Sensitive Research Data

Some data that is used for research purposes contains sensitive or proprietary information that should not be exposed to others who are not involved in the research. Researchers may need more sensitive-level data to appropriately answer a research question. UNCW's data governance team has classified certain types of data based on sensitivity or risk level, which governs how data should be managed (accessed, stored, and handled). 

UNCW researchers needing a secure space to safely work on sensitive or restricted data--whether they collected the data themselves or receive it from external sources with permission--may not have a convenient, consistent, and secure location that meets the needs of this type of data. For example, some data owners require that data be handled on university premises, not in personal homes, and kept in a locked room, yet graduate students may not have consistent access to a locked office on campus. Other data owners may have specific security conditions in which a faculty member would not consider their physical office or digital setup to be secure enough.

For any UNCW researcher, the library welcomes you to use the Secure Data Room at UNCW to access, handle, store, and destroy their sensitive data for the duration of their research project.

The Secure Data Room meets ISO-27002:2022 digital and physical data security compliance standards.

Hardware: Three (3) Dell Optiplex Small Form Factor (Plus 7010) desktop computers, within a UNCW private isolated network for the room, equipped with the following:

• Microsoft Windows 11 operating system
• Processor: Intel (R) Core TM i5-13500
• Memory: 16 GB

File Storage

• All files located locally on the Secure Data Room workstations will be deleted upon computer restart due to the computer’s DeepFreeze settings; therefore there will be no local storage (outside of a researcher's reservation worktime) or backups created for the restricted data on the computer. Files must be saved manually by the researcher onto the researcher's OneDrive folder for the approved research project or onto approved external media with hardware encryption or software encryption such as BitLocker rather than automatically synced to OneDrive. (For external media recommendations, please see UNCW's Recommended Encryption Tools). In no case should data be downloaded or accessed from the cloud storage outside of the Secure Data Room or otherwise be copied onto media or devices not approved in the researcher’s approved Data Security Plan for the project.
• Any derivative physical files, as well as any external media used for the data, must be stored in the researcher's locker (one locker per project) inside the Secure Data Room.

UNCW-affiliated researchers are eligible to apply to use the Secure Data Room. Use of the room is not allowed if you do not request and get approval--per project--first. The wait time between submission to approval should be only a few days.

Applicants should read the Secure Data Room's Access Standard (link) as well as its Computer Usage Standard (link). The library will not be legally responsible for improper utilization of the space; however, it can remove access for users who fail to comply with these standards.

Researchers are expected to have completed the steps found here prior to submitting an application. With questions about the Secure Data Room, please contact UNCW's Data Librarian, Lynnee Argabright (ArgabrightL@uncw.edu).

Please apply to request to use the Secure Data Room using this link: https://library.uncw.edu/forms/secure_data_project_application

After you submit the application (per project), this is what you can expect:

1. The library will review the Data Project Application and reach out with any questions if necessary. We will keep all researcher applications for audit purposes.
2. The library will approve your application, grant you one-year long OneCard access to the room, and send you a private link to book reservations on the workstations inside the Secure Data Room.
3. You may book Secure Data Room workstation reservations as needed while the library is open.
4. You may work in the Secure Data Room at the time of your reservation, leaving all belongings in a locker located inside the room that will belong to your research project for the duration of your project. Only one person per OneCard access swipe should enter the room, for audit purposes. There should be a maximum of three users in the room at a time (one user per workstation).
5. Every year, the library will send you an extension request by email to ask if you still need the room for your approved research project. If you do not respond, your OneCard access to the room will be cut off. If you no longer need to utilize the room for your project, please contact us so we can cut off your secure access sooner.

Source of Authority: 07.300.03 Physical and Environmental Security

Related Links: 01.250 Data Governance and Management Policy

• I understand that in order for me to get access to the Secure Data Room, I must submit a Data Project Application per data project, which includes attaching the data security plan/Data Use Agreement that I had agreed to with the data owner.
  • If I want to work on multiple data projects, I must submit separate Data Project Applications to the Secure Data Room.
  • If my data project will have multiple people needing access to the data in the Secure Data Room, each person will need to be listed in the same Data Project Application, and each person will need to have been included in the Data Use Agreement that was signed with the data owner.
• I understand that my access to the Secure Data Room lasts for 1 year at a time, and that to get access for an additional year, I must respond to the Extension Request Form email that will be sent to me. A new Data Project Application for room usage is not needed if I am continuing to work on the same data.
• I certify that I will only work on the project that my reservation says I will be working on during the time of my reservation
• I certify that I will not let anyone else into the Secure Data Room besides myself.
  • If I am working with multiple people on the same data project, all people must separately use the OneCard access reader to enter the room for an accurate door count audit.
• I certify that I will use the specific computer space that I reserved.
• I certify that I will not bring external objects into the computer space. So, for example, I will keep my phone and bag in the antechamber of the Secure Data Room, away from my workspace.
• I certify that I will not bring the source data or any derived data (including paper notes) outside with me as I leave the Secure Data Room, unless approved by the data owner. Anything that I need to store physically in the Secure Data Room will be kept in an antechamber locker, per project, until it is ready to be destroyed.
• I understand that if I am found to be in violation of any of the above conditions, my access to the room will be removed and the room’s administrators will follow university protocol for an appropriate course of action. See here for the violation policy.

Source of Authority: 07.100.00 Responsible Use of Information Technology Resources

Related Links: N/A

• University computers and all other UNCW owned equipment are to be used solely for the purpose of conducting the business of the university.
• Printing, copying, and faxing will not be possible for files using the computers in this restricted access room.
• Users must adhere to the same policies regarding the use of information technology and other University resources as the other university employees.
• All passwords, information and data is confidential and should not be shared in any way.
• Besides project-approved restricted data files, access to shared information (such as other data files belonging to the user) located on UNCW-supported cloud infrastructure should be limited to the level of access necessary for working with sensitive data. Utilization of the shared information should be in compliance with the data owner’s Data Usage Agreement.
• Installation of programs is limited to those necessary for the completion of data handling and will be installed by Library ITS. Download and installation of unauthorized software is prohibited. If any additional programs are required, contact ArgabrightL@uncw.edu.
• Individuals using the UNCW computer system are subject to having their activities on the system monitored and recorded by system personnel. Anyone using the UNCW computer system expressly consents to such monitoring and is advised that if such monitoring reveals possible evidence of criminal activity, system personnel may provide evidence of such monitoring to law enforcement officials.
• Data files should never leave the restricted access room unless approved by the data owner. University equipment should never leave the restricted access room.
• Utilization of this State of North Carolina owned computer system serves as an acknowledgement that you have read, understand and will comply with UNCW policies regarding its appropriate use in accordance with provisions set forth within North Carolina General Statutes. Policies can be found at uncw.edu/policies.