Data Types & Research | Initial Discovery | Researcher Handbook | IT Services for Researchers (2024)

  • TTU
  • IT Services for Researchers
  • Researcher Handbook
  • Initial Discovery

While the state definitions presented below are applicable to all institutional data, data collected for research often requires additional classification. Such additional classification examples, include:

All human subjects research must have TTU IRB approval.

Anonymous Versus Identifiable Data in the Research

For researchers, anonymous and identifiable data may have different degrees of identifiability. The TTU IRB can help you discern the degree of your data, and the appropriate classification and associated protections.

Data Types

Texas Department of Information Resources, Data Classification Guide

The proposed data classification scheme outlines four classification labels.

  • Public – Information that is freely and without reservation made available to the public.
  • Sensitive – Information that could be subject to release under an open records requests but should be controlled to protect third parties.
  • Confidential – Information that typically is excepted from the Public Information Act.
  • Regulated – Information that is controlled by a federal regulation or other third-party agreement.

Public

The Public information label is used for information such as published reports, press releases, and information published to the agency's public website. Such information requires no authentication and is freely distributable by all agency personnel. (TTU examples: Course Syllabi, Course Schedule)

Sensitive

Moving the Sensitive label, much of the information is still subject to public release under an open records request, but the information should be vetted and verified before release. These types of data include items such as employee records and gross salary information. While these records and information are considered "public" under the Texas Public Information Act, they should still be afforded a higher level of protection to ensure confidential data (e.g., net salary information) is not comingled. Many agencies will choose to release this type of information only through select employees who are familiar with the state and federal rules regarding disclosure. (TTU examples: Faculty Tenure Proceedings, Vendor Partner Proprietary Information)

Confidential

The Confidential label is used to identify information that is typically excepted from public disclosure, whether specified in law or through a decision by the Open Records division of the Texas Office of the Attorney General. Confidential data include information such as attorney-client communications, protected draft communications, and computer vulnerability reports. (TTU examples: Student, Faculty, and Staff personally identifiable information)

Regulated

The fourth label, Regulated, may or may not be applicable to an agency, based on its mandate, customers, and business operations. Regulated focuses on the types of data typically regulated by federal statute or third-party agreements. Agencies that maintain protected health, federal tax, payment card, or certain personal information will have specific requirements placed on that data by a non-Texas regulation. Therefore, regulated data has specific handling requirements that are unique to their regulations and do not apply to all agencies. (TTU examples: FERPA, COPPA, HIPAA)

Texas Department of Information Resources, Data Classification Guide

Executive Summary

Data classification is the process of categorizing data into various types, forms, sensitivity level, or any other grouping of similar characteristics. When a piece of information (e.g., a document, memo, or customer record) is created, the owner assigns a standard classification level which defines the prescribed handling requirements for that piece of information, among other things. Such categories dictate the controls necessary to best protect the confidentiality, integrity, and availability of the data.

Data classification makes securing data much more efficient, because it instantly identifies and communicates the minimum level of protection required for any piece of data as well as the audience that may view it. For example, a document that is classified as "confidential" is easily understood to require additional protections and controls.

The Office of the Chief Information Security Officer at the Texas Department of Information Resources (DIR) worked with a taskforce of agency stakeholders to develop a model data classification taxonomy for state agencies and institutes of higher education. The classification scheme is detailed separately from this guidance document. This document is meant to present the background, underlying assumptions, and logic behind the decisions the taskforce made in arriving at this model.

Background

Texas Administrative Code (TAC) Chapter 202 requires all agencies and institutions of higher education to classify their data.[1] However, TAC 202 does not explicitly define classification levels beyond the "confidential" category.[2] The lack of standardization in data classification schemes across the state creates challenges such as inefficiency in communications, discrepancies in controls applied between agencies, and in rare cases, a neglect to implement data classification policies and procedures entirely. To address these challenges, the Office of the Chief Information Security Officer (OCISO) worked with representatives from multiple state agencies to develop a baseline data classification scheme that can be adopted and modified to meet the varying needs of agencies and institutions of higher education.

Based on the experience of these representatives and their understanding of security standards and best practices, the OCISO proposes a simple classification scheme for all agencies to consider. The representatives based their classification scheme on current Texas law, both 1 TAC 202 and the Public Information Act, as well as the relevant federal standards (FIPS 199, NIST SP 800-59 and 800-60).

The labels used in this data classification scheme are in no way meant to subvert, contradict, supplant, or conflict with the Texas Public Information Act. In all cases, the public release of agency data is governed by the Texas Public Information Act and Chapter 552, Texas Government Code. The data classification scheme presented in this guide is intended to be a means to identify and address the safeguards, precautions, and handling requirements necessary to prevent accidental data disclosure.

[1] 1 TAC 202.24(b)(1): State agencies are responsible for defining all information classification categories except the Confidential Information category, which is defined in Subchapter A of this chapter, and establishing the appropriate controls for each.

[2] 1 TAC 202.1(5): Confidential Information – Information that must be protected from unauthorized disclosure or public release based on state or federal law (e.g., the Texas Public Information Act, and other constitutional, statutory, judicial, and legal agreement requirements).

Benefits of Classifying Data

Data classification is the basis for identifying an initial baseline set of security controls for information and information systems, which creates numerous benefits for the organization.

Effectively classifying data makes security decisions more efficient for employees, data owners, and IT staff, because it instantly identifies and communicates the level of protection required for any piece of data and who can access it. Establishing a common statewide vernacular can further amplify this efficiency through clear and non-ambiguous communication.

Appropriate data classification can also enable a more efficient use of IT capital. Specifically, data that has been categorized at a level requiring more protection can provide an objective justification for certain capital expenditures to help protect that data.

An organization can design its systems architecture with varying information sensitivity levels in mind if there is an awareness of the location, type, and handling requirements of the data. This may assist in achieving economies of scale with security services and protection through shared network and security zones. For example, an information system containing information protected by state privacy laws may be stored with other information systems containing similar sensitive information which are regulated by a third-party agreement.

Agency contingency and disaster recovery planning personnel can use the outputs of the data classification process to ensure that the infrastructure is sufficiently protected and that recovery efforts focus on high impact systems.

Finally, artifacts of a data classification process can also serve as inputs to Business Impact Analysis (BIA) reviews, Information Sharing and System Interconnection Agreements, and audit trails.

  • Address

    Texas Tech University, 2500 Broadway, Lubbock, TX 79409
  • Phone

    806.742.2011
  • Email

    webmaster@ttu.edu

© 2024 Texas Tech University Oct 25, 20233:02 PM

Data Types & Research | Initial Discovery | Researcher Handbook | IT Services for Researchers (2024)

FAQs

How do you decide what type of data to use in research? ›

If you want to analyze a large amount of readily-available data, use secondary data. If you want data specific to your purposes with control over how it is generated, collect primary data. If you want to establish cause-and-effect relationships between variables, use experimental methods.

What is the data type in research? ›

Data types are the categories of information that you collect, analyze, and present in your research. There are different types of data, such as quantitative, qualitative, mixed, and primary or secondary, that have different advantages and disadvantages depending on your research question, design, and methods.

What are the four main types of research? ›

There are four main types of Quantitative research: Descriptive, Correlational, Causal-Comparative/Quasi-Experimental, and Experimental Research. attempts to establish cause- effect relationships among the variables. These types of design are very similar to true experiments, but with some key differences.

What is an example of research data? ›

Some examples of research data: Documents (text, Word), spreadsheets. Laboratory notebooks, field notebooks, diaries. Questionnaires, transcripts, codebooks.

What are the 4 main data types? ›

4 Types Of Data- Nominal, Ordinal, Discrete And Continuous.

What are 5 examples of data? ›

  • Data collection:
  • Examples of data collection:
  • Monthly bills of a person.
  • Number of students in a class.
  • Number of persons liking a particular food.
  • Number of warehouses in a factory complex.
  • Number of hours spend on daily activities.

How to analyze data in research? ›

How do you analyze research data?
  1. Define your goals.
  2. Choose your methods.
  3. Organize your data.
  4. Use your tools.
  5. Report your results. Be the first to add your personal experience.
  6. Review your analysis. Be the first to add your personal experience.
  7. Here's what else to consider. Be the first to add your personal experience.
Jul 10, 2023

How do you decide which data type to use? ›

The basic strategy for selecting the best data type is to select the smallest data type that matches the kind of data you have and that allows for all the feasible values of your data. For example, customer_id in our sample sales table is a whole number starting with 0.

How do you select data for research? ›

Questions that need to addressed when selecting data type and type include:
  1. What is (are) the research question(s)?
  2. What is the scope of the investigation? (This defines the parameters of any study. ...
  3. What has the literature (previous research) determined to be the most appropriate data to collect?

How do you determine which type of research method to use? ›

The research methods you use depend on the type of data you need to answer your research question. If you want to measure something or test a hypothesis, use quantitative methods. If you want to explore ideas, thoughts and meanings, use qualitative methods.

How do you determine which data collection method to use? ›

Before starting the data collection process, define your goals and identify data sources, which can be primary (first-hand research) or secondary (existing resources). Your data collection method should align with your goals, resources, and the nature of the data needed.

References

Top Articles
Latest Posts
Recommended Articles
Article information

Author: Laurine Ryan

Last Updated:

Views: 6419

Rating: 4.7 / 5 (77 voted)

Reviews: 84% of readers found this page helpful

Author information

Name: Laurine Ryan

Birthday: 1994-12-23

Address: Suite 751 871 Lissette Throughway, West Kittie, NH 41603

Phone: +2366831109631

Job: Sales Producer

Hobby: Creative writing, Motor sports, Do it yourself, Skateboarding, Coffee roasting, Calligraphy, Stand-up comedy

Introduction: My name is Laurine Ryan, I am a adorable, fair, graceful, spotless, gorgeous, homely, cooperative person who loves writing and wants to share my knowledge and understanding with you.