Login   |   Secure Purdue > Best Practices

Network Data Collection for Research Purposes

PDF icon View PDF for print

Developed to support research on the use of the Purdue wired and wireless networks.

  1. Introduction:

    All University IT Resources are provided by the University to support its ongoing mission of learning, discovery, and engagement. Purdue University provides both a wired and wireless network infrastructure on the West Lafayette campus. This infrastructure is maintained by Information Technology at Purdue (ITaP) in the IT Security and Policy (ITSP) group. Occasionally ITSP receives requests from Purdue University researchers to have access to logs and other data evidencing the normal operation and maintenance of the University's IT Resources (specifically Purdue’s wired and wireless networks for the purpose of this document) for research purposes. This document describes the circumstances under which such logs and data (referred to as a “data set”) will be provided to Purdue University researchers.
  2. Procedures:

    Any request for data evidencing the normal operation and maintenance of the University's IT Resources is subject to Purdue’s Privacy for Electronic Information (VII.B.2) policy.

    Data sets evidencing the normal operation and maintenance of the University's IT Resources will be provided to Purdue University researchers as follows:
    • ITSP will own, operate, maintain, and control any data gathering devices used for research purposes placed on the University’s IT Resources. ITSP will not approve or place any data gathering devices used for research purposes on Purdue’s wired and wireless networks that are not owned, operated, maintained, and controlled by ITSP. Purdue researchers or any other individuals outside of ITSP will not be allowed access to any data gathering devices used for research purposes. Data gathering devices used by information technology staff to diagnose technology and operational issues on University IT Resources are not impacted by this procedure.
    • ITNS will only provide anonymized data sets to Purdue researchers. ITSP will anonymize the data sets prior to providing the data sets to Purdue researchers. In the event that a Purdue researcher develops a script or procedure for data anonymization particular to their research, ITSP will perform the script or procedure and verify that the script or procedure properly anonymized the relevant data sets prior to providing the data sets to Purdue researchers.
    • The first priority of ITSP is the operational needs and security of Purdue University IT Resources. ITSP will make every effort to respond to research data requests in a timely manner, subject to operational needs.
    • ITSP will work with Purdue researchers to identify the data sets required by the researcher and will make every effort to provide the researcher with the data sets requested. However, ITSP cannot guarantee that the data sets provided will be suitable for the underlying research purposes, nor can ITSP guarantee the data set.
    • A Service Level Agreement (SLA) between ITSP and the Purdue researcher(s) requesting data sets must be signed prior to the running of any scripts or procedures or the provision of any data set. The SLA will document the research project and service level expectations.
    Some types of data sets will require additional coordination with Purdue's Institutional Review Board (IRB) or other compliance activities (for example, Purdue's HIPAA privacy compliance program for data sets involving Protected Health Information). Researchers are expected to initiate coordination with any other applicable compliance requirement and provide appropriate documentation to ITSP as requested.

    Requests by Purdue researchers for logs or other data evidencing the normal operation and maintenance of the University's IT Resources should be directed to Purdue’s Chief Information Security Officer at itap-securityhelp@purdue.edu
  3. Related References

Issued July 2, 2009 from IT Networks and Security (ITNS). Questions about this procedure can be addressed to itap-securityhelp@purdue.edu.

Revised November 21, 2011 to update URLs.