Skip to main content

Full Library Hours
Available Equipment
Contact Us

Research Data Management for Health Sciences

Data Security

  • Physical security, network security and security of computer systems and files all need to be considered to ensure security of data and prevent unauthorized access, changes to data, disclosure or destruction of data.
  • Data security may be needed to protect intellectual property rights, commercial interests, or to keep sensitive information safe.
  • Arrangements need to be proportionate to the nature of the data and the risks involved.
  • Attention to security is also needed when data are to be destroyed.

Physical data security requires:

  • controlling access to rooms and buildings where data, computers or media are held
  • logging the removal of, and access to, media or hardcopy material in store rooms
  • transporting sensitive data only under exceptional circumstances, even for repair purposes, e.g. giving a failed hard drive containing sensitive data to a computer manufacturer may cause a breach of security

Network security means:

  • not storing confidential data such as those containing personal information on servers or computers connected to an external network, particularly servers that host internet services
  • firewall protection and security-related upgrades and patches to operating systems to avoid viruses and malicious code

Security of computer systems and files may include:

  • locking computer systems with a password and installing a firewall system
  • protecting servers by power surge protection systems through line-interactive uninterruptible power supply (UPS) systems
  • implementing password protection of, and controlled access to, data files, e.g. no access, read only, read and write or administrator-only permission
  • controlling access to restricted materials with encryption
  • imposing non-disclosure agreements for managers or users of confidential data
  • not sending personal or confidential data via email or other file transfer means without first encrypting them
  • destroying data in a consistent manner when needed
  • remember that file sharing services such as Google Docs or Dropbox may not be that secure

Password Protection

Password Guidelines

  • Do not repeat passwords across services.
  • Do not have shared passwords or accounts.
  • Do not EVER give passwords to anyone else.
  • Do not write passwords down.