LibGuides: Data Services: Privacy & Security

Ownership of Data	Licenses & Waivers	Library Support	Privacy & Confidentiality
Security	HIPAA	Privacy Nightmare

Ownership of Data

Who owns the data?

Data ownership is not always the creator. Depending on institutional or funder policies, ownership may be the University or the funding agency.

ATSU Policy Data Classification
This general order establishes a framework for classifying institutional data.
ATSU Policy Protecting Confidential Information
This policy outlines A.T. Still University of Health Sciences (ATSU) processes to protect confidential information by defining what it is and outlining the responsibilities of workforce members handling confidential information.
The Data Map
Documenting all the places personal data goes.

Licenses state what can be done with the data and how that data can be redistributed.

Open Licenses facilitate data sharing while increasing the visibility of your data and advancing knowledge.

Waivers relinquish all rights of ownership or control, and usually commits the work to the public domain.

Types of Creative Commons Licenses

CC0 is a waiver and waives all your rights to the data
CC allows open use of data, plus changing or sharing data for any purpose, and attribution is required
CC BY-ND allows open use and distribute of data, without making changes, and attribution is required
CC BY-NC allows open sharing or changing data for noncommercial purposes, and attribution is required
CC BY-SA allows commercial use and changing of data, redistribution must be under the same license as the original, and attribution is required
Licenses may be combined to create aggregated licenses
Example: CC BY-NC-SA

ODC Public Domain Dedication and Licence
The Open Data Commons – Public Domain Dedication & Licence is a document intended to allow you to freely share, modify, and use this work for any purpose and without any restrictions. This licence is intended for use on databases or their contents (“data”), either together or individually.
Choose a Creative Commons License
Tool to help determine which type of creative commons license can be used for your data.

Privacy is the right to control personal information and keep it to yourself.

Confidentiality is the right to share personal things about you only to those who you designate.

Privacy Concerns

FERPA
The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education.

Security measures should be in place to prevent information leaks.

Methods for keeping data secure:

Access Control by providing different permissions levels to individuals
Emergency Access options
Automatic Log-off
Audit log of data use
Authentication via strong passwords
Encryption
Identifiers, data and keys should be placed in separate password protected files
Store files in different secure locations
Use Secure Data Transmission (aka SSL)
Data Integrity by keeping data accurate
Limit personal browsing on machines with sensitive information
Avoid storing sensitive information on mobile devices

HHS Breach Portal
This page lists all breaches reported within the last 24 months that are currently under investigation by the Office for Civil Rights.
ISO/IEC 27000 family - Information security management systems
The ISO/IEC 27000 family of standards helps organizations keep information assets secure.
NIST Cryptographic Standards and Guidelines
Users of the former "Crypto Toolkit" can now find that content under this project. It includes cryptographic primitives, algorithms and schemes are described in some of NIST's Federal Information Processing Standards (FIPS), Special Publications (SPs) and NIST Internal/Interagency Reports (NISTIRs).

AMA HIPAA Toolkit
Access information about how to comply with HIPAA to ensure the privacy of each patient’s medical information.
HIPAA
Information portal on HIPAA for individuals and professionals.
HIPAA Survival Guide
Get Help with HIPAA Compliance
Sharing Sensitive Health Information: Protect Your Privacy and Improve Your Health