Security Guideline for Level 3 Data


“Integrated Database Project - Disease Analysis DB Group” (Lead by K. Tokunaga, University of Tokyo)


I. Introduction

This Guideline is applied to the controlled access data (Level 3 Data) (hereinafter, “Data”). The Data are the anonymized personal-level genomic data (with clinical information) or any data that can identify an individual, which must be properly managed according to this guideline and must not be released to the public.

The purpose of this Guideline is to ensure that Data provided by the “Integrated Database Project - Disease Analysis DB Group” (Representative Institution: University of Tokyo) will be securely stored and protected from disclosure to any person who is not authorized to access, whether with malicious intent or negligence. For this purpose, the following security measures must be taken. Those measures include especially that protection of any system storing Data from direct access via the Internet, and prohibition of posting Data on any website or FTP server. Data placed in the sharing system must be securely protected, and must be accessed only by the investigator who is authorized to access Data (hereinafter, “Principal Investigator (PI) ” and “Co-investigator(s) ”, or “Approved Users” collectively).


II. Ensuring Security of Data

Data are considered confidential information. Approved Users must endeavor to protect Data according to the following guideline. The conditions specified here are only the necessary minimum requirements, and Approved Users must comply with any additional restrictions imposed by their institution.


a. Use of Data in Secure System by Approved Users

PI must retain the original of Data. Approved Users must properly manage all copies derived from the data (including excerpted data set), and must not let any person other than Approved Users use a copy of the data.


b. Security Measures for Electronic Files

1. Data must be stored on a secure computer or server, and must not be stored on any network drive or server opened to the outside.

2. These files must not be released on the Internet. Data must not be posted on the website of the investigator/research institution because any released file is detectable by the Internet search engine (e.g. Google and MSN).

3. Designate a powerful password for file access, and never share the password with someone else.

4. Whenever leaving the office/lab, close the Data file or lock the computer.

5. Install a password-protected screensaver that activates fifteen (15) minutes after the interruption of work.


c. Physical Security Measures

1. Handle Data printed on paper or stored on CD-ROM, flash drive, laptop PC or other portable media in the same way as cash.

2. Do not leave Data in a place that cannot be monitored or a room not secured under lock and key.

3. Data and the device on which Data is used must be secured under lock and key.

4. If Data are carried in portable media, designate passwords on these media themselves, and exercise special care in preventing loss or theft. (Pay special attention when handling a flash drive, which is small and easily left alone and forgotten.)


III. Ensuring Security of Data Stored on Server

When Data are stored in any server in using Data, Approved Users must observe the following conditions.


1. Do not connect the server containing Data directly to the Internet. (The server must be placed inside the firewall or within a limited network not connected to the outside.) Any unnecessary service must be suspended.

2. Use security patch to keep the system updated.

3. Data on the system must be kept from viewing by other users (by restricting authorization to access the directory to Approved Users.) If Data are to be taken out of the system by file sharing, access to the remote system must be restricted.

4. Use encrypted communication (e.g. SSH or VPN) when accessing the system remotely. It is preferable to use the tool that permits “viewing only” and does not allow data copy such as RDP, X-windows or VNC.

5. Ensure that all users of Data receive the IT security training appropriate for access to Data, and they are familiar with the restrictions and responsibilities relevant to the access to Data.

6. If Data are used in multiple systems (e.g. PC cluster), check for compliance with this security procedure during the Data processing process in all systems. If Data are temporarily stored in the local system, protect the relevant directory during the processing period, and delete Data at the end of processing.


Approved Users must implement the above protective measures and endeavor to ensure the secure data environment at all time.


IV. Disposal of Personal-Level Data after Completion of Data Use

When Data use is completed, personal-level data must be disposed by the following methods.


1. Shred paper media containing Data.

2. Securely delete any electronic file.

3. At the minimum, empty the trash box on the PC after deleting the file.

4. Most appropriately, use a secure method, such as the electronic “shredder” program that completely deletes and overwrites the data.