Research Data Security
The SSRI Research Data Security (RDS) team supports researchers (faculty, post-docs, graduate, and undergraduate students) and academic program staff campus-wide with IRB protocol documents, data use agreements (DUAs), data security plans, academic capstone projects, and other projects that involve questions about acquiring data and data security.
Across higher education, it is becoming increasingly common for researchers to work with data sets that contain sensitive/restricted data. Protected data generally refers to a class of data that is not publicly available to all researchers because of concerns about protecting the confidentiality of respondent information.
Our staff apply their diverse backgrounds to help researchers navigate a myriad of issues when dealing with acquiring, storing, securing and using such data. We regularly consult with the Duke entities that are involved in research governance and support to be sure we’re providing up-to-date guidance. We assist researchers across campus with DUAs and IRB protocols to verify that the administrative requirements of Duke and the data providers are met. The team also manages and supports the technical environment to ensure that the security controls in place are sufficient, appropriate, and consistent, and to monitor for unauthorized activity.
The RDS team helps you with data agreements and related data acquisition procedures. Duke classifies data into three categories: Sensitive, Restricted and Public. Access to sensitive and restricted data typically involves the preparation of a Data Use Agreement (DUA), which is submitted by Duke on behalf of the researcher to the data distributing agency. When the DUA is approved, the agency distributes the data under the terms of the agreement, which usually has a fixed time limit, specified user list and specific technical requirements for handling and securing the data. This process often goes hand in hand with the Institutional Review Board (IRB) processes for the University or Duke Health.
The Protected Research Data Network (PRDN):
For data with Duke or data provider security requirements, the PRDN leverages the OIT infrastructure to provide flexible and secure computation and storage. Researchers securely access and analyze their data in this enclave. Our administrative and technical security controls are based on Duke’s data classification standard and University IT Security Office standards, and can meet a variety of security requirements including those for HIPAA, export controls, and NIST 800-171.
- Assist with IRB proposals and data security plans.
- Navigate the data procurement process (Data Management Plans, Data Use Agreements, Memoranda of Understanding, template documents, legal authorization).
- Review Duke’s storage/security/usage options and determine which best satisfies the needs of the agreement(s) while maximizing the usability of the data by the research team.
- Implement computational and storage solutions for research projects in conjunction with OIT and ITSO.
- Manage access and curation of certain Duke licensed data sets.
- Provide audit support and liaison work with the data providing agencies.
Technical services within the PRDN:
- Sensitive and Restricted data.
- Windows and Linux systems with a standard set of analytical software that is site-licensed by Duke (e.g. R, R Studio, Matlab, anaconda).
- Individual permission levels to comply with data use agreements and IRB protocols.
- Friendly and knowledgeable end user support.
How do I begin?
We are happy to work with you to find the right solutions for your data needs. To begin the process, please complete our Qualtrics survey.