Research & Economic Development Office of Grants and Contracts Administration Data Security...
-
Upload
alexina-miles -
Category
Documents
-
view
212 -
download
0
Transcript of Research & Economic Development Office of Grants and Contracts Administration Data Security...
Research & Economic DevelopmentOffice of Grants and Contracts Administration
Data SecurityPresented by Debbie Bolick
September 24, 2015
Data Security
Data security• Means safeguarding data, from being lost,
modified, or unauthorized access
Monitoring• That responsible parties are compliant with
security plans
Termination• Disposition or Sanitization of Data
What type of Data is being protected?
• Defined personally identifiable information• Information that can be used to distinguish or track an
individual’s identity such as name, SSN, or biometric information
• Indirect identification• using information in conjunction with other data elements to
reasonably infer the identity of a respondent such as a combination of gender, race, date of birth, geographic indicators, or other descriptors
• Non-identifiable information
• Tracking purposes
CIPSEA• Confidential Information Protection and Statistical Efficiency Act
of 2002 (CIPSEA), Implemented June 15, 2007
• Provides strong confidentiality protections for statistical information collections sponsored by or conducted by more than 70 Federal agencies
• Establishes uniform policy across Federal agencies
• Authorizes data sharing among specified agencies (Bureaus of Economic Analysis, Labor Statistics and Census) to include identifiable data
• CIPSEA data may only be used for statistical purposes
CIPSEA
• Penalties for non-compliance
• Class E felony with imprisonment of not more than five (5) years
• Fine of not more than $250,000
CIPSEA Implementation Guidance• Harmonized principles and processes and set
minimum standards
• Utilized best practices for handling
• Addressed intersection between CIPSEA and Privacy Act of 1974 for non-statistical uses
Authority
Federal agencies empowered to make determination about the sensitivity of their information used for statistical purposes under a pledge of confidentiality
Applies to local and state governments collecting data for federal agencies
Special procedures required for use of laptop computers, PDAs, zip drives, floppy disks, CDROMs or any other IT devices
Minimum Standards• All persons with access understand his/her responsibility related to
maintaining confidentiality of information • Monitoring procedures for collection and release
• Evaluating the reason for and controlling access
• Maintaining physical and information systems security
• Required Training • Overview of protection procedures • Limit access to those with a “need to know” • Physical and information systems security procedures must be
in place• Penalties
Inform
Protect Identities
Minimize Risks
Restrict Use
Ensure Controls
311.9 Regulation Regarding Third Party Data Subject to Contractual Access
Data Security at UNC Charlotte pursuant to Policy 311.9Implemented February 2011
Policy for handling and safeguarding electronic third party data • Received from third parties • Subject to contractual access restrictions.
Ensures that adequate precautions are implemented prior to receiving such data• Maintain the security and confidentiality of covered data; and • Protect against the unauthorized access or use of such records
or information in ways that could violate the University’s agreements with third parties who supply such data.
Initiate Request for Data?
Data Security
Officer)
• First Point of Contact• Data Security Plan• Checklist
University
Signator
y
• Data Use Agreement• Document Repository• Submits to Agency
Data
Sponsor
• Agency releases Data to PI
PI
PI
PI
DATA
Ongoing Monitoring
• College Data Security Officer
• Central IT
• Random audits• Collaborative
role
• PI (Lead Custodian) cannot be a student
• Authorizes Updates and monitor• Students• Research staff
• Signs Use Agreement
• System of Record
Signatory Unit
Responsible Party
Information Security
Internal Audit
DSO list
Data Security OfficersEffective April 2015
Charles Andrews ......Metropolitan Studies and Extended Academic ProgramsWilliam Ardern .........William States Lee College of EngineeringBrian Bard ................Student Health CenterTim Carmichael ........Belk College of BusinessAlex Chapin ..............College of Liberal Arts & SciencesRose Diaz .................College of Arts + ArchitectureDane Hughes ............College of EducationJoe Matesich .............College of Computing and InformaticsMichael Moore ...........College of Health and Human Service
ResourcesCollege Data Security Officers http://itservices.uncc.edu/home/it-policies-standards/data-security-officers
IT Policies & Standardshttp://itservices.uncc.edu/home/it-policies-standards
Security Awareness Traininghttp://itservices.uncc.edu/home/information-security/information-assurance/security-awareness-training
Human Subjects (IRB) http://research.uncc.edu/departments/office-research-compliance-orc/human-subjects
Checklist & Data Security Planhttp://research.uncc.edu/departments/office-research-compliance-orc/human-subjects/3rd-party-data-requirements
QUESTIONS?
DATA MANAGEMENT
DATA SECURITY