科学数据分类分级保护探索:框架与模式
收稿日期: 2024-06-08
录用日期: 2024-08-24
网络出版日期: 2024-10-01
基金资助
国家重点研发计划项目课题“农业科学数据分析挖掘引擎构建与场景应用示范”(2022YFF1805);国家重点研发计划项目课题“农业科学数据融合与自动化挖掘框架”(2022YFF1801);三亚中国农业科学院国家南繁研究院南繁专项课题“场景驱动的农业科学数据挖掘分析平台构建”(YBXM2409);国家科技基础条件平台中心委托课题“数据流动政策对科学数据管理与应用影响研究”;中央级公益性科研院所基本科研业务费专项 (JBYW-AII-2024-05、JBYW-AII-2023-06);中国农业科学院科技创新工程(CAAS-ASTIP-2024-AII、CAAS-ASTIP-2023-AII)
Navigating the Distinctiveness of Research Data Protection: Framework and Mode
Received date: 2024-06-08
Accepted date: 2024-08-24
Online published: 2024-10-01
近年来,随着数据安全监管的日益收紧,科学数据管理面临越来越严峻的“安全合规”挑战,数据分类分级保护逐渐成为学术界、数据管理实践者和监管机构共同关注的议题。然而,现有的研究和实践大多局限于对数据合规的解释与反应性应对,缺乏对科学数据分类分级保护的系统性和理论性讨论。这种认知不足限制了科学数据安全管理领域理论框架和实用模型的发展。为形成对科学数据分类分级保护的系统性理解,本研究基于对现有实践的广泛调查,提炼出科学数据的六项关键安全特征:多重规制、伦理强规制、学科领域差异性、“规模-风险”帕累托分布、公益性和动态敏感性,以此六项特征为基础,构建了科学数据安全分类和分级框架,并提出了全面、平衡与精简三种保护模式。研究提出了“数据合规-合规成本-数据收益”三角平衡观点,合理解释了三者之间的权衡关系。文中还详细讨论了数据安全分类与安全分级的区别及其相互作用,澄清了科学数据安全分类的复杂性。该研究提出的针对科学数据分类分级保护的理论框架为分析科学数据安全管理中的复杂问题提供了框架性工具,可为相关研究提供有价值的参考,有助于推动科学数据安全保护实践。
王健, 周国民, 张建华, 许哲平, 刘婷婷 . 科学数据分类分级保护探索:框架与模式[J]. 农业大数据学报, 2024 , 6(3) : 307 -324 . DOI: 10.19788/j.issn.2096-6369.000069
In recent years, increasing data security regulations have posed significant compliance challenges for scientific data management. Data classification and grading for protection has become a focal point for academia, practitioners, and regulatory bodies. However, existing research mostly focuses on compliance interpretation and reactive measures, lacking a systematic theoretical analysis of scientific data protection. This gap limits the development of frameworks and models in the field. To address this, based on an extensive survey of current practices, this paper identifies six key security characteristics of scientific data: multi-regulation, strict ethical regulation, disciplinary differences, Pareto distribution of "scale-risk," public interest, and dynamic sensitivity. It proposes a classification and grading framework, along with three protection models: comprehensive, balanced, and streamlined. Additionally, the paper introduces a "compliance-cost-benefit" triangle to explain the trade-offs among these factors. The proposed framework clarifies the complexity of classifying scientific data, distinguishing between data classification and grading, and offering insights into their interaction. This theoretical model provides valuable reference for future research and practical tools for addressing challenges in scientific data security management.
Key words: scientific data; data security; data protection; data classification; data grading; data ethic
| [1] | PELOQUIN D, DIMAIO M, BIERER B, et al. Disruptive and avoidable: GDPR challenges to secondary research uses of data[J]. European Journal of Human Genetics, 2020, 28(6): 697-705. DOI:10.1038/s41431-020-0596-x. |
| [2] | CLARKE N, VALE G, REEVES E P, et al. GDPR: an impediment to research?[J]. Irish Journal of Medical Science, 2019, 188(4): 1129-1135. DOI:10.1007/s11845-019-01980-2. |
| [3] | KNOPPERS B M, BERNIER A, BOWERS S, et al. Open Data in the Era of the GDPR: Lessons from the Human Cell Atlas[J]. Annual Review of Genomics and Human Genetics, 2023, 24(1): 369-391. DOI:10.1146/annurev-genom-101322-113255. |
| [4] | QUINN P. Research under the GDPR - a level playing field for public and private sector research?[J/OL]. Life Sciences, Society and Policy, 2021, 17(1): 4. DOI:10.1186/s40504-021-00111-z. |
| [5] | STAUNTON C, SLOKENBERGA S, MASCALZONI D. The GDPR and the research exemption: Considerations on the necessary safeguards for research biobanks[J]. European Journal of Human Genetics, 2019, 27(8): 1159-1167. DOI:10.1038/s41431-019-0386-5. |
| [6] | National Research Council. Improving Access to and Confidentiality of Research Data: Report of a Workshop[M/OL]. Washington, DC: The National Academies Press, 2000. https://doi.org/10.17226/9958. |
| [7] | 胡良霖, 朱艳华. 科学数据伦理关键问题研究[J]. 中国科技资源导刊, 2022(1): 11-20. |
| [8] | 温亮明, 张丽丽, 黎建辉. 大数据时代科学数据共享伦理问题研究[J]. 情报资料工作, 2019, 40(2): 38-44. |
| [9] | 廖方宇, 李婧. 开放科学背景下科学数据开放共享安全挑战及我国对策思考[J/OL]. 农业大数据学报, 2024, 6(2): 146-155. DOI:10.19788/j.issn.2096-6369.000027. |
| [10] | 严炜炜, 谢顺欣, 潘静, 等. 数据分类分级:研究趋势、政策标准与实践进展[J]. 数字图书馆论坛, 2022(9): 2-12. |
| [11] | 袁康, 鄢浩宇. 数据分类分级保护的逻辑厘定与制度构建——以重要数据识别和管控为中心[J]. 中国科技论坛, 2022(7): 167-177. |
| [12] | 张敏, 魏伟, 谭天怡, 等. 数据分类分级及其发展路径研究[J]. 网络安全与数据治理, 2022, 41(7): 18-22+29. |
| [13] | 陈兵, 郭光坤. 数据分类分级制度的定位与定则——以《数据安全法》为中心的展开[J]. 中国特色社会主义研究, 2022(3): 50-60. |
| [14] | 陈烨, 王阳, 徐亚兰, 等. 电子健康档案数据分类分级研究[J]. 档案学研究, 2024(3): 119-128. |
| [15] | 王畅, 曾亚. 烟草行业数据的分类分级及安全防护方法探讨[J]. 内蒙古科技与经济, 2020(1): 31-32+57. |
| [16] | 高磊, 赵章界, 林野丽, 等. 基于《数据安全法》的数据分类分级方法研究[J]. 信息安全研究, 2021, 7(10):933-940. |
| [17] | 朱艳华, 廖方宇, 胡良霖, 等. 科学数据安全标准规范关键问题探索[J]. 信息网络安全, 2021, 21(11): 1-8. |
| [18] | 廖方宇, 胡良霖, 王健, 等. 科学数据安全标准研究与工作建议[J]. 科学通报, 2024, 69(9): 1142-1148. |
| [19] | 许琦, 胡晓彦, 邹自明, 等. 空间环境科学数据安全分级概念框架研究[J]. 农业大数据学报, 2024, 6(2): 259-268. |
| [20] | 王佳荣, 周彩秋, 苑新阳, 等. 国家高能物理科学数据安全保障体系[J]. 农业大数据学报, 2024, 6(2): 269-277. |
| [21] | 张耀南, 张名成, 康建芳. 科学数据中心安全工作实践——以国家冰川冻土沙漠科学数据中心为例[J]. 农业大数据学报, 2024, 6(2): 278-285. |
| [22] | 关健. 医学科学数据共享与使用的伦理要求和管理规范(五)隐私分类分级的初步建议及其依据的确认[J]. 中国医学伦理学, 2020, 33(8): 915-920. |
| [23] | 智峰, 田锋, 赵若凡. 计量科学大数据分级分类[J]. 大数据, 2022, 8(1): 60-72. |
| [24] | CHRISTINE L. BORGMAN. Big Data, Little Data, No Data: Scholarship in the Networked World[M/OL]. The MIT Press, 2015. https://doi.org/10.7551/mitpress/9963.001.0001. |
| [25] | WILKINSON M D, DUMONTIER M, AALBERSBERG I J, et al. The FAIR Guiding Principles for scientific data management and stewardship[J]. Scientific Data, 2016, 3(1): 160018. DOI:10.1038/sdata.2016.18. |
| [26] | TENOPIR C, ALLARD S, DOUGLASS K, et al. Data Sharing by Scientists: Practices and Perceptions[J]. PLOS ONE, 2011, 6(6): 1-21. DOI:10.1371/journal.pone.0021101. |
| [27] | PIWOWAR H A, VISION T J, WHITLOCK M C. Data archiving is a good investment[J]. Nature, 2011, 473(7347): 285-285. DOI:10.1038/473285a. |
| [28] | OECD. OECD Principles and Guidelines for Access to Research Data from Public Funding[M/OL]. OECD, 2007[2024-08-28]. https://www.oecd-ilibrary.org/science-and-technology/oecd-principles-and-guidelines-for-access-to-research-data-from-public-funding_9789264034020-en-fr. DOI:10.1787/9789264034020-en-fr. |
| [29] | GARETT R, YOUNG S D. Ethical views on sharing digital data for public health surveillance: Analysis of survey data among patients[J/OL]. Frontiers in Big Data, 2022, 5: 871236. DOI:10.3389/fdata.2022.871236. |
| [30] | Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance)[A/OL]// Official Journal of the European Union, 2016. http://data.europa.eu/eli/reg/2016/679/oj/eng. |
| [31] | Secretariat of the Convention on International Trade in Endangered Species of Wild Fauna and Flora CITES. Notification to the Parties No. 2016/007[EB/OL]. https://cites.org/sites/default/files/notif/E- Notif-2016-057.pdf. |
| [32] | RESNIK D B. The Ethics of Research with Human Subjects: Protecting People, Advancing Science, Promoting Trust[M/OL]. Springer International Publishing, 2018. http://link.springer.com/10.1007/978-3-319-68756-8. |
| [33] | The World Medical Association. WMA Declaration of Helsinki-Ethical Principles for Medical Research Involving Human Subjects[EB/OL]. 2018. https://www.wma.net/policies-post/wma- declaration-of-helsinki-ethical-principles-for-medical-research-involving-human-subjects/. |
| [34] | EMANUEL E J. What makes clinical research ethical?[J/OL]. JAMA, 2000, 283(20): 2701. DOI:10.1001/jama.283.20.2701. |
| [35] | VARKEY B. Principles of clinical ethics and their application to practice[J]. Medical Principles and Practice, 2021, 30(1): 17-28. DOI:10.1159/000509119. |
| [36] | Sharing publication-related data and materials: responsibilities of authorship in the life sciences[J/OL]. Plant Physiology, 2003, 132(1): 19-24. DOI:10.1104/pp.900068. |
| [37] | STODDEN V, LEISCH F, PENG R D. Implementing Reproducible Research[M/OL]. New York: Chapman and Hall/CRC, 2018. https://www.taylorfrancis.com/books/9781315362762. DOI:10.1201/9781315373461. |
| [38] | BORGMAN C L. The conundrum of sharing research data[J/OL]. Journal of the American Society for Information Science and Technology, 2012. https://onlinelibrary.wiley.com/doi/full/10.1002/asi.22634. |
| [39] | TENOPIR C, TALJA S, HORSTMANN W, et al. Research data services in European Academic Research Libraries[J/OL]. Liber Quarterly, 2017, 27(1): 23-44. DOI:10.18352/lq.10180. |
| [40] | CHARPENTIER A, FLACHAIRE E. Pareto Models for Risk Management// DUFRéNOT G, MATSUKI T. (eds) Recent Econometric Techniques for Macroeconomic and Financial Data. Dynamic Modeling and Econometrics in Economics and Finance, vol 27[M/OL]. Cham: Springer International Publishing, 2021: 355-387. https://doi.org/10.1007/978-3-030-54252-8_14. |
| [41] | BORGMAN C L. Scholarship in the Digital Age: Information, Infrastructure, and the Internet[M/OL]. The MIT Press, 2007. https://www.jstor.org/stable/j.ctt5hhbk7. |
| [42] | NIELSEN M. Reinventing Discovery: The New Era of Networked Science[M]. Princeton University Press, 2011. |
| [43] | BEZUIDENHOUT L M, LEONELLI S, KELLY A H, et al. Beyond the digital divide: Towards a situated approach to open data[J]. Science and Public Policy, 2017, 44(4): 464-475. DOI:10.1093/scipol/scw036. |
| [44] | KOLIVAND H, ASADIANFAM S, AKINTOYE K A, et al. Finger vein recognition techniques: a comprehensive review[J]. Multimedia Tools and Applications, 2023, 82(22): 33541-33575. DOI:10.1007/s11042-023-14463-5. |
| [45] | ABBAS S N, ABO-ZAHHAD M, AHMED S M, et al. Heart-ID: human identity recognition using heart sounds based on modifying mel-frequency cepstral features[J]. IET Biometrics, 2016, 5(4): 284-296. DOI:10.1049/iet-bmt.2015.0033. |
| [46] | DU Y, XU Y, WANG X, et al. EEG temporal-spatial transformer for person identification[J/OL]. Scientific Reports, 2022, 12(1): 14378. DOI:10.1038/s41598-022-18502-3. |
| [47] | BORGMAN C L. The conundrum of sharing research data[J/OL]. Journal of the American Society for Information Science and Technology, 2012, 63(6):1059-1078. https://doi.org/10.1002/asi.22634. |
| [48] | CAI P, CHEN L. Demystifying data law in China: A unified regime of tomorrow[J]. International Data Privacy Law, 2022, 12(2): 75-92. DOI:10.1093/idpl/ipac004. |
| [49] | 数据安全技术数据分类分级规则: GB/T 43697-2024[S]. 2024. |
| [50] | RITCHIE F. Five Safes: designing data access for research[M/OL]. 2016. DOI:10.13140/RG.2.1.3661.1604. |
| [51] | 夏义堃, 管茜. 科学研究的数据生态及其模式演进研究[J]. 科学学研究, 2024, 42(4): 673-682. |
| [52] | 尹海清, 王永伟, 张晓彤, 等. 材料基因工程数据生态系统[J]. 中国材料进展, 2023, 42(02): 135-143. |
| [53] | 信息安全技术数据安全能力成熟度模型: GB/T 37988-2019[S]. 2015. |
| [54] | 贺欣然. 公共数据开放共享法律问题研究[J/OL]. 争议解决, 2023, 9(6): 3269-3276. DOI:10.12677/DS.2023.96446. |
| [55] | 程雁雷, 张林轩, 张旭. 公共数据开放的逻辑意蕴:现状考察、问题检视与法治进路[J]. 科技情报研究, 2024, 6(3): 26-40. |
| [56] | 李宜展, 董璐, 王东瑶, 等. 国际科技组织与国际科技合作计划中的科学数据安全治理[J]. 农业大数据学报, 2024, 6(2): 161-169. DOI:10.19788/j.issn.2096-6369.000031. |
/
| 〈 |
|
〉 |