Data Security
Data security refers to the protection of data from unauthorized access, use, change, disclosure and destruction and includes network security, physical security, and file security.
- If possible, keep sensitive data off the internet and put sensitive materials on computers or devices not connected to the internet.
- Restrict access to buildings and rooms where computers or media are kept. Limit access to only those that require it and have been identified within an approved IRB protocol.
- Only let trusted individuals troubleshoot computer problems.
- Conduct periodic access reviews. Remove individuals no longer requiring access to the data promptly.
- Do not e-mail PHI or PII without encryption.
- Ensure you have a strong password and change it regularly. Good passwords must contain 8 characters and include at least three of the following:
- lower-case, upper-case, numerical or special characters.
Data Backups
There is a real risk of losing data through hard drive failure or accidental deletion. It is essential that you regularly make one or more backup copies of your data and store backups in geographically separate and virtual locations from the master dataset.
Best practices for backups:
- Make 3 copies (e.g. original + external/local + external/remote)
- Have them geographically distributed (local vs. remote depends on recovery time needed)
- Use 2 different formats - i.e. hard drive+tape backup or DVD (short term)+flash drive
- Utilize cloud storage options if appropriate.
Popular backup options:
- Hard drives (personal, work, external)
- Servers (departmental or institutional)
- Tape backups
- Repositories (disciplinary, institutional, library)
- Cloud storage
