...
The level and type of safeguards recommended for sensitive data is determined by the type of data collected for research purposes. The UC San Diego office of Research Affairs Information Technology provides guidance for research using sensitive data on the Guidelines for Handling Sensitive Data Blink page. Sensitive data can include protected health information (PHI) and personal identifiable information (PII). As there can sometimes be uncertainty in determining what information is considered sensitive data, the UC San Diego Human Research Protections Program provides a listing of elements considered to be person identifiable as outline outlined in their UCSD HRPP De-identified Health Information Factsheet.
Guidelines to consider when sensitive data is stored or collected on local and portable devices:
- Full disk encryption (FDE) is required on all UC San Diego owned laptops and is recommended for personal laptops that are used to access UC San Diego information
- Devices used for data collection should be protected by a strong password, or PIN.
- Each user with access to the device should have a unique password/PIN.
- Passwords and PINs used for device access should never be shared.
- Device Devices should be kept with the owner/assigned user at all times.
- When not in use, the device should be stored in a secured (locked) location with limited access.
Contact Information:
- Health Sciences Information Services (IS):
...
- Their Service Desk team is available to provide expertise regarding tools for integrating security tools established compliance protocol and device encryption - Contact them at
- 3help@ucsd.edu or 619-543-4357
- Main campus departments: Contact Research IT Services for assistance with any of these compliance measures
...
- UC San Diego Institutional Review Board (IRB) (Human Research Protection Program (HRPP))
...
- : For questions about your specific research.