Data Security

UC Berkeley is committed to providing an environment that protects the privacy and security of information and electronic resources necessary to support our mission of teaching, research, and public service. Researchers working with confidential or restricted data must comply with campus policies and protocols to ensure sensitive data is protected. Understanding whether your data need certain kinds of precautions and then finding the appropriate environment that still allows you to perform your research in the most efficient manner can be challenging tasks. Contact RDM Consultants (researchdata@berkeley.edu) who can put you in touch with our network of experts. See the Berkeley bConnected Privacy & Security page to learn more about how you can securely work with and share sensitive research data. See also our case study, Best practices for working with sensitive data (Q&A).

Defining Confidential and Restricted Information

Confidential Information: The term “confidential information” applies broadly to information for which unauthorized access or disclosure could result in an adverse effect. To address this risk, some degree of protection or access restriction may be warranted.

Restricted Information or Data: "Restricted information" is UC's term for the most sensitive confidential information. Restricted information or data is any confidential or personal information that is protected by law or policy and that requires the highest level of access control and security protection, whether in storage or in transit.

Examples of Restricted Data

Personal Identity Information (PII) Electronic protected health information (ePHI) protected by Federal HIPAA legislation Credit card data regulated by the Payment Card Industry (PCI) Passwords providing access to restricted data or resources Information relating to an ongoing criminal investigation Court-ordered settlement agreements requiring non-disclosure. Information specifically identified by contract as restricted. Other information for which the degree of adverse affect that may result from unauthorized access or disclosure is high.

Resources
Berkeley Data Classification Standard
Human Research Protection Program 

Research data lifecycle: