Research data have expanded in their gradation of the risks associated with both re-identification and harm, which has created a need for multiple levels of access controls beyond public and restricted access. Public-access data have typically been available for download from websites while restricted-access data usually require an application and formal authorization process. The old paradigm of classifying data as public-access or restricted-access is no longer sufficient. Access to research data requires more nuance to ensure the protection of human subjects. In this paper, we describe seven tiers of access to research data. Each tier adds requirements that are necessary to mitigate disclosure risk and confirm appropriate management of the data. Improper handling of the data includes attempting to find a specific individual or household or failing to follow disclosure protection rules for data and output included in papers and presentations. By establishing a ladder of access conditions, each higher tier meets and exceeds the requirements of the lower tiers. While the highest tier meets all requirements, this tier will impede legitimate research for most data. The challenge for repositories is to provide access in a manner that promotes research while specifying security that provides appropriate protections against the risks of re-identification and harm.

Keywords: Confidential data; Data reuse; Sensitive data.

研究数据在与再识别和伤害相关的风险分级方面已经扩大，这需要多层次的访问控制措施，而不仅仅是公共访问和限制访问。通常情况下，公共访问的数据可以从网站上下载，而限制访问的数据则通常需要申请并经过正式授权流程。将数据分类为公共访问或限制访问的传统模式已不再足够。为了确保保护人类受试者的权益，研究数据的访问需要更加细致入微。在本文中，我们描述了七级研究数据访问权限。每一层级都增加了必要的要求以降低披露风险，并确认适当的管理措施。对数据处理不当包括试图找到特定个人或家庭，或者未能遵守包含在论文和演示中的数据及输出的披露保护规则。通过建立一个访问条件梯度体系，每个更高的层级满足并超过了较低层级的要求。虽然最高层级可以满足所有要求，但它会阻碍大多数数据的真实研究工作。对于资料库来说，挑战在于以促进研究的方式提供访问权限，并同时明确安全措施来适当防止再识别和伤害的风险。

关键词：机密数据；数据重用；敏感数据。