Q: How do you ensure the Confidentiality and Security of Sensitive Secondary Data?

A thorough process to protect and maintain sensitive secondary data is to always ensure that from collection to use, the confidentiality and integrity of that data remain assured.

1. Limit Access to Only Those Authorized for Research:

• Limit access to Secondary, Sensitive Data to a small group of authorized personnel needing the information for a specific research project.
• The use of Authentication and Authorization Controls to Restrict who can access or modify the Data will help prevent unauthorized access or misuse.

2.Encrypt Data in Transit and at Rest:

• By applying Encryption Technology to Sensitive Data in transit and while at rest, it is possible to reasonably safeguard Sensitive Data from being tapped into or accessed by unauthorized persons.

3. De-Identify Sensitive Data:

• If your Secondary, Sensitive Data contains personal identifiers, Anonymize/De-Identify the Data to help protect the Privacy of the Individuals.
• Remove names, addresses and other identifying information prior to Analytical Use of the Data

4. Use Secure Data Storage Technology:

• Store Sensitive Data in a Secure Database or Cloud Storage Technology that follows all rules and guidelines of Data Protection (e.g. GDPR and HIPAA).
• Ensure that the Security Features of the Data Storage (e.g. Firewalls, Intrusion Detection) are sufficient to provide Security against unauthorized access.

5.Best Practice and Compliance with Regulations:

• Ensure compliance with all applicable laws, regulations and ethical standards pertaining to the handling of sensitive secondary data.
• To do this, ensure that you have obtained appropriate consent for the use of proprietary or private individual data; establish a policy for retaining proprietary or private data; periodically conduct audits to ensure compliance with law, regulation and ethical standards.