Skip to Content

How do I prevent unauthorized access to restricted and/or sensitive data?

Take action

  • Review and understand laws and regulations that govern copyright and protection of research participants
  • Develop and implement policies that enforce compliance with applicable laws and regulations
  • Ensure that storage infrastructure meets standards for protecting restricted data from unauthorized access



The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education.  This website provides comprehensive information on FERPA.

The U.S. Department of Health & Human services website provides comprehensive information and guidance on the U.S. Federal Policy for the Protection of Human Subjects (45 CFR part 46), also known as the "Common Rule." 

The U.S. Department of Health & Human Services website provides comprehensive information and guidance on the HIPAA Privacy Rule, which protects the privacy of individually identifiable health information; the HIPAA Security Rule, which sets national standards for the security of electronic protected health information; the HIPAA Breach Notification Rule, which requires covered entities and business associates to provide notification following a breach of unsecured protected health information; and the confidentiality provisions of the Patient Safety Rule, which protect identifiable information being used to analyze patient safety events and improve patient safety.

Provides links to copyright basics, FAQs, law and policy, etc.  Also includes a circular entitled "Copyright Registration for Online Works" at



SANS and EDUCAUSE have developed a free privacy awareness video that colleges and universities can use during Data Privacy Month in January, and throughout the year, in their privacy education and training efforts.

Discussion on the importance of securing data on the University of California San Francisco's campus.  Generalizable to other institutions.



  • Gertz, Michael. “The Role of Security in Scientific Data Management.” In Proceedings of the 2nd SIGSPATIAL ACM GIS 2009 Workshop in Security and Privacy in GIS and LBS, 1. Seattle, WA: ACM Press, 2009. doi:10.1145/1667502.1667504.

We present an overview of the role of security in the context of scientific data management, covering a number of issues related to data security aspects. Using application domains and data usage scenarios from the physical sciences, geosciences and life-sciences, we elaborate on security risks that indicate the need for advanced data security models and techniques in particular in E-Science settings. For complex data processing scenarios, we discuss opportunities and challenges in developing models and techniques in support of authentication models for data and computations researchers can use to verify the correctness and completeness of data and data products, similar to authenticated data publication schemes developed for traditional relational database. We also take a closer look at the inference problem for scientific data, which now can be seen in a new light, given the various ways in which scientific data can be combined and explored in longitudinal data analysis tasks. This aspect holds in particular true for geo-referenced data, which occur in a variety of application domains. Finally, we outline some important security management aspects in the context of the stewardship and preservation of scientific data.

This paper summarises the overall approach adopted by CLEF to meet data protection requirements, including the data flows and pseudonymisation mechanisms that are currently being developed. Intended constraints and monitoring policies that will apply to research interrogation of the repository are also outlined.

  • Martin, Andrew, Jim Davies, and Steve Harris. “Towards a Framework for Security in eScience.” In Proceedings of the 2010 IEEE 6th International Conference on e-Science, 230–237. Brisbane, Australia: IEEE, 2010. doi:10.1109/eScience.2010.19.

This paper describes an approach to the formulation and classification of security requirements in eScience. It explains why it is untenable to suggest that `one size fits all', and that what is an appropriate security solution in one context may not be at all appropriate in another. It proposes a framework for the description of eScience security in a number of different dimensions, in terms of measures taken and controls achieved. A distinctive feature of the framework is that these descriptions are organised into a set of discrete criteria, in most cases presented as levels of increasing assurance. 

  • McCallister, Erika, Tim Grance, and Karen Scarfone. Guide to Protecting the Confidentiality of Personally Identifiable Information (PII). NIST Special Publication. Recommendations of the National Institute of Standards and Technology. Gaithersburg, MD: National Institute of Standards and Technology, April 2010.

Outlines strategies for protecting sensitive data.

  • Mercuri, Rebecca T. “The HIPAA-potamus in Health Care Data Security.” Communications of the ACM 47, no. 7 (July 2004): 25–28.

Regulations intended to improve health care data access have created new security risks along with headaches for patients and practitioners.

  • Siegmund, Norbert, Janet Feigenspan, Michael Soffner, Jana Fruth, and Veit Köppen. “Challenges of Secure and Reliable Data Management in Heterogeneous Environments.” In Proceedings of the First International Workshop on Digital Engineering, 17–24. Magdeburg, Germany: ACM Press, 2010. doi:10.1145/1837154.1837157.

Ubiquitous computing is getting more important since requirements for complex systems grow fast. In these systems, embedded devices have to fulfill different tasks. They have to monitor the environment, store data, communicate with other devices, and react to user input. In addition to this complexity, quality issues such as security and reliability have to be considered, as well, due to their increasing use in life critical application scenarios. Finally, different devices with different application goals are used, which results in interoperability problems. In this paper, we highlight challenges for interoperability, data management, and security, which arise with complex systems. Furthermore, we present approaches to overcome different problems and how an integrated solution can be realized using software product line techniques.


about seo | group_wiki_page