PennERA Proposals Collection Data Security

PennERA Proposals Data Collection Access Prerequisites
Those who wish to access the PennERA Proposals data collection must submit the Data Warehouse Access Request eForm for PennERA Proposals data. (Note: Those who had access to the Sponsored Projects data collection were automatically given access to the PennERA Proposals data collection when it became available.) Those who have access to BEN Financials will be given similar access to PennERA Proposals. (For example, someone with access to Cancer Biology, Org. # 4130 in BEN Financials will be given access to PennERA Proposals data for Cancer Biology.) Those who do not have access to BEN Financials must specify the level of access they require.

Releasing Data Outside the University
Be cautious about releasing PennERA Proposals data outside the University. If you do not customarily release data outside Penn, and you receive a request for data to be sent outside the University, contact the Office of Research Services (898-7293) or Institutional Research (898-5897).

Keep a Log
You might want to keep a log of the reports you create, even if you are giving it to someone within the University. The log might include:

• Who requested the data.
• When they made the request.
• What data they requested.
• Why they requested the data/how they planned to use it.
• What query and/or report you used.

Releasing Data Within the University
Within the University, PennERA Proposals data may be disclosed only if it is needed to do the business of the University, and only to those who need to know the information in order to do their jobs. If you are not sure whether to fulfill a request for PennERA Proposals data, call the Office of Research Services (898-7293).

Questions you shoud ask to help decide whether to fulfill a request for Sponsored Projects data:

• Who wants the information?
• Why do they want the information?
• For what purpose will the information be used?
• If they pass the information on to someone else, for what purpose will that person use it? Note: Usually, the data should be for the requestor's use only. No data should be posted in a public place including the World Wide Web.
• How will they secure the information once they have it?
• How will they dispose of the information when they are done with it? For example, hard copy reports should be shredded.

Desktop Security
Query Results. If you save your query results in Excel, pdf, or any other local file type, you must see to it that any sensitive data stored on your peronal computer is safeguarded through physical security, access control software, or encryption.

• Examples of physical security are locked offices and locked keyboards.
• Examples of access control software are a screen saver with password protection (which your computer has been set up to initiate at startup) or specialized desktop security software.
• If you encrypt your query results, you will need to decrypt them before accessing them with Business Objects.

Warehouse Access
When a computer is left signed to an account, it is easy for someone to gain unauthorized access. Either sign off from your account before you leave your computer or restrict access by some other means (physical security or access control software).

Your warehouse password must be changed every three months (or more often, if you so choose.) Follow the change passwords link for additional information on Oracle password security.

Security and Privacy
The Penn Computing Web page on Security & Privacy offers:

• comprehensive information about securing personal and institutional data
• important security information and usage tips
• comprehensive privacy information, including information about Penn's privacy initiatives and identity theft
• University security & privacy policies

For more information on security and privacy, contact the Office of Information Security.