Copyright. Creative Commons. Sensitive information. Security Classification ... What is it all about?
This essay focuses on Copyright, Creative Commons, Sensitive information and the role of Data Classification in determining baseline security controls for the protection of sensitive data.
"With many Data Science Applications based on Large and often Sensitive Data sets, Data Security is increasingly important". |
.png)
Copyright vs Creative Commons
Different types of Intellectual Property are protected by different means, for example, by Patents, Trademarks or Copyrights. Copyright protects original works of authorship, including literary, dramatic, musical, artistic and certain other works, both published and unpublished.
A Copyright exists in any original work of authorship fixed in a tangible medium. This means that Copyright protection applies automatically to any original work as soon as it is written down or put into permanent or fixed form. There does not need to be a © symbol next to the work for it to be protected by copyright.
As "A Copyright provides not just a single right, but a bundle of rights that can be exploited or licensed separately or together ... The collection and long-term preservation of digital content pose challenges to the intellectual property regime within which libraries and archives are accustomed to working". Just because the work is old, does not mean that it is not protected by Copyright.
|
|
When you are going to publish your article in subscription-based journals, a Copyright Transfer Agreement - that involves legally transferring Copyright from the author to the journal - is effective from the date on which the article is accepted for publication.
Even though a numer of publishers grant back to authors certain rights for the future use of their own work, for example self-archiving rights, a Copyright transfer restricts all forms of use of your article, and anybody who wishes to use it will have to seek permission from the journal.
While Copyright transfer is the norm for standard subscription-based publications, its benefit for open access publications have been questioned.
For online or Open Access publishing, it is more common to use Creative Commons (CC) licenses. A CC license gives readers some rights, such as the right to share and use your work, of course, with attribution. In this way, your article will definitely have greater visibility. One other benefit of CC licenses is that they have a worldwide validity, while Copyright can have a territorial scope unless protected by international treaties.
Many open access publishers folow CC licenses system. So you can go ahead with them and retain Copyright with a CC license by signing the Open Access Agreement. See, for istance: License agreement of BioMed, License agreement of SpringerOpen, License agreement of Wiley, F1000Research : Publication Terms and Conditions.
|
Sensitive information
Any information that can be used to identify you or another person is sensitive information / confidential data. Protection of sensitive information - pertaining to the privacy or security of an individual or organization - may be also required for legal or ethical reasons.
Sensitive data/information should be safeguarded, this means - it should be protected from unauthorized access and/or against unwarranted disclosure.
"Records and information are important assets of the United Nations, and sound procedures for the protection of the information sensitivity and security are critical for the proper management of the Organization’s records. Information sensitivity relates to the level of confidentiality of the information within the United Nations. The Information Sensitivity Toolkit - - Understanding Information Sensitivity - - Protecting Sensitive Information - - Protecting Records from Loss or Damage - - Ensuring Records are Secure -- ST/SGB/2007/6 - Information Sensitivity, Classification and Handling |
Examples of sensitive data/information may include, but are not limited to:
- Intellectual property (e.g., some types of research data such as research data that is personally identifiable or proprietary),
- Contract negotiations,
- Most personnel matters (personally identifiable information),
- Protected health data.
- Financial information,
- Information concerning system access passwords, access control,
- Information security records,
- Information file encryption keys,
- Administrative records and computer data,
- Other data/information that is deemed to be confidential in accordance with national and international laws.
|
From Data Classification to Data security controls
As the complexity of the technology environment grows and related security threats increase, there is a need for every organisation to use available tools and services to protect its sensitive data, information and resources.
|
Different organisations have developed Guidelines and Frameworks for classifying their data based on its level of sensitivity, e.g.:
- Sensitive Data : data classified as Restricted, according to the Data Classification Scheme (that should be defined by an appropriate Data Steward);
- Institutional Data and Non-public Information : specific information classified as Private or Restricted... [e.g., Guidelines for Data Classification at Carnegie Mellon University].
Classification of data aids in determining baseline security controls for data protection. Data Stewards may wish to assign a single classification to a collection of data that is common in purpose or function.
On a periodic basis, it is important to reevaluate the classification [reclassification] of protected data to ensure the assigned classification is still appropriate based on changes to legal and contractual obligations as well as changes in the use of the data or its value to the organisation.
|
|  "General Data Protection Regulation (GDPR) entered into force in May 2016 and will apply in all Member States as from May 2018" (SCIENCE EUROPE)
|
|
|
|
|
