Information Security and IT Compliance News

Data is classified in many ways, and some data is more important to protect than others. With more data being stored online, it is more important than ever to protect data at all costs. This month we are focusing on one specific data set, research data. There are simple solutions you can implement in your day-to-day routine that would help protect research data from prying eyes and malicious actors who will exploit the data for their own personal gain.  

What you can do to protect research data, and any other sensitive data, is to: 

1. Lock your computer when you step away, even when working remote.  
   By locking your computer, you safeguard the data and prevent unwanted users from accessing that data. Ensure that only you can log back into the computer with a strong password, therefore creating a barrier between the data and the outside world.  


2. Encrypt the data being stored. 
   Encryption is a strong defense against malicious actors, because without the encryption key, the data will look garbled and unreadable. Only those with the encryption key will be able to access the data in a readable format. When in doubt, encrypt the data that is being stored on your device, or OneDrive.  


3. Use OneDrive or secure file locations designed to protect your research data. 
   OneDrive is the university approved solution for all your data storage needs. OneDrive is HIPAA and FERPA compliant. Some research grants specify other file storage requirements, so please verify with your grant the best option for securing your data if it is specified as a program other than OneDrive. If the research grant specifies that you cannot store files in OneDrive, check out this School of Medicine webpage for other file storage locations the university offers. If you intend to share the files with others who need access to it, please follow these guidelines on how to safely share the data. By implementing these easy tactics, you will increase the security of the document, which will inherently protect the data.  
   
   If you’re working with hard copies, make sure that data and documentation is stored in locked file cabinets and locked offices. By doing this, you implement strong physical security which stops people from obtaining this sensitive data.  


4. Limit how many people you share this sensitive information with. 
   Make sure that you are sharing with the right people and only those who need to access the data. By taking the time to check and verify the email addresses of the intended recipients, you won’t accidentally share data with the wrong person. Sharing data to the wrong person, especially research data, counts as a breach of data and in some cases a HIPAA violation, and must be reported if shared incorrectly. If you believe you shared data incorrectly, please report it via instructions on the Regulatory Compliance HIPAA Incident Reporting webpage.  
   
   By implementing these simple measures when handling research data, you will help protect the research participants’ information, along with protecting the university's reputation.


5. Know the data classification for your research data. 
   Research data is classified based on its type and it must be protected in accordance with the sensitivity level. For example, HIPAA data used in research has specific privacy and security requirements. Learn more about specific data protections on the CU data classification website.