Data Management

Lesley A. BrownDirector of Proposal Development

Data Management

Take home message:Data Management = Data SHARING

Data Management

A Data Management Plan (DPM) outlines the procedures you will use to manage your data during your research and explains how you will share your data and research results after the completion of the research project.

Creating a Data Management Plan

• Review funding agency requirements. • Determine what type(s) of data will be

produced (e.g., quantitative, qualitative, sensitive).

• Determine metadata standards.• Determine protections for sensitive or

classified data.

Creating a Data Management Plan

• Determine what policies will govern data sharing and reuse.

• Determine how you will archive and preserve your data.

What is Metadata?

• Data about data.• Two types

– Structural: data about the containers of data.– Descriptive: individual instances or the data

content.• Metadata often includes information on the means

of creating the data, purpose of the data, creator or author of the data, location on the computer network, and standards.

NSF Data Management Plans

• Required since 2011 for all NSF research proposals.

• No more than 2 pages in length.• Describes how the proposal will conform to

NSF’s Data Sharing Policy.

NSF Data Management Plans

An NSF DMP should include:• Types of data to be produced (including samples,

physical collections, software).• Metadata standards to be used.• Policies for access and sharing (including provisions

for privacy/intellectual property where necessary).• Policies and provisions for re-use.• Plans for archiving and ensuring long-term

preservation.

NIH Data Sharing Policy

• Published in the NIH Guide on February 26, 2003.

• Data should be made as widely and freely available as possible while safeguarding the privacy of participants, and protecting confidential and proprietary data.

NIH Data Sharing Policy

NIH Policy on data sharing applies:• To the sharing of final research data for

research purposes.• To all types of research supported by NIH.• To applications seeking $500,000 or more in

direct costs in any year through grants, cooperative agreements or contracts.

NIH Data Sharing Plan

• An NIH Data Sharing Plan should include:• Schedule for data sharing.• Format of the final dataset.• Documentation to be provided.• Whether a data sharing agreement will be required.• Mode of data sharing (website, data archive, data

enclave).

What Is a Data Enclave?

• Provides a controlled, secure environment in which eligible researchers can perform analyses using restricted data resource.

• Datasets that can’t be distributed to the general public (e.g., because of participant confidentiality concerns, third-party licensing or use agreements that prohibit redistribution, or national security considerations)can be accessed through a data enclave.

Resources

• UNC Charlotte Atkins Library.• http://

guides.library.uncc.edu/datamanagement• Information on NEH, NSF and NIH policies. • Sample plans.• Link to DMP Tool at University of California

Curation Center.• Links to funder requirements and templates.

Resources

• University of Minnesota Libraries.• https://

www.lib.umn.edu/datamanagement/DMP• Full collection of data management

information, including examples in a variety of disciplines.

Research & Economic DevelopmentOffice of Grants and Contracts Administration

• Data Security• Presented by Debbie Bolick • September 24, 2015

Data Security

Data security• Means safeguarding data, from being lost,

modified, or unauthorized access

Monitoring• That responsible parties are compliant with

security plans

Termination• Disposition or Sanitization of Data

What type of Data is being protected?

•  Defined personally identifiable information• Information that can be used to distinguish or track an individual’s identity such

as name, SSN, or biometric information

• Indirect identification

• using information in conjunction with other data elements to reasonably infer the identity of a respondent such as a combination of gender, race, date of birth, geographic indicators, or other descriptors

•  Non-identifiable information • Tracking purposes

CIPSEA• Confidential Information Protection and Statistical Efficiency Act

of 2002 (CIPSEA), Implemented June 15, 2007

• Provides strong confidentiality protections for statistical information collections sponsored by or conducted by more than 70 Federal agencies

• Establishes uniform policy across Federal agencies

• Authorizes data sharing among specified agencies (Bureaus of Economic Analysis, Labor Statistics and Census) to include identifiable data

• CIPSEA data may only be used for statistical purposes

CIPSEA

• Penalties for non-compliance

• Class E felony with imprisonment of not more than five (5) years

• Fine of not more than $250,000

CIPSEA Implementation Guidance

• Harmonized principles and processes and set minimum standards

• Utilized best practices for handling

• Addressed intersection between CIPSEA and Privacy Act of 1974 for non-statistical uses

Authority

Federal agencies empowered to make determination about the sensitivity of their information used for statistical purposes under a pledge of confidentiality

Applies to local and state governments collecting data for federal agencies

Special procedures required for use of laptop computers, PDAs, zip drives, floppy disks, CDROMs or any other IT devices

Minimum Standards• All persons with access understand his/her responsibility related to

maintaining confidentiality of information • Monitoring procedures for collection and release

• Evaluating the reason for and controlling access

• Maintaining physical and information systems security

• Required Training • Overview of protection procedures • Limit access to those with a “need to know” • Physical and information systems security procedures must be

in place• Penalties

Inform

Protect Identities

Minimize Risks

Restrict Use

Ensure Controls

311.9 Regulation Regarding Third Party Data Subject to Contractual Access

Data Security at UNC Charlotte pursuant to Policy 311.9Implemented February 2011

Policy for handling and safeguarding electronic third party data • Received from third parties • Subject to contractual access restrictions. 

Ensures that adequate precautions are implemented prior to receiving such data• Maintain the security and confidentiality of covered data; and • Protect against the unauthorized access or use of such records

or information in ways that could violate the University’s agreements with third parties who supply such data.

Initiate Request for Data?

Data

Security

Officer)

• First Point of Contact• Data Security Plan• Checklist

University

Signatory

• Data Use Agreement• Document Repository• Submits to Agency

Data

Sponso

r

• Agency releases Data to PI

PI

PI

PI

DATA

Ongoing Monitoring

• College Data Security Officer

• Central IT

• Random audits

• Collaborative role

• PI (Lead Custodian) cannot be a student

• Authorizes Updates and monitor• Students• Research staff

• Signs Use Agreement

• System of Record

Signatory Unit

Responsible Party

Information Security

Internal Audit

DSO list

Data Security OfficersEffective April 2015

Charles Andrews  ......Metropolitan Studies and Extended Academic ProgramsWilliam Ardern  .........William States Lee College of EngineeringBrian Bard  ................Student Health CenterTim Carmichael  ........Belk College of BusinessAlex Chapin  ..............College of Liberal Arts & SciencesRose Diaz  .................College of Arts + ArchitectureDane Hughes  ............College of EducationJoe Matesich  .............College of Computing and InformaticsMichael Moore  ...........College of Health and Human Service

ResourcesCollege Data Security Officers http://itservices.uncc.edu/home/it-policies-standards/data-security-officers

IT Policies & Standardshttp://itservices.uncc.edu/home/it-policies-standards

Security Awareness Traininghttp://itservices.uncc.edu/home/information-security/information-assurance/security-awareness-training

Human Subjects (IRB) http://research.uncc.edu/departments/office-research-compliance-orc/human-subjects

Checklist & Data Security Planhttp://research.uncc.edu/departments/office-research-compliance-orc/human-subjects/3rd-party-data-requirements

QUESTIONS?

DATA MANAGEMENT

DATA SECURITY