NYU is committed to protecting and securing its research data. This flow chart is designed to assist faculty identify the level of security required for their research data and the resources to assure its confidentiality.
In order to safeguard NYU's information assets (i.e. systems and data), research data is classified as low, moderate, or high risk data. The protection of research data may be guided by federal regulation or sponsor requirements. More stringent measures of security are required as the level of risk increases.
With research data, faculty should follow moderate or high risk guidelines.
An example of low risk data may be data sets that is widely available on the internet without any access restrictions may be low risk.
An example of moderate risk is unpublished research data that is not classified high risk.
Example of high risk data include:
After reviewing the Electronic Data and System Risk Classification Policy, follow NYU's three step process for classifying your data.
Review your existing research processes which request or process data in order to assess the state of data security. Consider:
Review your data storage and collection processes. Consider:
Implement data security standards which will assist you and your department in securing sensitive data from unauthorized access or breaches. Consider:
NYU provides a variety of storage solutions. Compare the qualities and security levels available with NYU Drive, NYU Box, NYU Stream, Research Workspace and Windows File Sharing. Contact Secure Research Data Environment (SRDE) for assistance.
Research at NYU frequently involves international collaborations and international travel. In turn, travel related to international collaborations often involves traveling with research data, equipment such as laptops, and software. Review NYU’s guidelines on traveling internationally with technology and research data.
Before traveling internationally consider the following four questions:
Various U.S. Government agencies impose restrictions on taking research data or items overseas and on travel to particular international destinations.
An export license and/or import permit might be required to travel internationally with research data or items. Some destinations are sanctioned by the U.S. Government; special travel guidelines apply.
Export control restrictions may apply to taking research data or items abroad depending on whether the technology is military/defense related or dual-use and the destination of travel.
It is important to ensure that you do not accidentally export controlled information or provide any type of assistance to an entity/person on a restricted party list maintained by U.S. Government.