1

Ik8-nS8S Data Management and Secur|ty

keference
!"#$ & "#$%&'(#$ )*# +','+-+ %.&# "/)/ $#%-&')0 1&.%#"-&#$ )*/) $*.-2" (# ', 12/%# 3.& )*# 1&.)#%)'., .3 $-(4#%) "/)/5 6*# ,/)-&# .3
)*# &#$#/&%*7 $#,$')'8')0 .3 )*# "/)/7 #)%57 %/, ',32-#,%# 9*#)*#& )*# %.&# "/)/ $#%-&')0 1&.%#"-&#$ /&# /"#:-/)# .& '3 /""')'.,/2 $)#1$
$*.-2" (# )/;#, ). #,$-&# "/)/ /," $-(4#%) $/3#)05

!"#$ ' .-)2',#$ )*# $#%)'.,$ .3 )*# #<#$#/&%* /112'%/)'., 9*#&# "/)/ +/,/=#+#,) /," $#%-&')0 1&.%#"-&#$ $*.-2" (# "#$%&'(#"5

!"#$ ( '$ / )/(2# )*/) 2'$)$ 1&.)#%)#" *#/2)* ',3.&+/)'.,7 1#&$.,/2 '"#,)'30',= ',3.&+/)'.,7 /," .)*#& $#,$')'8# ',3.&+/)'.,5

kequ|red M|n|mum Data Secur|ty Contro|s for Co||ect|on of ersona||y-|dent|f|ed Data - tr|ggered by a "yes" response
to |tem 11.1
Mlnlmum daLa securlLy conLrols are lnLended Lo esLabllsh and malnLaln a low rlsk Lhreshold. lallure Lo lmplemenL Lhe
daLa securlLy besL pracLlces" could resulL ln lncreased rlsk Lo sub[ecLs. As parL of Lhe appllcaLlon, Lhe l musL
demonsLraLe LhaL all of Lhe core daLa securlLy conLrol elemenLs have been meL. 1he core conLrols are:
1. All daLa collecLlon and sLorage devlces musL be password proLecLed wlLh a sLrong password. A sLrong password
ls aL leasL 8 characLers long, uses aL leasL 3 ouL of 4 characLer groups: uL8CASL, lowercase, numerlc and
speclal characLers and does noL conLaln an easlly-guessable sLrlng.
2. All daLa/research flles musL be encrypLed.
3. ldenLlflers, daLa, and keys should be placed ln separaLe, password proLecLed/encrypLed flles and each flle should
be sLored ln a dlfferenL secure locaLlon.
4. lor secure daLa Lransmlsslon, 1ransporL Layer SecurlLy (1LS) (a.k.a. SSL), a mlnlmum key lengLh of 128 blLs musL
be used for any daLa LhaL ls LransmlLLed elecLronlcally.
S. ldenLlflers should noL be sLored on lapLops, uAs, flash drlves or oLher porLable devlces. lf lL ls necessary Lo use
porLable devlces for lnlLlal collecLlon of ldenLlflers, Lhe daLa flles should be encrypLed and Lhe ldenLlflers moved
Lo a secure sysLem as soon as posslble. AddlLlonally, Lhe porLable devlce should be locked up ln a secure locaLlon
when lL ls noL ln use. 1he l should consulL wlLh Lhelr deparLmenLal l1 SecurlLy Llalson Lo dlscuss how Lo
correcLly conflgure deskLop compuLers, lapLops, and oLher exLernal devlces for safe use ln Lhe collecLlon and
sLorage of research daLa.
6. lf uslng emall for communlcaLlon or Lo collecL or LransmlL daLa from sub[ecLs, lnclude a sLaLemenL Lo Lhe sub[ecLs
LhaL emall ls noL secure. lf emall wlll be used Lo LransmlL research daLa, sub[ecLs should be cauLloned Lo
respond from emall addresses Lo whlch only Lhey have access.
7. no proLecLed healLh lnformaLlon should be LransmlLLed vla emall, excepL wlLhln Lhe u-M PealLh SysLem and
Medlcal School.
8. lf uLlllzlng any cloud-compuLlng servlces, Lhe l musL follow Lhe uM guldellnes found aL
hLLp://www.safecompuLlng.umlch.edu/cloud/ and aL hLLp://www.safecompuLlng.umlch.edu/google/

Add|t|ona| kequ|red Data Secur|ty Contro|s - |f data are of a h|gher sens|t|v|ty (see 1ab|e 1)
1. All daLa should be downloaded from local devlces Lo a secure uM server as soon as posslble.
2. asswords should be bullL ln aL mulLlple levels on each local machlne LhaL ls used for Lhe collecLlon and sLorage
of research daLa (e.g. aL 8lCS and aL logln).
3. 1he l should deleLe or desLroy ldenLlflable lnformaLlon as soon as posslble.


2

Descr|b|ng the rocesses |n ekesearch
1he l musL clearly descrlbe how Lhe daLa are Lo be managed, sLored, and secured. 1he followlng quesLlons should be
addressed wlLhln Lhe e8esearch appllcaLlon : SecLlon 03 SLand Alone roLocol or SecLlon 03-1.3 8esearch MeLhodology,
and SecLlon 11 ConfldenLlallLy, 11-1 ldenLlflable uaLa, 11-4 8eLenLlon of uaLa and/or Speclmens ueLall, and SecLlon 23
roLecLed PealLh lnformaLlon/PlAA (lf approprlaLe) as requlred by Lhe research plan:
1. WhaL ls Lhe naLure of Lhe daLa?
a. LlecLronlc (audlo or LexL), hardcopy flles, or blologlcal speclmens?
b. uo Lhe daLa conLaln proLecLed healLh lnformaLlon, personal ldenLlfylng lnformaLlon or oLher senslLlve
lnformaLlon?*
c. Are ldenLlflers reLalned and llnked Lo Lhe daLa? Who wlll have access Lo Lhe daLa and ldenLlflers?
d. Are Lhe daLa sLrlpped of ldenLlflers and Lhe ldenLlflers desLroyed (anonymlzed daLa)?
e. Are ldenLlflers de-llnked from Lhe daLa and managed by use of a code? Pow are Lhe ldenLlflers, daLa
flles and key managed and secured? Who wlll have access Lo Lhe ldenLlflers, daLa flles and key?
2. Where and how wlll Lhe daLa be sLored and whaL securlLy measures wlll be used for each?
a. Cfflce compuLer? ersonal lapLop? unlverslLy lapLop? Cfflce flle cablneL? 1humb/[ump drlve?
ueparLmenLal server, eLc.?
b. WhaL securlLy measures wlll be used wlLh each (password proLecLed, encrypLlon, locked flle cablneL ln
locked offlce, 128 blL encrypLlon, eLc.)?
c. Who wlll have access Lo Lhe compuLer/lapLop/or flles?
3. Pow wlll daLa be Lransferred or LransporLed?
a. Pow wlll elecLronlc flles be LransmlLLed?
b. Pow wlll hardcopy flles be LransporLed?
c. Pow are Lhe flles and daLa proLecLed whlle ln Lransmlsslon or when LransporLed?
4. When and how wlll daLa be deleLed or desLroyed?
S. Wlll cloud-compuLlng resources be used? (refer Lo uM pollcles aL hLLp://www.safecompuLlng.umlch.edu/cloud/
and aL hLLp://www.safecompuLlng.umlch.edu/google/)
a. WhaL ls Lhe resource and whaL ls Lhe prlvacy pollcy for Lhe resource?
6. Wlll onllne daLa collecLlon servlces be used?
a. WhaL ls Lhe servlce/hosL? Pow ls Lhe survey accessed?
b. Pow are daLa moved from Lhe onllne hosL Lo Lhe local sLorage devlce (compuLer, lapLop, server, Lhumb
drlve, eLc)?
c. Wlll Lhe daLa be purged from Lhe onllne hosL once downloaded Lo Lhe local devlce?
7. Wlll any daLaseLs be used?
a. ls Lhere a Memo of undersLandlng (MCu) or uaLa use AgreemenL assoclaLed wlLh Lhe use of Lhese daLa?
uoes your securlLy plan lnclude all requlremenLs conLalned ln Lhe MCu?

*1here are Lwo ma[or caLegorles of senslLlve lnformaLlon assoclaLed wlLh human blologlcal speclmens/daLa: roLecLed
PealLh lnformaLlon (Pl) and ersonal ldenLlfylng lnformaLlon (ll). Lach of Lhese caLegorles has ldenLlflers ln common.
1he caLegorles are descrlbed ln 1able 1.



3

Table 1: Protected Health Information, Personal Identifying Information and
Sensitive Information^

Protected Health Information (PHI): Private Personal Information (PPI):
An individuals personal and health
information that is created, received, or
maintained by a health care provider or
health plan and includes at least one of the
18 personal identifiers listed below in
association with the health information:
- Name
- Street address
- All elements of dates except year
- Telephone number
- Fax number
- Email address
- URL address
- IP address
- Social security number
- Account numbers
- License numbers
- Medical record number
- Health plan beneficiary #
- Device identifiers and their serial
numbers
- Vehicle identifiers and serial number
- Biometric identifiers (finger and voice
prints)
- Full face photos and other comparable
images
- Any other unique identifying number,
code, or characteristic

Limited Data Set - a limited data set can
include the following identifiers: a unique
number code, or characteristic that does
not include any of the above listed
identifiers, Geographic data (without street
address), and/or dates.
Information about an individual which
includes any of the identifiers below:
- Name
- Street address
- All elements of dates except year
- Telephone number
- Fax number
- Email address
- URL address
- IP address
- Social security number
- Account number, credit or debit card
number, in combination with any required
security code, access code or password
that would permit access to an individuals
financial account
- Drivers License numbers or other
identification card number
- Device identifiers and their serial
numbers
- Vehicle identifiers and serial number
- Biometric identifiers (finger and voice
prints)
- Full face photos and other comparable
images
- Any other unique identifying number,
code, or characteristic (e.g., student
identification number)

Certain categories of sensitive information
may require additional considerations due
to regulatory or other requirements (e.g.,
FERPA and student information, GLBA
and customer information, employee
information, and donor information).

Other Sensitive Information
An individuals first name (or first initial) and last name in combination with any of the
following:
- Social Security Number
- Drivers License Number or California ID card number
- Financial account information such as a credit card number
- Medical Information

Note: Identifiers in combination with data about illegal behaviors, physical/mental health
information, or other information that poses a risk to subject reputation, insurability,
employability, or legal status will heighten the level of sensitivity and require additional
corresponding security measures.
^ 8orrowed from >-'"/,%# /," ?&.%#"-&#@ A/)/ B#%-&')0 ', <#$#/&%*, uCLA Cfflce of Lhe Puman 8esearch roLecLlon
rogram (CP8), lebruary 24, 2011