File syncing of library that has sensitive data

Hello,

I am have a personal library with ~10,000 references. These references include public article/documents/books and commercially sensitive documents used in various reports.

I have managed this library locally. I have my personal computer with this data. I have resisted syncing with Zotero online because I can't seem to find anyway of filtering what is synced and what is not.

I am currently investigating using Zotero with Wordpress and have discovered a Zotero Plugin called ZotPress. This allows me to use an online library with my Wordpress installation.

I am now presented with a dilemma. Do I sync online and expose my references to people that should not have access to this data? Do I create a new profile under FireFox and split my library into 2 datasets? or; just cut-and-paste my references from my library into a Wordpress post and forego any advanced features this Wordpress plugin might provide.

How do others solve this problem?

I want to use my library to inform others but want to avoid inadvertently exposing commercially sensitive data.

Any suggestions?

Thanks Simon
  • edited July 1, 2016
    Not sure if all of this is clear to you already, but since you don't mention it:
    1) Synced data is, by default, still private. Syncing does not mean publishing. Obviously data can be so sensitive that you don't want it on any cloud server, in which case you shouldn't sync it with Zotero, but roughly speaking, anything you'd send in an unencrypted e-mail you might as well sync with Zotero. (Dan will want me to point out that Zotero data is actually more secure than most e-mails, since all traffic is encrypted)

    2) You can set up Zotero to just sync metadata, not files. That's sufficient for ZotPress (which is terrific, btw.), but your files would all be local only. So if the sensitive info is all in attached files, just disable file sync in the preferences.

    3) If 1) and 2) don't help, the only option I see is to either create a separate Firefox profile as you suggest or wait for Zotero 5.0, which Dan says will have selective sync.
  • I suppose that in reality most commercially-sensitive projects were negotiated, discussed and the final report sent via unencrypted email. I get it. Once you use the Internet for data transport the data is exposed. The caveat is that others need to know it exists and it needs to be readily available for perusal/trolling.

    However, by creating an off site repository how is it possible to prevent others, e.g. Zotero, ISP or University staff, from perusing the records? I am not saying they would but in a court of law it might be considered commercially irresponsible to off load these datasets (even if it is just metadata).

    I am still of two minds...

    Having selective sync would eliminate this problem -- How long until Zotero 5 is available? if it is months away maybe I'll just cut-and-paste until it is available.
  • I can't give you legal advice, obviously, that's entirely your call.

    The hope for Zotero 5 are certainly months (the beta is out already), but I'm not sure if selective sync will come with the first version or if it will be in 5.0.x and thus how long it actually takes. Maybe Dan has more on that, though generally ETAs are very tricky for small projects like Zotero.
  • Thanks Adam, at least I know the options available now and in the short-term
  • edited July 17, 2016
    I'm not sure if selective sync will come with the first version or if it will be in 5.0.x
    Selective sync of libraries is available now in the 5.0 beta, though it hasn't been extensively tested.
Sign In or Register to comment.