"Bad things can happen to good science", as the Open Science Cyber Risk Profile acutely states. While you may not think of it at first, the data, ways of working, and collections created in your collaboration are valuable and deserve protection. External cybersecurity attacks of course come to mind, but in many cases inadvertent accidents happen and are at least as big a risk.

Working with sensitive and personal data

When the research data contains personal data, you may be required by regulation or law to perform specific risk assessments, like a Data Protection Impact Assessment (DPIA). The same holds true in case you work with human data and your research is subject to medical ethical guidelines. 

Of course also the AAI itself will use and generate personal data as part of providing access to services. This is not the kind of data that usually leads to specific risks, as long as you follow the REFEDS Data Protection Code of Conduct. And of course if you engage platform providers for your AAI make sure these follow the REFEDS good practices as well.

Beware also of data-level access control, and how to work with replicated data. This usually needs a data access management system, such as the Resource Entitlement Management System (REMS), a tool for managing access rights to data and datasets, or the Data Passports in GA4GH.

When risk assessment is absolutely critical ...

Does your collaboration work with human, societal data, or collects questionnaires? Is your research likely to be classed as dual-use or export restructured? Does the research, or your collaboration users, touch on knowledge safety? Is approval by medical/ethical commissions needed? Are you dealing with biodiversity or genetic resources subject to the Nagoya Protocol? Do a specific risk assessment or ask your institution for guidance.

Resources



  • No labels