密

Information of a sensitive nature that is available only to designated personnel. 保密 information is information that is not available to the public under all applicable state and federal laws. Release of confidential information in any way other than what is described in your research protocol must be reported to the IRB immediately as an Adverse Event.

例子:

• 你自己的研究数据
• Health information, including Protected Health Information (PHI)
• Email address, social security numbers or unlisted telephone numbers

内部

Information that is available to business units and used for official purposes but would not be released to the public unless requested pursuant to and authorized by applicable law.

例子: 

• 财务会计信息
• Department project data such as construction plans that do not impact 大学 security
• Student and employee ID numbers (CWIDs) without any other identifying information

公共(限制最少)

Information that has been declared public knowledge by 大学 Counsel in response to a request for records under the NJ Open Public Records Act, or by someone who is duly authorized by the 大学 to do so, 因此可以自由分发. Public information in official 大学 publications or 大学 website may be released without special authorization.

例子:

• 教职员工/ bios
• 课程目录
• 新闻稿 & 营销材料

Additional 资源s for Responsible Data Security