Data security

Data integrity and security is essential. Databases must be operated on secure servers, and access to modifying data and content on the database should be restricted to the curators [1].

Mechanisms should be implemented to secure and control disclosure of data, including [2]:

  • Password protection
  • Data encryption
  • Assigning and managing levels of access for public viewers, registered viewers, submitters, curators and administration
  • Access audits: review of access logs and database user statistics

All components of the software and server, and any backup systems, are recommended to be reviewed regularly for security vulnerabilities, including:

  • the DBMS
  • the web server
  • the operating system.

A documented procedure/policy should be identified and readily available to be implemented in the event of a security breach/unauthorized access [2].

For databases that contain clinical information, compliance with relevant health information systems and security standards is often necessary [2].

Data authenticity

Authenticity of digital data records relates to both integrity and identity, and is essential that these are maintained [2].

INTEGRITY
Is the quality of the record (data entry) being complete and unaltered [2].
IDENTITY
Is the features of the record (data entry) that uniquely identifies and distinguishes it from other records [2].

Records should be as complete and unaltered as possible, unintended alterations to the data or the identity of the record due to malicious intent, technical infrastructure of the operating system or by hardware failure is a breach of authenticity [2].

One possible means of ensuring permanency and authenticity is to create a new record within the database each time an existing record is edited.

A policy with regards to regular back-up maintenance should be implemented [2]. Back-up system should be maintained so in the event of a catastrophic failure, all data can be reinstated with minimal reconstruction.

Maintenance should be at regular intervals to minimise data loss.

References

  1. 1.Vihinen, M., Dunnen, J.T. den, Dalgleish, R., and Cotton, R.G.H. Guidelines for establishing locus specific databases. Human Mutation 33, 2 (2012), 298–305.
  2. 2.Royal College of Pathologists of Australia. Standards for clinical databases of genetic variants. 2014.