Data Security

Please be aware that portable data is vulnerable data. Moving data, especially protected health information (PHI), poses unique security risks for the University. Failure to abide by a few common-sense principles could result in disastrous consequences. You do not want to end up on the "Wall of Shame:" goo.gl/QHq1O

For further information, please see page XXI of the Summer Opportunities Guide entitled Reminders about Research Ethics

Some Guidelines:

All devices (laptops, computer, tablets, phones) must be password protected AND encrypted. If you lose a device that is encrypted, itsignificantly  decreases the burden of proof about data loss. Although it may seem obvious, do not write the password on the encrypted media.

Never store any PHI data in an unencrypted state where it might be compromised. This includes removable media (flash drives, CDs) andcloud storage (Dropbox, Google Drive, Box).

Never email PHI to someone outside of the University. PHI should not be included in the subject or the body of the email. Consider only emailingencrypted volumes, even when inside the University. If you email an encrypted volume, do not place the password in the same email. Always call the person and provide the password or send the password in a separate follow-up email with limited reference information. You can create a strongly encrypted volume using open-source tools such as Axcrypt.

If you experience or suspect data has been compromised, report this immediately to your mentor/PI.

If you have a question, you can call the Office of Corporate Compliance at 1-877-440-5480.