In the ever-evolving landscape of data management, ensuring the security of sensitive information while facilitating seamless collaboration is a critical concern. Recently, I had the opportunity to sit down with Dr. Eliza Porter, a data scientist with extensive experience in managing and sharing data in academic research settings. During our conversation, she shared her insights on best practices for data security, particularly when it comes to handling data from human subjects or other restricted access sources.
Dr. Porter began by emphasising the importance of implementing similar levels of security across all platforms that handle sensitive data. “Whether you’re using a local NAS, server storage, or cloud-based solutions like OneDrive or Microsoft Teams, maintaining a consistent security protocol is crucial,” she noted. Dr. Porter explained that this consistency helps safeguard data integrity and prevents unauthorized access, which is especially vital when dealing with personal identifiable information (PII) or protected health information (PHI).
In her current role at a leading research institution, Dr. Porter has become well-versed in using OneDrive as part of the Microsoft 365 suite. “OneDrive provides an incredible amount of collaborative storage space,” she said, “but it also requires careful management of shared access to ensure compliance with HIPAA and FERPA standards.” According to Dr. Porter, the key to successful data sharing with OneDrive lies in configuring the platform correctly and monitoring access settings diligently.
“One of the most common pitfalls is accidentally setting files or folders for open public access,” she explained. “This can happen easily if you’re not vigilant, especially when dealing with folders containing PII or PHI.” Dr. Porter recommended encrypting files and employing password protection wherever possible. She also highlighted the importance of assigning a team member to regularly review and administer access settings to prevent any lapses in security.
Beyond OneDrive, Dr. Porter discussed the merits of using Microsoft Teams for collaborative storage. “Teams offers additional tools for communication and project management, which can be invaluable for research teams,” she said. However, she cautioned that, like OneDrive, Teams requires careful management to avoid inadvertently broadening access to sensitive data.
Dr. Porter shared a valuable piece of advice: “Never send emails with identifiable information or files, even within internal exchanges. It’s a risk not worth taking.” Instead, she recommended using secure platforms like OneDrive, SharePoint, or SAFE Desktop for data transfer. This approach aligns with her institution’s data transfer policy, which discourages the use of email for sharing files derived from human subject research.
When it comes to third-party cloud services like Dropbox, Dr. Porter’s stance was clear. “They’re generally not approved for handling PHI or PII,” she stated. “Instead, it’s best to stick with institutionally approved services, which offer a more secure and compliant alternative for both internal and external collaborations.” She added that using external services often requires additional review and approval, which can be time-consuming and cumbersome.
Dr. Porter’s insights underscore the delicate balance between facilitating collaboration and ensuring data security. Through her experience, she has learned that the key to effective data management lies in adopting a proactive approach. “It’s all about anticipating potential risks and implementing preventive measures,” she said. Her commitment to maintaining high standards of security reflects a broader trend in the field of data science, where protecting sensitive information is paramount.
As our conversation drew to a close, Dr. Porter left me with a thought that encapsulates her philosophy on data management: “In this digital age, data is both a powerful tool and a profound responsibility. We must handle it with the utmost care and vigilance.” Her words serve as a reminder that in the quest to harness the potential of data, safeguarding its integrity should always remain a top priority.
Fallon Foss