Introduction
Quick Checklist
-
Don’t upload files to Dropbox, google drive, or any online hosting service. These systems may claim to not save any data, but the lab is liable for even an inadvertent data breach.
-
With regards to protected lab data, do not use applications that require internet access such as Office Online or Dropbox. Use applications that run on your local machines instead.
-
Disconnect your wifi/Internet cable before beginning transcription. This is to ensure that no malicious actors can access the transcription files remotely. This is also to ensure that no programs on your computer will sync to a cloud leading to the uploading of the transcription files onto the internet.
Security within the lab
- Close all programs when you leave. This is to ensure that no participants’ privacy can be breached by anyone looking at your screen while you are transcribing.
- All files are to be stored on a secure server and only accessed from such a server on secured computers. No files will be downloaded on any personal computer. No copies will be made unless for an activity that has been ethically approved by the PI.
- Every employee will maintain confidentiality with regards to all content on the audio recordings, with the only exceptions being other members of the transcription team who have received similar or more training in data handling. The other exception is if you obtain information from the recordings which fits the Mandatory Reporting Guidelines, which can be found on page 7 of the complete Data Handling Handbook.
-
If you are holding onto a portable device that contains protected information, you should also take care to lock it in a safe place when you leave the room, or to keep it on your person at all times. If possible, avoid storing any confidential data or personal details on portable storage devices and access the local network using only secure methods. If absolutely necessary to use a portable storage device, set access codes to your portable devices and always use strong passwords or access codes.
As a reminder, the criteria for a strong password includes:
- 8-16 characters
- at least one upper case letter
- at least one lower case letter
- at least one number
- at least one special symbol %$ etc.
Do check out the NTU guideline on strong passwords for further tips: https://pwd.ntu.edu.sg/
- In the situation of a data breach, no matter what kind of data breach, your main role is to inform your supervisor immediately, before taking any action. Your supervisor is better equipped than you are to handle such situations.