Skip to main content
Skip to McMaster Navigation Skip to Site Navigation Skip to main content
McMaster logo

Data Security Plan - SEAL Lab at McMaster University

Useful for Applications to Data Providers, Ethics Boards or Funding Organizations

Overview of the SEAL Lab

SEAL (Secure Empirical Analysis Lab) is a secure data lab that provides a secure environment for hosting confidential data. Current research is in the areas of education, consumer behavior, health economics, charities, pharmaceuticals, poverty and international trade.

Originally founded in 2004, SEAL is operated by the McMaster Department of Social Sciences and is part of CRESS (Center for Research in Empirical Social Sciences).

Researchers may use the physical lab which is located in a restricted access location at McMaster University in Hamilton Ontario, or they may use the lab remotely through the use of a MobiKey. 

SEAL security is maintained by several layers of protection which include physical access controls, video monitoring, firewall isolation from the internet, and data access controls.  Main elements of the security system include:

  • The SEAL server is separated from the internet by a firewall and can only be accessed locally using thin client technology. The thin clients do not permit data transmission through any device connected to the thin client e.g. memory stick, laptop computer, cell phone etc.
  • Access card holders must meet SEAL identification requirements.
  • All researchers sign a confidentiality agreement with SEAL.
  • Entry and exit to SEAL is controlled. The SEAL lab is monitored with CCTV.
  • Research teams can only access data that they are authorized to use.
  • SEAL lab users must provide SEAL with a copy of their Data Sharing Agreement (DSA). Vetting and release of research results is done in accordance with the DSA.  Upon completion of the project, data is permanently erase if required by the DSA.  

IT Environment

The SEAL lab is located in a controlled access location in the main McMaster University campus and is accessible to users who have access cards issued by the lab manager.  McMaster Security Services use CCTV to monitor the lab on a 24/7 basis.  The server room is located in the lab and no data connections to the server are permitted to devices located outside the lab, except for one connection to university network that provides access to the internet.  This one link is protected by a firewall.

The SEAL lab has a Windows based server that runs Microsoft Windows Server 2016 (Standard).  Login credentials allow users to access the server and the data they use on the server.

Access to data is controlled by group policy.  Users are given access to only data that they are authorized to access.  Users can only access data that they are authorized to access.

The SEAL server does not support download/upload of data except as controlled by the Lab Manager.  Data import to the lab is typically via encrypted FTP.  Importing confidential data by other means is generally not accepted.

User Restrictions

Only bona fide researchers are granted access to the lab.  The SEAL Lab does not permit any walk-in users.  All users must sign a Non-Disclosure and Facility Use Agreement that requires:

  • Users maintain the security of the lab and share no information to non-authorized persons
  • Remove no documents or data from the lab and report anyone doing this to the lab manager
  • Adhere to all requirements imposed by data providers and the SEAL Lab
  • No photography 

The SEAL Lab uses thin client technology.  This means that confidential data is not transmitted in part or whole to individual workstations.  Attempts to download significant parts of a confidential database is not possible.  Additionally, all thin clients have communication ports (USB and Ethernet) disabled making download via USB memory sticks or other devices impossible.  Users cannot reconfigure thin clients in an attempt to defeat the security measures.

Printing in the lab is restricted.  Only the lab manager is able to print within the lab.

Portable devices like cell phones or laptop computers are allowed in the lab, but the server automatically rejects connection of these devices to the server.  Photography is prohibited.

Remote access is provided using the Route 1 MobiKey system (https://www.route1.com/mobikey/).  Features of this system are:

  • MobiKeys are not VPN based and do not have the security weaknesses associated with VPNs.
  • No data movement between remote users and SEAL takes place. Therefore, the MobiKey system is not susceptible to ‘man-in-the-middle’ or virus attacks.
  • MobiKeys use multi-factor authentication.
  • Sharing MobiKeys is not allowed and MobiKeys can only be issued to users who meet SEAL identification requirements.
  • Route1 has full authority to operate (ATO) secure remote access systems from the U.S. Department of Defense, the U.S. Department of the Navy, the U.S. Department of the Interior and the U.S. Marine Corps.

When connected to the SEAL Lab, the MobiKey assumes full control of the remote computer and disables all input/output devices except for the keyboard and display.  This makes it impossible to download data to a local device like a USB memory stick, or onto the device’s hard drive.

Lab users perform their data analysis using lab software (SAS, Stata, etc.).  Users can request release of analysis results from the lab.  Raw confidential data is not released to any user. 

Analysis results that users request can be released through a vetting process.  Results to be released are sent to the lab manager who reviews the results and release them to the user.  Vetting of results to be released is based upon:

  1. Requirements established by the data sharing agreement or if no requirements exist…
  2. Requirements established by the SEAL Lab.

The vetting rules are focussed on avoiding the possibility that an individual or characteristics of an individual can be identified.  The SEAL Lab vetting rules are similar to the Statistics Canada vetting rules.  For instance, group averages cannot be based on small group sizes and characteristics of a specific individual or small group of individuals cannot be released.

Data Access by IT Personnel

Only the lab manager and the McMaster IT personnel assigned to SEAL have administrative rights on the server.  Each group has its own account for performing software installs and maintenance work. 

The lab manager is the only person who sets up user accounts, imports data, sets file access permissions and similar activities.

Passwords

All passwords must contain a minimum of eight characters, and must have at least one lower case letter, at least one upper case letter, at least one number and at least one special character.  The server automatically enforces these password rules.  All passwords expire after 3 months at which point the user must create a new password.

Passwords are not communicated to users by email.  The lab does not respond to requests for password resets by email.

 

Institutional Contacts

photo of Arthur Sweetman

Arthur Sweetman


Professor | Ontario Research Chair in Health Human Resources | Co-Editor of Canadian Journal of Economics

photo of Lars Nielsen

Lars Nielsen


Secure Empirical Analysis Lab (SEAL), Lab Manager