Data access and security

Data security measures can help you to prevent unauthorized access and (intentional or unintentional) changes to your data. Data security measures are especially relevant if you need to protect personal data and sensitive information as these require higher levels of security. Security measures are also relevant for non-personal data, as they offer protection against unauthorized manipulation or erasure of files.

Data security can be considerably increased with the help of technical measures and by separating data content according to security needs (e.g. personal from non-personal data). However, these technical measures must be accompanied by organizational measures in the form of policies and guidelines.

How to securely store and manage data

  • Encrypt the data and the folders: Encryption involves encoding digital information so that only authorized individuals can view it. This is particularly valuable when transmitting personal or sensitive data. Encrypting a file converts its contents into a jumble of meaningless code. To revert this code into understandable information, a decryption key is necessary. Therefore, it is crucial not to misplace the decryption key for your files.
  • Use passwords to protect individual files or folders: Typically, strong passwords should be lengthy, ideally 15 characters or more. One effective method is to construct them from four randomly selected and modified words, such as “C.rr3ctHorseBatteryStaple”. The University of Edinburgh has compiled some guidance on how to choose a strong password.
  • Store data securely: Store data on servers that have up-to-date firewall protection, security-related upgrades and patches to operating systems to avoid viruses, trojans and malicious codes. Store personal data on computers that are not connected to another external network, particularly servers that host internet services. Store non-digital data in lockable cabinets and dispose of them in designated containers.
  • Control and limit access: Only grant access to the data (e.g. with “read only” or with passwords) to those members of the research team who do need access. Make sure to keep access regulations up-to-date in case someone leaves the team. For non-digital objects, make sure to control access to the (lockable) cabinets, e.g. with keys or key cards.
  • Dispose securely of data you no longer need: Part of managing your data involves considering secure methods to dispose of information you no longer need. Simply pressing the “delete” button on your computer or mobile device is not sufficient. In reality, even actions like formatting the hard drive or performing a factory reset may leave fragments of information behind. To ensure secure disposal of your data, you can either physically destroy the storage medium or utilize software designed for secure erasure.
  • Put guidelines and policies in place: Create policies for the research team to ensure measures for strong password protection, encryption, secure data transmission, transport and disposal are in place. Also, create awareness and communicate policies and regulations at regular intervals ensuring that everyone is aware of potential risks at all times. If members of the team have access to personal or sensitive data, use non-disclosure agreements.

Other measures to protect sensitive and personal data

  • Do not send personal or sensitive data via email. This should be encrypted and sent via a secure medium, such as SWITCHfilesender.
  • Do not use Google Drive, OneDrive or Dropbox to share sensitive or personal data.

Trusted research environments (such as BioMedIT) allow researchers to access, process and store sensitive data securely within an encrypted and encapsulated data space. They fulfill the technical requirements that data protection laws prescribe. This topic was discussed by two experts on data security in a CLARIN-CH webinar - the recording and the slides can be accessed here:

Resources

documentation-platform/data-security.txt · Last modified: 2024/07/17 16:12 (external edit)