Risk and Sensitivity of Data

Mitigating the potential for loss, theft, or unintended release of data is a critical aspect of research data management. The first step to mitigating these events is to assess the potential risks associated with your research data so that you can apply appropriate controls throughout your project.  

Risks associated with research data can be broadly grouped into either the consequences of risk of loss or risk of exposure. Assessing the potential risk-level as it relates to your research data is context dependent and will include considerations for the specific partners, participants, collaborators, funders, and field of research. Certain policies, standards, and guidelines may also help you determine the level of risk or sensitivity of your data. 

Through Advanced Research Computing (ARC), Research Security, the Office of Research Ethics on the Vancouver campus and the Office of Research Services on the Okanagan campus, UBC offers support to determine the risk levels attached to specific data and to interpret policies, standards, and guidelines as they relate to your research. These supports include identifying data management solutions that are appropriate for your project and help ensure relevant compliance with, for example, data storage, controlled access, secure transfer, etc. 

Ultimately, applying a risk-based classification to your research data management will help to protect the confidentiality, integrity, and appropriate availability of your research data by aligning your data management requirements with the right tools, software and equipment to support compliance with any relevant policies or guidelines; it also mitigates the potential for loss or exposure of your data. 

Security Protocols 

Where once security protocols related to research data involved securing data in a locked cabinet in the secured office of the researcher, data stored and transmitted in digital formats has created a much more challenging landscape for securing one’s research data. Once the security implications associated with a particular dataset have been identified and a risk classification assigned to reflect these security implications, UBC’s Advanced Research Computing team can help ensure that the storage and transmission infrastructure you use for your data are compliant with the above assessments. 

Classifying Risk to Research Information 

Regardless of the level of risk or sensitivity you believe is associated with your research project, it is recommended to consult with one of UBC’s information security services when planning a research project that will collect, process, store, and/or share research information. UBC Advanced Research Computing offers guidance on understanding research information classification as well as consultations to help you to classify your information and apply the appropriate safeguards to mitigate potential risk. 

Support 

To help identify issues of concern and ensure compliance with government policy (Canadian and international) as it relates to security concerns about data being shared with external parties, you should connect with the Research Security team. To mitigate threats related to cybersecurity, and risks associated with the potential breach of electronic records containing research data and the infrastructure available to you to safeguard your data, you should connect with Advanced Research Computing. 

Service AreaUnitContact | Resource
Classifying risk and selecting technology solutionsAdvanced Research ComputingRequest a Consultation
Private-sector partners and national securityUBC Research SecurityRequest a Consultation
Research involving human subjectsUBC Research EthicsRequest a Consultation
Research involving non-human subjects, chemical safety and biosafetyUBC Animal Care and Use ProgramContact

Resources

ResourceDescription
Planning with Security and Privacy in MindLearn more from ARC about how to classify the risk level of your data to appropriately provision tools, software and equipment to manage it. 
Controlled Goods and Export ControlsLearn more from Research Securty about best practices and resources to prevent the exportation of data and information to illegal and sanctioned entities. 
SanctionsThis resource from Research Security provides a starting point for researchers to think about controlled goods and sanctions.  
 

UBC's RDM STRATEGY

 

DATA MANAGEMENT PLANS

 

TRAINING & WORKSHOPS 

First Nations land acknowledegement

We acknowledge that UBC's two main campuses are located on the traditional, ancestral and unceded territories of the xwmə0– kwəyˇəm (Musqueam) and Syilx (Okanagan) peoples, and that UBC’s activities take place on Indigenous lands throughout British Columbia and beyond.


UBC Crest The official logo of the University of British Columbia. Urgent Message An exclamation mark in a speech bubble. Caret An arrowhead indicating direction. Arrow An arrow indicating direction. Arrow in Circle An arrow indicating direction. Arrow in Circle An arrow indicating direction. Bluesky The logo for the Bluesky social media service. Chats Two speech clouds. Facebook The logo for the Facebook social media service. Information The letter 'i' in a circle. Instagram The logo for the Instagram social media service. External Link An arrow entering a square. Linkedin The logo for the LinkedIn social media service. Location Pin A map location pin. Mail An envelope. Menu Three horizontal lines indicating a menu. Minus A minus sign. Telephone An antique telephone. Plus A plus symbol indicating more or the ability to add. Search A magnifying glass. Twitter The logo for the Twitter social media service. Youtube The logo for the YouTube video sharing service.