Data Management
Lesley A. Brown
Director of Proposal Development
Data Management
Take home message:
Data Management = Data SHARING
Data Management
A Data Management Plan (DPM) outlines
the procedures you will use to manage your
data during your research and explains how
you will share your data and research
results after the completion of the research
project.
Creating a Data Management Plan
• Review funding agency requirements.
• Determine what type(s) of data will be
produced (e.g., quantitative, qualitative,
sensitive).
• Determine metadata standards.
• Determine protections for sensitive or
classified data.
Creating a Data Management Plan
• Determine what policies will govern data
sharing and reuse.
• Determine how you will archive and preserve
your data.
What is Metadata?
• Data about data.
• Two types
– Structural: data about the containers of data.
– Descriptive: individual instances or the data
content.
• Metadata often includes information on the means
of creating the data, purpose of the data, creator or
author of the data, location on the computer
network, and standards.
NSF Data Management Plans
• Required since 2011 for all NSF research
proposals.
• No more than 2 pages in length.
• Describes how the proposal will conform to
NSF’s Data Sharing Policy.
NSF Data Management Plans
An NSF DMP should include:
• Types of data to be produced (including samples,
physical collections, software).
• Metadata standards to be used.
• Policies for access and sharing (including provisions
for privacy/intellectual property where necessary).
• Policies and provisions for re-use.
• Plans for archiving and ensuring long-term
preservation.
NIH Data Sharing Policy
• Published in the NIH Guide on February 26,
2003.
• Data should be made as widely and freely
available as possible while safeguarding the
privacy of participants, and protecting
confidential and proprietary data.
NIH Data Sharing Policy
NIH Policy on data sharing applies:
• To the sharing of final research data for
research purposes.
• To all types of research supported by NIH.
• To applications seeking $500,000 or more in
direct costs in any year through grants,
cooperative agreements or contracts.
NIH Data Sharing Plan
•
•
•
•
•
•
An NIH Data Sharing Plan should include:
Schedule for data sharing.
Format of the final dataset.
Documentation to be provided.
Whether a data sharing agreement will be required.
Mode of data sharing (website, data archive, data
enclave).
What Is a Data Enclave?
• Provides a controlled, secure environment in which
eligible researchers can perform analyses using
restricted data resource.
• Datasets that can’t be distributed to the general
public (e.g., because of participant confidentiality
concerns, third-party licensing or use agreements
that prohibit redistribution, or national security
considerations)can be accessed through a data
enclave.
Resources
• UNC Charlotte Atkins Library.
• http://guides.library.uncc.edu/datamanageme
nt
• Information on NEH, NSF and NIH policies.
• Sample plans.
• Link to DMP Tool at University of California
Curation Center.
• Links to funder requirements and templates.
Resources
• University of Minnesota Libraries.
• https://www.lib.umn.edu/datamanagement/
DMP
• Full collection of data management
information, including examples in a variety of
disciplines.
Research & Economic Development
Office of Grants and Contracts Administration
• Data Security
• Presented by Debbie Bolick
• September 24, 2015
Data Security
Data security
• Means safeguarding data, from being lost,
modified, or unauthorized access
Monitoring
• That responsible parties are compliant with
security plans
Termination
• Disposition or Sanitization of Data
What type of Data is being protected?
• Defined personally identifiable information
• Information that can be used to distinguish or track an individual’s identity such
as name, SSN, or biometric information
•
Indirect identification
• using information in conjunction with other data elements to reasonably infer the
identity of a respondent such as a combination of gender, race, date of birth,
geographic indicators, or other descriptors
• Non-identifiable information
• Tracking purposes
CIPSEA
• Confidential Information Protection and Statistical Efficiency Act
of 2002 (CIPSEA), Implemented June 15, 2007
• Provides strong confidentiality protections for statistical information
collections sponsored by or conducted by more than 70 Federal
agencies
• Establishes uniform policy across Federal agencies
• Authorizes data sharing among specified agencies (Bureaus of
Economic Analysis, Labor Statistics and Census) to include
identifiable data
• CIPSEA data may only be used for statistical purposes
CIPSEA
•Penalties for non-compliance
•Class E felony with imprisonment of not more
than five (5) years
•Fine of not more than $250,000
CIPSEA Implementation Guidance
• Harmonized principles and processes and set
minimum standards
• Utilized best practices for handling
• Addressed intersection between CIPSEA and Privacy
Act of 1974 for non-statistical uses
Authority
Federal agencies empowered to make
determination about the sensitivity of their information used
for statistical purposes under a pledge of confidentiality
Applies to local and state governments
collecting data for federal agencies
Special procedures required for use of laptop
computers, PDAs, zip drives, floppy disks, CDROMs or
any other IT devices
Minimum Standards
• All persons with access understand his/her responsibility related to
maintaining confidentiality of information
• Monitoring procedures for collection and release
• Evaluating the reason for and controlling access
• Maintaining physical and information systems security
• Required Training
• Overview of protection procedures
• Limit access to those with a “need to know”
• Physical and information systems security procedures must be
in place
• Penalties
Ensure Controls
311.9 Regulation Regarding Third Party Data
Subject to Contractual Access
Data Security at UNC Charlotte pursuant to Policy 311.9
Implemented February 2011
Policy for handling and safeguarding electronic third
party data
• Received from third parties
• Subject to contractual access restrictions.
Ensures that adequate precautions are implemented prior
to receiving such data
• Maintain the security and confidentiality of covered data; and
• Protect against the unauthorized access or use of such records
or information in ways that could violate the University’s
agreements with third parties who supply such data.
Initiate Request for Data?
Data
Security
Officer)
• First Point of Contact
• Data Security Plan
• Checklist
• Data Use Agreement
• Document Repository
University • Submits to Agency
Signatory
Data
Sponsor
• Agency releases Data to PI
Ongoing Monitoring
• Signs Use
Agreement
• System of
Record
Signator
y Unit
Internal
Audit
• Random
audits
• Collaborative
role
Responsib
le Party
• PI (Lead
Custodian) cannot
be a student
• Authorizes
Updates and
monitor
• Students
• Research staff
Information
Security
• College Data
Security Officer
• Central IT
DSO list
Data Security Officers
Effective April 2015
Charles Andrews ......Metropolitan Studies and Extended Academic Programs
William Ardern .........William States Lee College of Engineering
Brian Bard ................Student Health Center
Tim Carmichael ........Belk College of Business
Alex Chapin ..............College of Liberal Arts & Sciences
Rose Diaz .................College of Arts + Architecture
Dane Hughes ............College of Education
Joe Matesich .............College of Computing and Informatics
Michael Moore ...........College of Health and Human Service
Resources
College Data Security Officers
http://itservices.uncc.edu/home/it-policies-standards/data-security-officers
IT Policies & Standards
http://itservices.uncc.edu/home/it-policies-standards
Security Awareness Training
http://itservices.uncc.edu/home/information-security/information-assurance/security-awareness-training
Human Subjects (IRB) http://research.uncc.edu/departments/office-research-compliance-orc/humansubjects
Checklist & Data Security Plan
http://research.uncc.edu/departments/office-research-compliance-orc/human-subjects/3rd-partydata-requirements
QUESTIONS?