All people at IRP who will be working with sensitive data, as well as PIs of projects that supervise those working directly with the data, must undergo orientation before access to data is granted for a given project. Orientation is provided because it is essential to the security of data at IRP that users have a good understanding of both the Social Science Computing Cooperative (SSCC) Silo servers, and IRP security policies.
During the orientation, IRP’s Data Security Officer reviews, point-by-point, IRP’s Confidentiality and Data Security Agreement. The employee must sign the form, agreeing to the terms therein. The Officer encourages the employee to ask questions if any point is unclear.
IRP Confidentiality and Data Security Agreement
All people at IRP who will be working with sensitive data, as well as PIs of projects that supervise those working directly with the data must sign the agreement, agreeing to the terms within. They must also initial their understanding of these policies and procedures. PIs are held responsible for ensuring each member of a project research team upholds the terms; violations jeopardize the access to data for entire research projects, not just for the individual employee.
IRP’s Confidentiality and Data Security Agreement contains the following general policies to which the signee agrees:
- No confidential data may be released to unauthorized persons.
- Research materials that contain confidential data must be safeguarded at all times.
- For confidential data stored on the Silo servers (or any other server) at SSCC, it is strictly prohibited to copy or download individual-level data to removable storage media or other external systems, including laptop, office, or home computers.
- Research materials that may potentially identify individuals cannot be left where they might be observed by others, so cannot be e-mailed or exposed to other insecure means of transport.
- Research is subject to a review period with the state agency(ies) that own the data before public release can be made. Research must include required disclaimer language.
Users of confidential data are also asked to complete a project listing page to describe the data to which the signee has access and the name of the project for which the data are being analyzed.
By completing the project listing, the employee agrees that the data will not be used for any other project not listed. Use of data for a project not listed may result in termination of data access privileges.