ATISR Data Governance Guide – Privacy, Security, and Compliance Standards

In today’s research environment, data is central to academic and institutional operations. Whether it’s personal data collected from research participants or large datasets used for analysis, how that data is managed matters.

The Academic and Technical Institutional Scientific Review (ATISR) framework provides structured guidance to ensure research data is handled with the highest levels of privacy, security, and compliance.

This article serves as a practical guide to knowing ATISR’s approach to data governance, with a focus on protecting sensitive information, ensuring research integrity, and meeting institutional and legal obligations.

Overview

Data governance under ATISR refers to the policies, procedures, and ethical standards that define how research data is collected, stored, accessed, and shared. It applies across all research disciplines and is critical for:

• Protecting the rights of participants
• Ensuring data quality and integrity
• Complying with institutional and legal frameworks
• Supporting ethical and transparent research practices

ATISR provides institutions and researchers with a clear structure for data governance, balancing academic freedom with regulatory accountability.

Privacy

Privacy is a foundational principle in ATISR’s data governance model. Researchers must protect identifiable information related to participants and institutions throughout the research lifecycle.

Key privacy practices include:

• Informed consent: Participants must understand how their data will be used and stored.
• Anonymization: Where possible, personal identifiers should be removed before analysis or sharing.
• Access control: Only authorized individuals should access sensitive data.
• Data minimization: Collect only the data necessary for the research purpose.

For studies involving human subjects, compliance with national privacy regulations – such as Taiwan’s Personal Data Protection Act (PDPA) or the EU’s GDPR (when applicable) – is required.

Security

Data security ensures that research data is protected from loss, unauthorized access, or tampering. Under ATISR, security policies must be documented and tailored to the sensitivity of the data involved.

Security responsibilities include:

• Encryption: Sensitive data should be encrypted both at rest and during transmission.
• Secure storage: Use institution-approved cloud platforms or physical storage with restricted access.
• Backup protocols: Regular backups must be scheduled and monitored to prevent data loss.
• Incident reporting: Breaches or security lapses must be reported immediately and addressed through proper protocols.

ATISR encourages the use of standardized institutional tools and IT infrastructure to reduce the risk of data mishandling.

Compliance

Compliance refers to adherence to local, national, and institutional data policies. All research projects under ATISR must demonstrate compliance in their proposals, especially when handling:

• Human subject data
• Health-related or financial data
• International data transfers
• Third-party datasets

Researchers are required to submit a Data Management Plan (DMP) during the project approval phase. The DMP outlines how data will be collected, stored, and handled after the project ends.

Here’s a basic overview of DMP components:

DMP Section	Description
Data Collection	What data will be collected and from whom
Data Storage	Where and how data will be stored securely
Access Permissions	Who will have access and under what conditions
Retention & Disposal	How long data will be retained and deletion protocols
Sharing & Publication	Plans for making data available (if applicable)

Roles

ATISR data governance also defines clear roles to maintain accountability:

• Principal Investigators (PIs): Responsible for implementing privacy and security measures in their projects.
• Institutional Data Officers: Oversee compliance and assist with infrastructure and training.
• Ethics Review Boards: Evaluate proposals for compliance with ethical data handling standards.
• IT Departments: Provide tools and technical support to ensure secure systems.

Coordination among these roles ensures that data governance is not just policy on paper, but practice in action.

Training

To support proper implementation, ATISR encourages mandatory training in data ethics and security for all researchers and staff involved in projects. Topics include:

• Identifying sensitive data
• Handling consent and anonymity
• Secure data sharing
• Recognizing data breach risks

Training ensures that all participants in the research process understand their responsibilities and institutional expectations.

International Standards

Where applicable, ATISR aligns with global data governance frameworks such as:

• GDPR (General Data Protection Regulation) for EU-linked research
• ISO/IEC 27001 for information security management
• FAIR Principles for data that is Findable, Accessible, Interoperable, and Reusable

For projects involving international partners or publishing in international journals, compliance with these frameworks is often mandatory.

Enforcement

Violations of data governance protocols are treated seriously under ATISR. Possible consequences include:

• Suspension of research projects
• Institutional review or audits
• Retraction of publications
• Disciplinary measures for misconduct

ATISR requires institutions to have documented policies for data breach responses and periodic audits to assess compliance.

ATISR’s data governance framework ensures that research is conducted ethically, securely, and in compliance with institutional and legal standards. With growing concerns around data privacy and digital security, researchers must adopt proactive and informed practices. By following these guidelines, academic institutions in Taiwan and beyond can build a research culture that prioritizes responsibility, integrity, and trust.

FAQs