Bad Actors in Research Environments (BARE)

Aims to provide guidance for detecting intentional misuse of life science data in controlled environments

To protect data from outside attackers, there are many known standards, techniques, and tools available. However, there are no guidelines and techniques to determine if an authorised researcher is using the data in accordance with their research proposal or the data use conditions agreed upon by the data donor. The GA4GH Bad Actors in Research Environments (BARE) Study Group aims to devise techniques, rules, and guidelines for detecting possibly bad behaviour in life science data environments that jeopardise trust and data subject privacy.

Jump to...

Target users

Data custodians

Community resources

Dive deeper into this product! Research proposals often state how the data will be protected from outside attackers and how its use will be audited. Known security standards, such as NIST-800-53, ISO27001, and PCI, help to create trust that a system is resistant to a certain level of attack. There are many known techniques and tools to achieve this security, with some employing statistics, artificial intelligence, and machine learning to analyse large amounts of data and network traffic to pinpoint anomalies. But such guidelines and techniques do not exist for auditing data use. Beyond ensuring that a researcher is authorised to see, analyse, and/or download the data, there is no definitive way to tell if they are using the data in the agreed-upon way. The GA4GH BARE study group aims to determine a core set of rules defining data use malfeasance.

Don't see your name? Get in touch:

  • David Bernick
    Broad Institute of MIT and Harvard
  • Lucila Ohno-Machado
    University of California San Diego