Security for Secondary Research-Data

Abstract

The required security for secondary research-data depends on their sensitivity and identifiableness. Research-data with more sensitive information and greater potential identifiableness require extra security precautions. Each level adds another restriction layer. The levels are (0) Public-use (0.5) Private-use (1) Restricted-use 1 (2) Restricted-use 2 and (3) Restricted-use 3. Responsibility to protect respondent identities and their information At level 0, public-use data do not require security. At level 0.5, private-use data require encryption and approval. At level 1, data must be encrypted at rest and in transmission. An additional security requirements is blocked Internet. The rooms that house the client and server must be lockable. Data sent to researcher. At level 2, in addition to level 1 protections, nothing including output, data and data extracts can be removed from the computing system until vetted for disclosure risk by trained and authorized personnel. Furthermore, files cannot be added without security review. Researcher comes to data virtually. At level 3, in addition to level 2 protections, processing must be monitored by trained personnel. Notes may not be taken. Moreover, all items such as backpacks and briefcases must be inspected for disallowed materials after a processing session ends. Researcher comes to data in person. This table summarizes the restrictions