LISTSERV at the University of Georgia
Menubar Imagemap
Home Browse Manage Request Manuals Register
Previous messageNext messagePrevious in topicNext in topicPrevious by same authorNext by same authorPrevious page (October 2006, week 2)Back to main SAS-L pageJoin or leave SAS-L (or change settings)ReplyPost a new messageSearchProportional fontNon-proportional font
Date:         Mon, 9 Oct 2006 10:24:18 -0700
Reply-To:     "Pardee, Roy" <pardee.r@GHC.ORG>
Sender:       "SAS(r) Discussion" <SAS-L@LISTSERV.UGA.EDU>
From:         "Pardee, Roy" <pardee.r@GHC.ORG>
Subject:      Re: IRB, password protection
Comments: To: Kevin Roland Viel <kviel@EMORY.EDU>
Content-Type: text/plain; charset="us-ascii"


My advice is to encrypt it all, and not spend time trying to weigh out
which things should/shouldn't be encrypted.  It's just so much easier
and surer to be able to say "yeah my laptop was stolen, but every bit of
study data on it was encrypted with the AES algorithm--the current DOD
standard".  IRBs will likely also be suitably impressed by such
statements.


If your laptop runs windows XP, see if you can use its encrypting file
system.  If not (my organization has disabled EFS unfortunately) then
you might try storing it all on a truecrypt volume:


www.truecrypt.org


That's free, open-source stuff, and it's very easy to use.  I would say
that it's so easy, it doesn't make sense not to...


It's hard to weigh SAS' encryption in terms of strength--I don't believe
they've disclosed the algorithm they're using.  (Not that I could do so
in any event...)


HTH,


-Roy


-----Original Message-----
From: SAS(r) Discussion [mailto:SAS-L@LISTSERV.UGA.EDU] On Behalf Of
Kevin Roland Viel
Sent: Monday, October 09, 2006 9:53 AM
To: SAS-L@LISTSERV.UGA.EDU
Subject: IRB, password protection


Greetings,


  I would like to solicit advice on language used in IRB applications
for clinical trials concerning the protection of the data.  Is it
sufficient to use SAS passwords or do people typically encrypt the data,
too.  Given that I work from a laptop remotely and theft of such
sensitive data has made news lately, never mind liability (is anyone
carrying insurance, I am not incorporated, yet), this seems especially
pertinent.


  I would prefer to simply use SAS passwords and create unique patient
ID for those time when I *might* need to send data.  Since this company
only licenses one copy of SAS, I guess I could write a perl program and
transmit only these anonymous IDs.


  Does this seem sufficient, provided I describe it using about two
paragraphs, or should I look for something more involved?


Thanks,


Kevin


PS Logon requires a password, each MS application (Access, Excel, and
Word) requires a password, and the SAS datasets require a password.


Kevin Viel
PhD Candidate
Department of Epidemiology
Rollins School of Public Health
Emory University
Atlanta, GA 30322
Back to: Top of message | Previous page | Main SAS-L page
listserv.uga.edu
Enterprise Information Technology Services
The University of Georgia
listhelp@uga.edu