Researchers have these responsibilities:
- Identifying confidentiality and data security obligations, based on laws, regulations, policies, and binding commitments such as data use agreements and participant consent agreements.
- Except in cases where it is the responsibility of a research oversight body, it is the responsibility of researchers to identify the appropriate data security level for research data.
- When the data security level has been established, researchers are responsible for creating and maintaining data documentation, implementing the security controls corresponding to the requirements of the data security level and developing and following a data security plan and procedures over the course of their projects.
Harvard Research Data Security Policy (HRDSP)
http://vpr.harvard.edu/pages/harvard-research-data-security-policy
(sk)
IT security の専門家の目は、 physical security や system security、network security に向きがちだが、data security について、end user にまで、役割をきちっと徹底させるのは、すごい。