kequ|red M|n|mum Data Secur|ty Contro|s for Co||ect|on of ersona||y-|dent|f|ed Data - tr|ggered by a "yes" response to |tem 11.1 Mlnlmum daLa securlLy conLrols are lnLended Lo esLabllsh and malnLaln a low rlsk Lhreshold. lallure Lo lmplemenL Lhe daLa securlLy besL pracLlces" could resulL ln lncreased rlsk Lo sub[ecLs. As parL of Lhe appllcaLlon, Lhe l musL demonsLraLe LhaL all of Lhe core daLa securlLy conLrol elemenLs have been meL. 1he core conLrols are: 1. All daLa collecLlon and sLorage devlces musL be password proLecLed wlLh a sLrong password. A sLrong password ls aL leasL 8 characLers long, uses aL leasL 3 ouL of 4 characLer groups: uL8CASL, lowercase, numerlc and speclal characLers and does noL conLaln an easlly-guessable sLrlng. 2. All daLa/research flles musL be encrypLed. 3. ldenLlflers, daLa, and keys should be placed ln separaLe, password proLecLed/encrypLed flles and each flle should be sLored ln a dlfferenL secure locaLlon. 4. lor secure daLa Lransmlsslon, 1ransporL Layer SecurlLy (1LS) (a.k.a. SSL), a mlnlmum key lengLh of 128 blLs musL be used for any daLa LhaL ls LransmlLLed elecLronlcally. S. ldenLlflers should noL be sLored on lapLops, uAs, flash drlves or oLher porLable devlces. lf lL ls necessary Lo use porLable devlces for lnlLlal collecLlon of ldenLlflers, Lhe daLa flles should be encrypLed and Lhe ldenLlflers moved Lo a secure sysLem as soon as posslble. AddlLlonally, Lhe porLable devlce should be locked up ln a secure locaLlon when lL ls noL ln use. 1he l should consulL wlLh Lhelr deparLmenLal l1 SecurlLy Llalson Lo dlscuss how Lo correcLly conflgure deskLop compuLers, lapLops, and oLher exLernal devlces for safe use ln Lhe collecLlon and sLorage of research daLa. 6. lf uslng emall for communlcaLlon or Lo collecL or LransmlL daLa from sub[ecLs, lnclude a sLaLemenL Lo Lhe sub[ecLs LhaL emall ls noL secure. lf emall wlll be used Lo LransmlL research daLa, sub[ecLs should be cauLloned Lo respond from emall addresses Lo whlch only Lhey have access. 7. no proLecLed healLh lnformaLlon should be LransmlLLed vla emall, excepL wlLhln Lhe u-M PealLh SysLem and Medlcal School. 8. lf uLlllzlng any cloud-compuLlng servlces, Lhe l musL follow Lhe uM guldellnes found aL hLLp://www.safecompuLlng.umlch.edu/cloud/ and aL hLLp://www.safecompuLlng.umlch.edu/google/
Add|t|ona| kequ|red Data Secur|ty Contro|s - |f data are of a h|gher sens|t|v|ty (see 1ab|e 1) 1. All daLa should be downloaded from local devlces Lo a secure uM server as soon as posslble. 2. asswords should be bullL ln aL mulLlple levels on each local machlne LhaL ls used for Lhe collecLlon and sLorage of research daLa (e.g. aL 8lCS and aL logln). 3. 1he l should deleLe or desLroy ldenLlflable lnformaLlon as soon as posslble.
2
Descr|b|ng the rocesses |n ekesearch 1he l musL clearly descrlbe how Lhe daLa are Lo be managed, sLored, and secured. 1he followlng quesLlons should be addressed wlLhln Lhe e8esearch appllcaLlon : SecLlon 03 SLand Alone roLocol or SecLlon 03-1.3 8esearch MeLhodology, and SecLlon 11 ConfldenLlallLy, 11-1 ldenLlflable uaLa, 11-4 8eLenLlon of uaLa and/or Speclmens ueLall, and SecLlon 23 roLecLed PealLh lnformaLlon/PlAA (lf approprlaLe) as requlred by Lhe research plan: 1. WhaL ls Lhe naLure of Lhe daLa? a. LlecLronlc (audlo or LexL), hardcopy flles, or blologlcal speclmens? b. uo Lhe daLa conLaln proLecLed healLh lnformaLlon, personal ldenLlfylng lnformaLlon or oLher senslLlve lnformaLlon?* c. Are ldenLlflers reLalned and llnked Lo Lhe daLa? Who wlll have access Lo Lhe daLa and ldenLlflers? d. Are Lhe daLa sLrlpped of ldenLlflers and Lhe ldenLlflers desLroyed (anonymlzed daLa)? e. Are ldenLlflers de-llnked from Lhe daLa and managed by use of a code? Pow are Lhe ldenLlflers, daLa flles and key managed and secured? Who wlll have access Lo Lhe ldenLlflers, daLa flles and key? 2. Where and how wlll Lhe daLa be sLored and whaL securlLy measures wlll be used for each? a. Cfflce compuLer? ersonal lapLop? unlverslLy lapLop? Cfflce flle cablneL? 1humb/[ump drlve? ueparLmenLal server, eLc.? b. WhaL securlLy measures wlll be used wlLh each (password proLecLed, encrypLlon, locked flle cablneL ln locked offlce, 128 blL encrypLlon, eLc.)? c. Who wlll have access Lo Lhe compuLer/lapLop/or flles? 3. Pow wlll daLa be Lransferred or LransporLed? a. Pow wlll elecLronlc flles be LransmlLLed? b. Pow wlll hardcopy flles be LransporLed? c. Pow are Lhe flles and daLa proLecLed whlle ln Lransmlsslon or when LransporLed? 4. When and how wlll daLa be deleLed or desLroyed? S. Wlll cloud-compuLlng resources be used? (refer Lo uM pollcles aL hLLp://www.safecompuLlng.umlch.edu/cloud/ and aL hLLp://www.safecompuLlng.umlch.edu/google/) a. WhaL ls Lhe resource and whaL ls Lhe prlvacy pollcy for Lhe resource? 6. Wlll onllne daLa collecLlon servlces be used? a. WhaL ls Lhe servlce/hosL? Pow ls Lhe survey accessed? b. Pow are daLa moved from Lhe onllne hosL Lo Lhe local sLorage devlce (compuLer, lapLop, server, Lhumb drlve, eLc)? c. Wlll Lhe daLa be purged from Lhe onllne hosL once downloaded Lo Lhe local devlce? 7. Wlll any daLaseLs be used? a. ls Lhere a Memo of undersLandlng (MCu) or uaLa use AgreemenL assoclaLed wlLh Lhe use of Lhese daLa? uoes your securlLy plan lnclude all requlremenLs conLalned ln Lhe MCu?
*1here are Lwo ma[or caLegorles of senslLlve lnformaLlon assoclaLed wlLh human blologlcal speclmens/daLa: roLecLed PealLh lnformaLlon (Pl) and ersonal ldenLlfylng lnformaLlon (ll). Lach of Lhese caLegorles has ldenLlflers ln common. 1he caLegorles are descrlbed ln 1able 1.
3
Table 1: Protected Health Information, Personal Identifying Information and Sensitive Information^
Protected Health Information (PHI): Private Personal Information (PPI): An individuals personal and health information that is created, received, or maintained by a health care provider or health plan and includes at least one of the 18 personal identifiers listed below in association with the health information: - Name - Street address - All elements of dates except year - Telephone number - Fax number - Email address - URL address - IP address - Social security number - Account numbers - License numbers - Medical record number - Health plan beneficiary # - Device identifiers and their serial numbers - Vehicle identifiers and serial number - Biometric identifiers (finger and voice prints) - Full face photos and other comparable images - Any other unique identifying number, code, or characteristic
Limited Data Set - a limited data set can include the following identifiers: a unique number code, or characteristic that does not include any of the above listed identifiers, Geographic data (without street address), and/or dates. Information about an individual which includes any of the identifiers below: - Name - Street address - All elements of dates except year - Telephone number - Fax number - Email address - URL address - IP address - Social security number - Account number, credit or debit card number, in combination with any required security code, access code or password that would permit access to an individuals financial account - Drivers License numbers or other identification card number - Device identifiers and their serial numbers - Vehicle identifiers and serial number - Biometric identifiers (finger and voice prints) - Full face photos and other comparable images - Any other unique identifying number, code, or characteristic (e.g., student identification number)
Certain categories of sensitive information may require additional considerations due to regulatory or other requirements (e.g., FERPA and student information, GLBA and customer information, employee information, and donor information).
Other Sensitive Information An individuals first name (or first initial) and last name in combination with any of the following: - Social Security Number - Drivers License Number or California ID card number - Financial account information such as a credit card number - Medical Information
Note: Identifiers in combination with data about illegal behaviors, physical/mental health information, or other information that poses a risk to subject reputation, insurability, employability, or legal status will heighten the level of sensitivity and require additional corresponding security measures. ^ 8orrowed from >-'"/,%# /," ?&.%#"-&#@ A/)/ B#%-&')0 ', <#$#/&%*, uCLA Cfflce of Lhe Puman 8esearch roLecLlon rogram (CP8), lebruary 24, 2011
Influence of Freezing and Pasteurization of The Physical Condition of The Plastik (PE, PP and HDPE) As Selar Fish Packaging (Selaroides Leptolepis) in Sendang Biru, Malang, East Java. Indonesia