On Wednesday 14th March we held the second in our series of Digital Research Conversations on Data Security. With the upcoming changes in Data Protection regulations (GDPR) in May on everyone’s minds, it seemed to be a popular subject to discuss. The majority of our attendees were from the Medical School, understandably as they deal with personal data, but it was good to see a number of staff from the Library who were keen to spread knowledge among researchers that they meet. Interestingly there were no researchers from Social Sciences, which considering the sensitive nature of some of their research was somewhat surprising.
After some delicious pizza, first to speak was Dr Jeremy Kidwell, a self-confessed former teenage hacker! Jeremy has a background in network security but now is a researcher in theological ethics so he brought a unique angle to the topic of data security. His question was ‘Why data security?’ Are we getting too hung up on making our data secure? The ultimate data security would be to destroy it (which apparently happens in some organisations), but would you trust a researcher who had destroyed their data? How can we trust the data if we can’t test or reproduce the results? Instead we should focus on making projects open and transparent from the start by getting the appropriate consent for studies.
Dr Jeremy Kidwell (image courtesy of Rebecca Orleans). Jeremy’s slides are available here: https://jeremykidwell.info/files/presentations/presentation_201803_data_security.html#1
Dr Ian Batten from Computer Science then carried on the discussion about whether we are worrying too much about data security. Is your research data valuable to others and worth a lot of effort to steal? Ian discussed the worry there was over contactless cards – with a limit of £30 its not worth the effort needed to hack them – they are better off being a shoplifter! We need to weigh up the balance and take ownership of our data.
Ian’s slides are available here: https://www.batten.eu.org/~igb/DRC.pdf
Dr David W. Evans (image courtesy of Rebecca Orleans).
Moving on from network security, Dr David Evans talked about the clinical side to data security and how we can make the way we collect patient data more secure. As a Clinician and Researcher in Sport Science, the importance of keeping patient data safe is of great concern and the implications for the University if data breaches occur are becoming greater with the upcoming GDPR. The penalities for data breaches will be related to annual income so for departments in the University, fines could potentially lead to whole research groups or even departments being wiped out. David talked about the survey tool REDCap and how it enables researchers to gather survey information in a more secure way. Apps are also being developed (such as MyCap) to allow data to be collected through mobile phones and synced to a REDCap account. Sensors in the participant’s phone can be used to take measurements through tasks designed to test fitness and range of movement eg. recognising tremours in patients with Parkinson’s.
David’s slides are here: https://beardatashare.bham.ac.uk/dl/fiAh7VWgYgQGkLHMiqpqeVNa
We then went on to a lively panel session where Alberto Guglielmi joined us as Project Lead for GDPR. One discussion was on ‘where does data come from and how do we follow through with the right to be forgotten?’ Trials at concentration camps led to the use of gas masks in planes but there will certainly have been no consent for those trials. In response to the question ‘where should I store my password’, there was support for the use of password managers such as LastPass and recommendations to use different passwords for each application, although controversially the requirement to change passwords every 6 months was refuted. Email confidentiality was also discussed and whether we realise how sensitive they can be. Climate Change activists were able to affect legislation by hacking into emails at a Climate Change Unit.
Panel session: Alberto, David, Ian and Jeremy (image courtesy of Rebecca Orleans)
The feedback from attendees was good with one commenting “Excellent, thought-provoking speakers”, although the rather stifling environment and loud air conditioning means we will aim to revert to our former location of Westmere for the next DRC which we are planning to be on software sustainability. Do let us know if you would like to give a talk on the subject or know someone we could invite (firstname.lastname@example.org).