Data Security
Data Security for Research at CMU (From the Office of Information Technology)
Data security is essential for protecting research integrity and complying with university policies and external regulations. According to the Data Stewardship policy (3-30), Central Michigan University’s Office of Information Technology (OIT) classifies research data into three categories: Public, Protected, and Restricted. Each classification requires specific security measures, and researchers must ensure their data handling aligns with these classifications and associated controls.
4/2/2025
Data Classification and Security Controls
| Data Classification | Examples | Security Controls |
|---|---|---|
| Public | Published datasets, publicly available research data | Open access without restriction. |
| Protected | De-identified, coded, or anonymized research data | Password protection, encrypted storage, and physical access restrictions. |
| Restricted | Data including Personally Identifiable Information (PII) for research | All “Protected” controls, including verification and approval by an OIT representative. |
| Restricted* | Restricted data with specific security requirements identified by sponsors, regulations, or data use agreements (DUAs). | All "Restricted" controls, including additional precautions determined and approved by an OIT representative. |
Request a Data Security Consultation
OIT provides support to faculty and researchers to ensure compliance with data security requirements. Researchers planning to acquire or handle data classified as Restricted or Restricted* must collaborate with OIT staff for guidance, review, and approval of grant or contract terms, including Data Use Agreements.
OIT can assist researchers by:
- Providing guidance on securing sensitive research data
- Reviewing and approving grant or contract terms related to data use
- Offering expertise on CMU's IT environment to fulfill project requirements using CMU-owned and protected tools
To request a consultation with OIT staff regarding your research project's data security needs:
Submit a Request - Research IT Support
College IT directors (Key Technical Resources)
- Ben Andera - Executive Director Academic and Research Computing
- Jerry Todd - Chief Information Security Officer
- Kurt Smith - Assistant Dean Healthcare - IT
- Tim Gramza - Director of IT - CLASS and CBA
- Mel Taylor - Director of IT - CSE
- Mike Reuter - Director of IT - CEHS and CAM
Additional Resources
How to encrypt flash/thumb drives
Use the link below to find more information about protecting data on flash/thumb drives.
Removable media and USB flash drives
IT Knowledge Base Information
Use the link below to visit the OIT Knowledge Base for more information about data security.