A data security plan must acknowledge all potential risks to participants and ensure that adequate steps are detailed to minimize and manage those risks.
Researchers proposing the use of linked data must develop and implement a security plan to protect the personal information and the privacy of the people whose information they are using. It is essential that the security plan is commensurate with the level of risk associated with the proposal and the likelihood of this harm eventuating.
The identifiability of the data and the associated risk to privacy will vary throughout the stages of an individual research project. For example linkage variables sent from a data custodian to a linkage unit are identifiable; content data sent from data custodian to researcher is re-identifiable; a researcher merging content data from several data collections the data is - re-identifiable or possibly identifiable depending on the amount of data that the researcher has and their skills and experience.
A data security plan should identify the type of data, its level of risk and the measures proposed to manage the privacy risks at every stage of the research project.
There are a number of different elements of data security which should be addressed in a data security plan. These include:
Personnel security controls - this includes limiting access to only those people assessed to be suitable and whose work responsibilities specifically require them to access these resources.
Administrative Security Controls - consists of approved written policies, procedures, standards, guidelines, security training, risk assessments and external reviews.
Protection of identity - such as the separation of identifying information and content information and statistical disclosure control in publication of results.
Physical security - physical barriers should be in place to prevent access by unauthorised people.
Technological Security - this includes password protection, encryption, firewalls and the use of stand-alone computers.
Secure Transportation - both physical and technological protection should be used in transporting information.
Secure Retention and Disposal - transparent and secure arrangements should be made for the retention and final destruction of the data after the project is complete.