The SSRI Protected Research Data Network (PRDN) is designed to accommodate the growing sensitive data needs of Duke's social science research community. This collaboration taps expertise in OIT, ITSO and SSRI to create a space that researchers will find useful for projects requiring a high level of security.
WORKING WITH PROTECTED DATA
Within the social sciences, it is becoming increasingly common for researchers to work with data sets that contain sensitive/restricted data. Protected data generally refers to a class of data that is not publicly available to all researchers because of concerns about protecting the confidentiality of respondent information.
THREE CATEGORIES OF DATA AT DUKE
Duke classifies data into three categories: Sensitive, Restricted and Public. Access to sensitive and restricted data typically involves the preparation of a Data Use Agreement (DUA), which is submitted by the researcher to the data distributing agency. When approved, the agency distributes the data under the terms of the agreement, which usually has a fixed time limit, specified user list and specific data handling technical requirements. This process often goes hand in hand with the Institutional Review Board (IRB) processes for the University or Duke Health.
HOW CAN SSRI HELP?
SSRI specializes in helping social science researchers navigate a myriad of issues when dealing with acquiring, storing, securing and using such data. SSRI's PRDN team has a number of specialists on staff to assist researchers with protected data.
- Assisting with IRB proposals and data security plans.
- Navigating the process of data procurement: Data Management Plans (DMPs), Data Use Agreements (DUAs & MOUs), template documents, legal authorization.
- Discussing storage/security/usage options at Duke that best satisfy the needs of the agreement(s) while maximizing the usability of the data by the research team. The SSRI Protected Research Data Network leverages OIT resources to provide a flexible and secure data storage and computation platform.
- Implementing computational and storage solutions for research projects in conjunction with OIT and ITSO.
- Managing access and curation of certain Duke licensed data sets.
- Audit support and liaison work with the data providing agencies.
CONFIGURATION AND TECH SPECS:
- Technically configured and regularly maintained to comply with the ITSO Server Security standard and the ITSO Log Standard.
- A valid Duke NetID is required for data access. If necessary, access can be limited to certain affiliation types.
- Multi-factor authentication is required for access.
- All network access of the data is over encrypted channels.
- The potential for data exfiltration from the network is limited.
- Backups of the data are encrypted. Non-backup options are available to meet DUA requirements.
- Signed acknowledgments of responsibility are required of users before granting access to the data.
- Authorization for data access is controlled by SSRI.
- Only those users approved by the Principal Investigator (PI) will be granted access.
- All workstations and laptops allowed to access the data are required to meet the ITSO Workstation and Laptop Security Standard, including whole disk encryption for laptops.
HOW DO I BEGIN?
To begin the process of helping you find the right solutions for your data needs, please complete our Qualtrics survey.