Cyber Summit 2016: A square peg in a round hole: Re-designing high performance computing infrastructure to meet privacy and ethical requirements associated with sensitive research data
Traditionally, natural sciences have predominantly leveraged High Performance Computing (HPC) infrastructure within academic environments, where significant computational resources have enabled astronomers to engage in the simulation modeling of stars and galaxies, or physicists to study proton- proton collisions. With the emerging use of HPC for social and health sciences, additional controls must be implemented to ensure compliance with legislative, institutional and ethical frameworks that govern sensitive research data. Often robust security measures are considered as a suitable response for managing the additional constraints presented by this paradigm shift. This approach is not sufficient as systems originally developed to support non-sensitive data must be re-designed to effectively embed privacy and ethical requirements – which is a necessary and often daunting task.
Drawing from experience at a provincial and national level, this presentation by Kaitlyn Gutteridge, Research Data Privacy and Security Officer at the University of British Columbia, considers cross-cutting privacy and ethical requirements throughout the research data lifecycle including data sovereignty and governance, data sharing and linkage, and the informed consent process. Best practices and examples of how organizations and institutions are embracing this challenge are put forward.
How to Troubleshoot Apps for the Modern Connected Worker
Cyber Summit 2016: A square peg in a round hole: Re-designing high performance computing infrastructure to meet privacy and ethical requirements associated with sensitive research data
1. A SQUARE PEG IN A
ROUND HOLE
Re-designing high performance computing
infrastructure to meet privacy and ethical
requirements associated with sensitive research
data
KAIT LY N GUT T ERIDGE
RESE AR C H DAT A PRIV ACY AND SECURIT Y OFFICER
UNIVERS IT Y OF BRIT ISH COLUM BI A
4. 4
OVERVIEW
1. Scope
2. Context / current situation
3. Dilemma: can’t force a square peg into a round hole
4. Current activities and areas of interest moving forward
5. Lessons learnt
5. 5
SCOPE
• Research data that has been collected on individuals, which has received REB
approval
• New and future users of Compute Canada infrastructure
• Province of BC and within UBC’s governance structure
• Takes into consideration what is / will be in place with Compute Canada Security
Program
• Ethics and privacy lens
7. 7
CONTEXT – SQUARE PEG
• What does this mean for data governed under legislation and ethical
requirements?
• Data governance
• Data sovereignty
• Research data lifecycle
• Access, use, storage, retention, destruction
• Ethical validity
8. 8
CURRENT ACTIVITIES – NATIONALLY
• Compute Canada Security Program
• Security framework, aligned on ISO 27001/27002
• Aims to identify and mitigate gaps caused by CC activities
• Leverage local controls and define requirement for additional controls
• Key goals:
• Better alignment between CC’s services and CC’s strategic vision;
• More efficient implementation of controls for information security;
• Minimization of overall risk;
• Enhancement of trust by external partners;
• Better coordination and response to threats and incident.
9. 9
CURRENT ACTIVITIES – NATIONALLY
• Consultation process between Compute Canada and partner institutions
• Partnerships with organizations and Compute Canada nodes such as:
• BC Genome Sciences Centre
• HPC4Health
• Population Data BC
• Health Data Privacy and Governance Best Practices
• Alignment with other national initiatives including Research Data Canada’s work
10. 10
CURRENT ACTIVITIES – LOCALLY
• UBC Advanced Research Computing (ARC) team
• Free institutional service supporting the high-performance computing and data
management needs of UBC researchers.
• Pre-grant consultation on infrastructure and privacy, security, data management needs
(CFI and non-CFI)
• Data Management Plans – Research Ethics Board integration
• Compliance mapping – UBC and Health Authority requirements on CC infrastructure