Many PHI (e.g., client data) and some other de-identified datasets have restrictions against moving the data outside of an "agreed upon" requirement
|Who would benefit from this IDEA?||As a data scientist/consultant/researcher, I want access to client and sensitive datasets to conduct my analysis. As data security personnel, I want ability to monitor data download behavior and alert potential violators.|
How should it work?
1) At the minimal, operations/data security should be able to monitor and track data download activities (e.g., with events in LogDNA). A stricter solution is to have a firewalled environment for "sensitive" projects
2) This is a common client/data use agreement requirements, and generally is a good practice for our users to adhere to. Not enabling this would limit the data source available in our workbench to support various analytic dev efforts.
3) Today we rely on administrative control, by training and processes. However, some level of technical control would be prudent. In fact, our external HIPAA statistical expert advise strict technical control.
|Priority Justification||This is a mandatory requirement for many of our clients and sensitive data assets. Using training/admin control limits our ability to grow user base - in fact, our Security Review Board restricts the number of users to 20 unless there is better technical control on this.|
|Client Name||Watson Health|
|IBM's success depends on gathering feedback from customers like yourself. Aha Ideas Portal is the third party tool through which IBM Offering Managers gather feedback from customers such as yourself.|
|IBM is a global organization with business processes, management structures, technical systems and service provider networks that cross borders. As such, the information collected through Aha Ideas Portal (Customer Name, Customer Email Address) will be stored by them in the United States, and handled only as per IBM's instructions and policies. Your data (Name and Email Address) will NOT be shared with other IBM customers.|
|In order to safeguard your information in Aha, do not leave your workstation unattended while using this application, log off after using it, and print only if necessary. If you need to make a hardcopy, remember to pick up the print-out immediately, keep it under lock, and destroy it immediately when no longer needed.|
|NOTICE TO EU RESIDENTS: per EU Data Protection Policy, if you wish to remove your personal information from the IBM ideas portal, please login to the ideas portal using your previously registered information then change your email to "firstname.lastname@example.org" and first name to "anonymous" and last name to "anonymous". This will ensure that IBM will not send any emails to you about all idea submissions|