Data Security

Jun 07 2018
+1
+6
-1

Data that will be distributed via the EOSC will have different levels of access control depending on Intellectual Property (IP) issues, embargoes prior to publication and personal data protection considerations. In addition, certain types of research may have National Security implications that require additional levels of access control. The only model viable in such an environment is one whereby data security, or more accurately, access control remains with the entity that is ultimately legally responsible for ensuring that the data is properly restricted. This implies a very flexible access control regime, as some data (such as, for example the information underpinning a conventional research publication that does not involve human subjects or touch on National Security issues) should be made open after publication, while information such as human subject research data may need to be explicitly controlled by a data access committee at the organisation that carried out the research. In other cases, a holding entity (for example a data repository) could assume the legal burden for ensuring appropriate access control.




5 comments on "Data Security "

  • paolo
    +1
    +1
    -1

    In fact, a strong synergy should also be developed with the cybersecurity competence centres that will operate in Europe from 2019

  • jkh1
    +1
    +3
    -1

    Data security as considered here is fundamentally at odds with the FAIR principles. For example, information required to re-use publicly released data sets is not made available because of IP issues (e.g. structure of reagents used in experiments). At the moment there is no mechanism for dealing with this and in my experience, IP holders are unwilling to cooperate on a voluntary basis.

  • Ana Proykova
    +1
    +2
    -1

    Another point: the dynamics of changing the data due to new scientific evidence should be considered by data security managers together with FAIR principles. I mean large sectors like HEALTH and High ENERGY PHYSICS for example where the old data are frequently replaced with new data. Re-usability of old data (one of the FAIR component) is not scientifically supported.

  • draban
    +1
    +1
    -1

    While privacy, IP, and security are legitimate concerns, they seem to stand in contrast to the "OPEN" aspect of EOSC. I suggest mitigating this by, at a minimum, creating a format for "data abstract". A data abstract will contain a small amount of data representing the original data set (say 10% of the data) and will be accompanied by explanatory notes regarding the variables, units of measurement, data structure, and, importantly, contact details of the data owner. By gaining access to the data abstract and owner's contact details, scientists will be able to directly contact peers and ask for clarifications and additional data.

  • sdewitt
    +1
    0
    -1

    I am currently within a community which is struggling with open access vs national/international policies. As one of my colleagues likes to say 'Open mean Open in the same way Brexit means Brexit'. I think FAIR data principles should in fact override openness. Open data must be FAIR, but FAIR data does not have to be open. In addition, there are levels of openness. It is fashionable to assume open means freely available without restriction, but allowing access via registration is also open. I must say I do like DRABAN's comment above and this may be what we will provide - free access to reduced information - but even this will need to be verified with international authorities.