Why Protecting Sensitive Digital Research Data is Important
UT System has issued rules for all researchers to ensure that sensitive digital research data is appropriately protected. Protecting this important data requires a commonsense approach to managing your computer systems. You need to be aware of common vulnerabilities and then take some not-too-extraordinary steps to shield those vulnerable areas. The university has many people and tools available to support you in making this happen so you can go about your business.
Why should you take the time to secure your digital data? It’s part of being a responsible researcher, just like using appropriate protocols and protecting human subjects. Your reputation and your funding are on the line. If your data is compromised, your research could be called into question. Following the university's new rules for protecting sensitive digital research data will help ensure the security of the systems involved and will help safeguard the confidentiality and integrity of sensitive digital research data.
Essentially, you are responsible for:
- Classifying your digital research data appropriately.
- Based on the classification of data, protecting the systems where the data is stored and how you transmit that data. This includes controlling how it is accessed and by whom.
Required Practices
Apply these basic practices to all systems.
- Classify your digital research data according to the Data Classification Standard. The guidelines define the three levels of data classification, show you examples of how data can be at risk, and discuss the consequences of a data theft or system compromise. If you have Category-I data, you are responsible for implementing the appropriate steps from the Minimum Security Standards for Systems.
- Ensure that you have installed anti-virus, anti-spyware, and firewall software, available at no additional cost from BevoWare. Set your operating systems, security programs, and all other applications to check for updates regularly.
- Use secure services and applications when you are on any network, including:
- Application-level security, such as HTTPS, SSH, and secure FTP.
- The VPN when connecting to campus resources from off-campus. This protects your data between the off-site area and the campus network.
- If you are using wireless, use the new campus wireless network, restricted.utexas.edu, which encrypts your data on the wireless portion of the network.
- Be a good data steward of Category-I research data.
- Ensure your systems have the Minimum Security Standards for Systems.
- Never use social security numbers as identifiers and ensure that you comply with the university's SSN policy.
- Identify professional personnel to manage research servers and IT resources. These experienced individuals can help you successfully comply with the minimum standards, including implementing such important practices as encrypting data and backing it up regularly. Check with your department's IT personnel or ask about centralized support from ITS.
- Restrict virtual access to your data by using EID-based authentication to access computer systems, databases, Web applications, and more. You can also contact ITS for programming assistance if you do not have programmers available in your area.
- Ensure physical security for your systems
- Lock workstations and use password-protected screen savers.
- In the office, lock up portable devices (including laptops, PDAs, etc.) and media containing Category-I data.
- When transporting portable devices, do not leave them unattended.
- Use Safeboot or other encryption programs so that data cannot be accessed if systems are stolen.
- Consult the University of Texas Police Department Crime Prevention Unit about how to secure labs.
- For new employees, make use of the background check and security sensitive form provided by Human Resources.
