From the life sciences to the social sciences, data is the lifeblood of research. Researchers deal with all sorts of sensitive information, ranging from personally identifiable information and medical records to proprietary data and confidential survey responses. Harnessing these vast quantities is what propels scientific discovery, problem-solving, and innovation.
However, protecting such sensitive data is crucial for maintaining the integrity of research, safeguarding participant privacy and rights, and upholding public trust. As such, research data must be protected through all phases of research, from collection to storage to analysis and archival or destruction. The process begins with establishing a safe and secure channel for requesting data and documents, whether for collecting survey data or sharing research materials and findings among peers.
The High Stakes of Insecure Data Collection in Research
Research often involves conducting research surveys that may collect sensitive data like Personally Identifiable Information (PII), Protected Health Information (PHI), confidential responses, etc. as well as requesting and sharing proprietary and confidential research findings. Without taking proper security measures, all of this research data collected or shared via the Internet and stored on third-party SaaS servers is susceptible to manipulation, data leaks, and breaches.
Sensitive data stored in clouds or on local devices can be exposed or manipulated through stolen credentials or compromised devices. Unfortunately, a data breach in research can compromise the confidentiality of research participants and undermine the credibility of research findings.
It can lead to identity theft, financial loss, and emotional distress for the involved individuals.
The reputation of research institutions can be irreparably damaged, eroding public trust in the scientific community.
Compromised data can skew research results, leading to false conclusions and recommendations.
From a legal perspective, insecure data collection can expose research institutions to significant financial penalties and legal liabilities under regulations, such as the GDPR and CCPA.
As such, implementing secure data-gathering processes and channels is a fundamental ethical obligation for research institutions. Additionally, the collected data must be digitally signed and notarized by an independent third party, provided that no access or storage privileges are granted to the third party. This helps researchers verify and prove that the data has not been manipulated.
Do’s and Don’ts of Secure Data Collection
✅ Do: End-to-End Encryption Ensure that all data is encrypted before it ever leaves the sender’s device and decrypted only at the receiver’s end, making it unreadable to anyone who might intercept it during transmission. | ❌ Don’t: Use Email for Sensitive Data Standard email services do not use encryption by default, making them prone to interception. Credential theft and email account compromise can also expose sensitive and confidential information collected via email. |
✅ Do: Utilize Secure Data Collection Platforms and Tools Use specialized platforms designed for secure data collection and file sharing that offer robust security features such as encryption and access control to ensure confidentiality and digital signatures to ensure integrity, authenticity, and non-repudiation. The chosen platform must comply with industry-specific and regional data protection regulations. | ❌ Don’t: Upload Data to Service Providers' Servers Avoid services and solutions that require senders to upload requested unencrypted data and files to their servers for sharing. Putting data in providers’ hands means the provider can access the data and potentially use it for purposes such as AI model training and fine-tuning their LLMs. |
✅ Do: Choose Data-Blind SaaS Use solutions that do not have visibility into the data being shared or processed. It ensures that the data remains private only to the relevant parties. | ❌ Don’t: Use Solutions that Require Extra Steps from Senders or Participants Avoid platforms that require senders or participants to download software or register before sharing data, files, or responses. This can deter participation or prompt the sender to share data via unsecured channels. |
✅ Do: Implement Document-Level Cryptographic Access Control Restrict who can view shared files or submitted responses through cryptographic access control. Ensure that only authorized entities with relevant decryption keys can access sensitive data, which should be encrypted on the sender's side. Encryption-based access control at the data and document level ensures data privacy even in the case of accidental leak or exposure. | ❌ Don’t: Access or Store Research Data on Unsecured Devices Use devices with up-to-date security software to access submitted or shared data, and store it on secure servers and storage infrastructure. |
Secure and Compliant Data Collection and Sharing with Confidencial’s Secure Data and Document Exchange (SDX)
Confidencial.io provides a comprehensive suite of easy to use web-based and programmable workflows and data protection tools to facilitate secure data sharing and collaboration. Confidencial’s Secure Data and Document Exchange (SDX), one of our key offerings, provides a secure and compliant platform for requesting sensitive data or forms or confidential documents and files from both internal and external parties. It lets you create custom forms with any configuration of data fields or attachment boxes to request up to terabytes of privileged data in any format – Word, PDFs, images, and more.
Confidencial Secure Data and Document Exchange (SDX) guarantees:
End-to-End Protection: Data is encrypted and digitally signed, if required, at the sending client side and only decrypted at the receiver’s side – in the browser on view or download or via the SDK plug-in for applications like MS Office.
Data-blind Architecture: We never see or view your data. It’s transferred directly to your infrastructure or cloud storage that you control, including OneDrive, Google Drive, AWS S3, Azure Blobs, GCP, Box).
Access Control and Audit Trails: You can choose who can view submitted responses and shared data after it’s received. Access to the data is also always audited as any portion of it has to first be decrypted in the browser before it is viewed.
Built-in Tracking: You can monitor the status of survey responses and document submissions.
A Painless User Experience: Users do not need to download software or remember passwords to respond to your data requests.
Seamless Integration: Confidencial is fully compatible with your existing on-premise and cloud storage solutions and file formats.
Document Request Templates: Create reusable templates for requesting data, which can be as simple as a file upload request or complex, multi-step surveys or questionnaires with instructions, terms and conditions, and various form fields.
Optional White-labeling: You can customize data requests with your company’s branding and personalized messages.
By utilizing Confidencial’s Secure Data and Document Exchange (SDX) for research surveys and collaborations, institutions can significantly enhance data protection and other security requirements and streamline data collection and sharing workflows. Safeguarding the integrity and confidentiality of research data is paramount and Confidencial can help you ensure that. Using Confidencial allows researchers to focus on what truly matters: groundbreaking discoveries and innovation.
Get in touch with us today for a live demo!