Data Management & Security
Active Projects
A human subjects research project is considered "active" from the time IRB approval is issued until the time personal identifiers linked to the research data no longer exist and the project is closed. Records for active IRB-approved research projects must be stored in some form (paper and/or digital form) in secure locations on campus. For research performed off-campus, the data should be secured and returned to campus as soon after collection as it is practical. Particular care should be taken to protect data on laptop computers, external hard drives and other portable devices. Study information containing personal identifiers stored on these devices should be encrypted to prevent unintentional breaches of confidentiality in the event the storage device is lost or stolen. Similarly, paper records identifying research participants, including consent forms, should be kept in a secure location with access restricted to key study personnel.
Basic Levels of Storage
The level of protection for the data should be commensurate with the sensitivity of the data.
-
Paper Records
Paper files related to human subjects' participation in research must be securely stored on campus. Access to files should be restricted to key personnel and supervised by the principal investigator(s) of the study. Locked file cabinets ought to be used and preferably located in secured locations (i.e., locked office or laboratory). In the event that research activities are not carried on campus AND it is necessary to maintain the consent forms at the research site, copies of the signed consent form should also be stored in a secure University location (either as a paper copy or in digital form).
Signed informed consents must not be used as the identifying link to the research data and must NOT contain participant ID numbers or be filed with other research data files.
-
Digital Records
Digital files containing human subjects data must be stored in password protected files, preferably on University maintained servers (e.g., REDCap, One Drive) with regular and secured back-up. Sensitive data should also be encrypted, stored, and securely erased when appropriate.
Tapes and other media-supporting devices used for audio and/or video recordings should be stored in the same secure manner as paper records and erased as soon as information has been transcribed or coded and is no longer needed for research.