Library and Information Service

Library and Information Service >

2020 , Vol. 64 >Issue 22: 25 - 36

DOI: https://doi.org/10.13266/j.issn.0252-3116.2020.22.003

Research on Data Security Governance in Open Sharing of Scientific Data

  • Sheng Xiaoping ,
  • Guo Daosheng
Expand
  • School of Library, Information and Archives, Shanghai University, Shanghai 200444

Received date: 2020-06-09

  Revised date: 2020-08-17

  Online published: 2020-11-20

Fold

Abstract

[Purpose/significance] This paper reveals the data security problems in the open sharing of scientific data, and puts forward corresponding governance countermeasures, so as to promote the practice of open sharing of scientific data in China better.[Method/process] By means of normative analysis, this paper analyzed and defined the data security problems in the open sharing of scientific data, and then discussed the governance measures for the security of scientific data from the three dimensions of confidentiality, integrity and availability.[Result/conclusion] There are a lot of security problems in data confidentiality, integrity and availability in the open sharing of scientific data. The problems of data confidentiality can be governed by three measures including strengthening data security legislation, establishing scientific data classification standards and systems, and making full use of privacy enhancing technologies. The problems of data integrity can be governed by three measures including establishing a data protection officer system, implementing data protection impact assessment, and using data authentication technologies. The problems of data availability can be governed by three measures including formulating policies on the availability of scientific data, improving the quality of scientific data, and building a national scientific data center based on data alliance.

Key words: scientific data; open sharing; data security; security governance

Cite this article

Sheng Xiaoping , Guo Daosheng . Research on Data Security Governance in Open Sharing of Scientific Data[J]. Library and Information Service, 2020 , 64(22) : 25 -36 . DOI: 10.13266/j.issn.0252-3116.2020.22.003

References

[1] 石英村.全球数据安全治理态势与产业趋势分析[J].信息安全与通信保密,2019, 41(4):35-37.
[2] 张汉青.大数据时代数据安全需要多级保护[N].经济参考报,2019-05-09(7).
[3] 盛小平,武彤.国内外科学数据开放共享研究综述[J].图书情报工作,2019,63(17):6-14.
[4] PEREIRA S, GIBBS R A, MCGUIRE A L. Open access data sharing in genomic research[J].Genes, 2014,5(3):739-747.
[5] WIEBE A, DIETRICH N. Open data protection:study on legal barriers to open data sharing -data protection and PSI[M].Göttingen:Universitätsverlag Göttingen, 2017.
[6] LITTLE D D B, FARMER S, EL-HILALI OU. Digital data integrity:the evolution from passive protection to active management[M].West Sussex:John Wiley & Sons Ltd, 2007.
[7] 李善青,郑彦宁,邢晓昭,等.科学数据共享的安全管理问题研究[J].中国科技资源导刊,2019, 51(3):11-17.
[8] 杜跃进.数据安全治理的几个基本问题[J].大数据,2018,4(6):85-91.
[9] 王世晞,张亮,李娇娇.大数据时代下的数据安全防护——以数据安全治理为中心[J].信息安全与通信保密,2020,42(2):82-88.
[10] HILL D G. Data protection:governance, risk management, and compliance[M]. Boca Raton:CRC Press,2010.
[11] 付霞,付才.新时代数据安全风险的法律治理[J].长江大学学报(社会科学版), 2019,42(2):58-61.
[12] LIVRAGA G,TORRA V, ALDINI A, et al. Data privacy management and security assurance[M].Cham:Springer International Publishing AG, 2016.
[13] TAMANE S, SOLANKI V K, DEY N. Privacy and security policies in big data[M]. Hershey:IGI Global, 2017.
[14] MOSLEY M, BRACKETT M, EARLEY S, et al. The DAMA guide to the data management body of knowledge (DAMA-DMBOK)[M]. Bradley Beach:Technics Publications, 2009:151.
[15] SOLMS S H,SOLMS R. Information security governance[M]. New York:Springer, 2009:24.
[16] 陈磊.拨开云雾见天日——数据安全治理体系[J].安全月刊,2019(10):4-10.
[17] European Commission. Guidelines on open access to scientific publications and research data in Horizon 2020, Version 3.2[EB/OL].[2020-06-06]. https://ec.europa.eu/research/participants/data/ref/h2020/grants_manual/hi/oa_pilot/h2020-hi-oa-pilot-guide_en.pdf.
[18] DENNING D E R. Cryptography and data security[M].Massachusetts:Addison-Wesley Publishing Company, 1982:V, 7.
[19] MORAN R, LEVINGER J. Oracle security overview 10g release 1(10.1)[R/OL].[2020-06-06]. https://docs.oracle.com/cd/B12037_01/network.101/b10777.pdf.
[20] 冯登国.大数据安全与隐私保护[M].北京:清华大学出版社,2018:5.
[21] CALDER A, WATKINS S. IT governance:an international guide to data security and ISO27001/ISO27002[M].6th ed. London:Kogan Page Limited, 2015:10.
[22] National Academies of Sciences, Engineering, and Medicine. Open science by design:realizing a vision for 21st century research[M].Washington, DC:The National Academies Press,2018:50-51
[23] 叶润国,陈雪秀.政府数据开放共享安全保障问题与建议[J].信息技术与标准化,2016,58(6):22-25,34.
[24] PENG C,SONG X,JIANG H, et al. Towards a paradigm for open and free sharing of scientific data on global change science in China[J/OL].Ecosystem health and sustainability, 2016, 2(5):e01225.[2020-06-06]. https://esajournals.onlinelibrary.wiley.com/doi/epdf/10.1002/ehs2.1225.
[25] 刘润达,孙九林,廖顺宝.科学数据共享中数据授权问题初探[J].情报杂志,2010,29(12):15-18.
[26] STAGARS M. Open data in Southeast Asia[M].Singapore:Palgrave Macmillan, 2016:17-20.
[27] JANSSEN M, CHARALABIDIS Y, ZUIDERWIJK A. Benefits, adoption barriers and myths of open data and open government[J].Information systems management, 2012, 29(4):258-268.
[28] 温亮明,张丽丽,黎建辉.大数据时代科学数据共享伦理问题研究[J].情报资料工作,2019,40(2):38-44.
[29] 张一鸣.数据治理过程浅析[J].中国信息界,2012,10(9):15-17.
[30] Committee on Science, Engineering, and Public Policy(U.S.), Committee on Ensuring the Utility and Integrity of Research Data in a Digital Age. Ensuring the integrity, accessibility, and stewardship of research data in the digital age[M]. Washington, DC:The National Academies Press, 2009:96.
[31] KUULA A, BORG S. Open access to and reuse of research data-the state of the art in Finland[M]. Tampere:Finnish Social Science Data Archive,2008:11-12.
[32] 辛一.九省份科学数据共享平台网站建设比较研究[J].中国科技资源导刊,2019,51(3):18-23.
[33] SEDRANSK N,YOUNG L J,KELNER K L, et al. Make research data public? Not always so simple:a dialogue for statisticians and science editors[J].Statistical science, 2010,25(1):41-50.
[34] POTER M E. Competitive advantage:creating and sustaining superior performance[M]. New York:The Free Press, 1985:36-43.
[35] 中华人民共和国国家安全法(全文)[EB/OL].[2020-06-06]. http://news.sina.com.cn/c/2015-07-01/220132055212.shtml.
[36] 中华人民共和国网络安全法[EB/OL].[2020-06-06]. http://www.xinhuanet.com//zgjx/2016-11/08/c_135813275.htm.
[37] 周羽.全国人大代表魏明:加快制定《数据安全法》[EB/OL].[2020-06-06]. https://www.sohu.com/a/397151630_362042.
[38] 国务院办公厅.国务院办公厅关于印发科学数据管理办法的通知[EB/OL].[2020-06-06]. http://www.gov.cn/zhengce/content/2018-04/02/content_5279272.htm.
[39] 国家互联网信息办公室.国家互联网信息办公室关于《数据安全管理办法(征求意见稿)》公开征求意见的通知[EB/OL].[2020-06-06]. http://www.gov.cn/xinwen/2019-05/28/content_5395524.htm.
[40] Data classification guide[EB/OL].[2020-06-06]. https://www.spirion.com/data-classification/.
[41] 国务院.国务院关于印发促进大数据发展行动纲要的通知[EB/OL].[2020-06-06]. http://www.gov.cn/zhengce/content/2015-09/05/content_10137.htm?url_type=39&object_type=webpage&pos=1.
[42] 工业和信息化部办公厅.工业和信息化部办公厅关于印发《工业数据分类分级指南(试行)》的通知[EB/OL].[2020-06-06]. http://www.miit.gov.cn/n1146295/n1652858/n1652930/n3757016/c7772152/content.html.
[43] UNSW. Research data governance & materials handling policy[EB/OL].[2020-06-06]. https://www.gs.unsw.edu.au/policy/documents/researchdatagovernancepolicy.pdf.
[44] AWS. Data classification:secure cloud adoption[EB/OL].[2020-06-06]. https://d1.awsstatic.com/whitepapers/compliance/AWS_Data_Classification.pdf.
[45] Berkeley Information Security Office. How to classify research data[EB/OL].[2020-06-06]. https://security.berkeley.edu/education-awareness/best-practices-how-tos/how-classify-research-data.
[46] UNSW. Data classification standard[EB/OL].[2020-06-06]. https://www.gs.unsw.edu.au/policy/documents/datastandard.pdf.
[47] SWEENEY L, CROSAS M, BAR-SINAI M. Sharing sensitive data with confidence:the datatags system[EB/OL].[2020-06-06].https://techscience.org/a/2015101601/download.pdf.
[48] 付钰,俞艺涵,吴晓平.大数据环境下差分隐私保护技术及应用[J].通信学报, 2019,40(10):157-168.
[49] The Royal Society. Israel-UK privacy and technology workshop note of discussions[EB/OL].[2020-06-06]. https://royalsociety.org/-/media/policy/projects/privacy-enhancing-technologies/israel-uk-privacy-and-technology-workshop-note.pdf?la=en-GB&hash=218915A3D5AA244D333A22D104882551.
[50] ALAMEDA T. What are PET technologies?:how to maximize data value while preserving privacy[EB/OL].[2020-06-01]. https://www.bbva.com/en/what-are-pet-technologies-how-to-maximize-data-value-while-preserving-privacy/.
[51] INPHER. What is secure multiparty computation?[EB/OL].[2020-06-02]. https://www.inpher.io/technology/what-is-secure-multiparty-computation.
[52] DOBRAN B. What is data integrity? why your business needs to maintain it[EB/OL].[2020-06-03]. https://phoenixnap.com/blog/what-data-integrity.
[53] MONTEZUMA L A. Why should a data protection officer be global?[EB/OL].[2020-06-06]. https://iapp.org/news/a/why-should-a-data-protection-officer-be-global/.
[54] LAMBERT P. The data protection officer:profession, rules, and role[M]. Boca Raton:CRC Press, 2017:45-46.
[55] 刘江山.欧盟通用数据保护条例中的数据保护官制度[J].中国科技论坛,2019(12):173-179.
[56] Freeprivacypolicy. GDPR data protection impact assessments[EB/OL].[2020-06-06]. https://www.freeprivacypolicy.com/blog/gdpr-data-protection-impact-assessment/.
[57] Central London Community Healthcare. Data protection impact assessment[EB/OL].[2020-06-06]. https://clch.nhs.uk/about-us/publications/data-protection-impact-assessment-dpia-summaries.
[58] BIEKER F, FRIEDEWALD M, HANSEN M, et al. A process for data protection impact assessment under the Eropean General Data Protection Regulation[J]. Lecture notes in computer science, 2016,9857:21-37.
[59] BIEKER F, MARTIN N, FRIEDEWALD M, et al. Data protection impact assessment:a hands-on tour of the GDPR's most practical tool[C]//HANSEN M, KOSTA E, NAI-FOVINO I, et al. Privacy and identity management:the smart revolution. Cham:Springer International Publishing AG,2018:207-220.
[60] 张鑫港,闫浩文,张黎明.一种用于DEM数据认证与篡改定位的感知哈希算法[J].地球信息科学学报,2020,22(3):379-388.
[61] 李拴保.信息安全基础[M].北京:清华大学出版社,2014.
[62] SHOEB Z H, SOBBAN M A. Authentication and authorization:security issues for institutional digital repositories[J]. Library philosophy and practice,2010, 12(5):1-6.
[63] 谭慧.数字水印技术及其应用[J].信息与电脑(理论版),2018,12(13):221-222,225.
[64] COSTA C, FREITAS A, STEFANIK I, et al. Evaluation of data availability on population health indicators at the regional level across the European Union[EB/OL].[2020-06-04]. https://pophealthmetrics.biomedcentral.com/articles/10.1186/s12963-019-0188-6.
[65] SHEHAB E, BOUIN-PORTET M, HOLE R, et al. Enhancing digital design data availability in the aerospace industry[J].CIRP journal of manufacturing science and technology, 2010,2(4):240-246.
[66] HOPKINS A M, ROWLAND A, SORICH M J. Data sharing from pharmaceutical industry sponsored clinical studies:audit of data availability[EB/OL].[2020-06-04]. https://bmcmedicine.biomedcentral.com/articles/10.1186/s12916-018-1154-z.
[67] The President's Management Agenda Team. Federal data strategy 2020 action plan[EB/OL].[2020-06-04]. https://strategy.data.gov/assets/docs/2020-federal-data-strategy-action-plan.pdf.
[68] Springer Nature. Data availability statements[EB/OL].[2020-06-04]. https://www.springernature.com/gp/authors/research-data-policy/data-availability-statements/12330880.
[69] Editorial. On data availability, reproducibility and reuse[J].Nature cell biology, 2017, 19(4):259-259.
[70] 丁小欧,王宏志,张笑影, 等.数据质量多种性质的关联关系研究[J].软件学报, 2016,27(7):1626-1644.
[71] 毕达天,曹冉,杜小民.科学数据共享研究现状与展望[J].图书情报工作,2019, 63(24):69-77.
[72] WIJNHOVEN F, BOELENS R, MIDDEL R, et al. Total data quality management:a study of bridging rigor and relevance[EB/OL].[2020-06-05]. https://ris.utwente.nl/ws/portalfiles/portal/47275011/Wijnhoven07total.pdf.
[73] BOELENS R. A product-attribute approach to total data quality management[EB/OL].[2020-06-06].http://essay.utwente.nl/57694/1/scriptie_Boelens.pdf.
[74] 司莉,华小琴.我国科学数据共享平台的服务效能分析[J].图书馆工作与研究, 2014, 36(4):24-26.
[75] Australian National Data Service. Research data Australia[EB/OL].[2020-06-08]. https://www.ands.org.au/online-services/research-data-australia.
[76] 刘润达,赵辉,李大玲.科学数据共享平台之数据联盟模式初探[J].中国基础科学,2010,12(6):27-32.
Options
Outlines

/

    Copyrights © LIS Press Co., Ltd. Reproduction is prohibited without permission.