Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The level and type of safeguards recommended for sensitive data is determined by the type of data collected for research purposes. The UC San Diego office of Research Affairs Information Technology provides guidance for research using sensitive data on the Guidelines for Handling Sensitive Data Blink page. Sensitive data can include protected health information (PHI) and personal identifiable information (PII). As there can sometimes be uncertainty in determining what information is considered sensitive data, the UC San Diego Human Research Protections Program provides a listing of elements considered to be person identifiable as outline outlined in their UCSD HRPP De-identified Health Information Factsheet

Guidelines to consider when sensitive data is stored or collected on local and portable devices:

  • Full disk encryption (FDE) is required on all UC San Diego owned laptops and is recommended for personal laptops that are used to access UC San Diego information
  • Devices used for data collection should be protected by a strong password, or PIN.
  • Each user with access to the device should have a unique password/PIN.
  • Passwords and PINs used for device access should never be shared.
  • Device Devices should be kept with the owner/assigned user at all times.
  • When not in use, the device should be stored in a secured (locked) location with limited access.

...