Search within:

Data Security Guidelines for Research

Maintaining research data securely with the appropriate level of confidentiality, integrity, and availability is critical to ensuring a low-risk threshold for the participants, the researchers, and the University. Principal investigators (PIs) and their research teams should outline the data management and security processes and procedures associated with each of their research projects regardless of whether or not the research involves the collection of personally identifiable data.

Data Sensitivity

  • It is important to understand the data you are working with when conducting research as well as it’s corresponding sensitivity. The Sensitive Data Defining & Classifying webpage has information about identifying sensitive data.
  • To best determine the sensitivity of your data it is helpful to understand some key terms to help inform the source of your data.
    • Anonymous: Data is anonymous if no one, including the researcher, can link the data to the individual that provided it. No identifying information such as name, address, identification number, or other unique individual characteristics making it possible to identify an individual from within the research subject pool are collected.
    • Confidential: Data in this category can be linked to the source individual. Research team members are obligated to protect confidential data from disclosure outside of the research team. Some ways to prevent unauthorized disclosure of confidential data include:
      • Storing research subject identifiers separately from the research data.
      • Utilizing a unique code to refer to the research subject’s data. It is important to note that this method does not make the data anonymous.
      • Storing the code key and the subject’s identifiers separately.
    • De-identified: De-identified data is a data set that has removed any and all direct and indirect identifiers or codes linking the data to the research subjects.
  • Information on the Storing Data by Type and Storing Data by Solution pages will assist you in finding the appropriate IT resources for use with your research data.

Data Storage

Data Retention & Destruction

Good research data management includes designing the data management plan and research protocol in such a way that data retention and destruction, if applicable, are addressed. As such, the PI should document within the research design the retention period applicable to the research data. In accordance with the research design, established retention period, and any agreements entered into by the University and the research sponsor the PI should also securely destroy data. If there are Federal requirements for data sharing, or if the researcher has a need to retain the data for further research, at minimum the identifiers associated with the data must be securely removed from the research databases and files as early in the process as possible.