Many PHI (e.g., client data) and some other de-identified datasets have restrictions against moving the data outside of an "agreed upon" requirement
|Who would benefit from this IDEA?||As a data scientist/consultant/researcher, I want access to client and sensitive datasets to conduct my analysis. As data security personnel, I want ability to monitor data download behavior and alert potential violators.|
How should it work?
1) At the minimal, operations/data security should be able to monitor and track data download activities (e.g., with events in LogDNA). A stricter solution is to have a firewalled environment for "sensitive" projects
2) This is a common client/data use agreement requirements, and generally is a good practice for our users to adhere to. Not enabling this would limit the data source available in our workbench to support various analytic dev efforts.
3) Today we rely on administrative control, by training and processes. However, some level of technical control would be prudent. In fact, our external HIPAA statistical expert advise strict technical control.
|Priority Justification||This is a mandatory requirement for many of our clients and sensitive data assets. Using training/admin control limits our ability to grow user base - in fact, our Security Review Board restricts the number of users to 20 unless there is better technical control on this.|
|Customer Name||Watson Health|
NOTICE TO EU RESIDENTS: per EU Data Protection Policy, if you wish to remove your personal information from the IBM ideas portal, please login to the ideas portal using your previously registered information then change your email to "email@example.com" and first name to "anonymous" and last name to "anonymous". This will ensure that IBM will not send any emails to you about all idea submissions