Protecting Sensitive Data in Electronic Format and Best Practices for Backing Up Sensitive Data

• The Office of Information Technology (OIT) provided this guidance for the Office of Research Integrity Assurance to share with faculty and other researchers who possess sensitive data, particularly those data that involve human subjects and for which confidentiality is essential. Detailed safeguard recommendations for protecting sensitive data are posted on OIT’s site.
• These safeguards are highlighted here:
  • Store data only on a laptop/desktop with whole disk encryption. This will protect the data in the event the machine is stolen.
  • Back up the data regularly to a professionally-managed file server that is protected and backed up on a routine schedule. Talk with OIT or a CSR for more information on options.
  • Back up data to a tape or drive that is managed by OIT or the researcher’s unit. Back ups should be encrypted and stored in a physically secure location.
  • Machines on which data reside should be fully patched with the latest security patches.
  • Limit access to the data strictly to those with legitimate need. For example, do not store data on a public-facing web server or Prism account.

For more information about Protecting Sensitive Data, please see: "Protecting Sensitive Data in Electronic Format and Best Practices for Backing Up Sensitive Data"