Some research data are highly sensitive, such as Protected Health Information (PHI) including names or addresses associated with clinical information, or Personally Identifiable Information (PII) such as Social Security numbers, credit card numbers, or personal financial data. The release of such data can lead to harm such as privacy violations, identify theft, financial liability for the University, and in some cases, individual liability for the person who released the data. Columbia University Information Security Charter sets forth key principles and definitions concerning information security at Columbia.
All researchers should be aware that sensitive information is highly regulated by federal laws, such as HIPAA and HITECH, and by University policy, such as the Electronic Information Resources Security Policy. As the Policy states: "Individuals who access or control University electronic information resources must take appropriate and necessary measures to ensure the security, integrity, and protection of these resources, using appropriate physical and logical security measures."