Ohio University

Search within:

Data Security Guidelines for Research

Maintaining research data securely with the appropriate level of confidentiality, integrity, and availability is critical to ensuring a low-risk threshold for the participants, the researchers, and the University. Principal investigators (PIs) and their research teams should outline the data management and security processes and procedures associated with each of their research projects regardless of whether or not the research involves the collection of personally identifiable data.

Data Sensitivity

  • It is important to understand the data you are working with when conducting research as well as it’s corresponding sensitivity. The Sensitive Data Defining & Classifying webpage has information about identifying sensitive data.
  • To best determine the sensitivity of your data it is helpful to understand some key terms to help inform the source of your data.
    • Anonymous: Data is anonymous if no one, including the researcher, can link the data to the individual that provided it. No identifying information such as name, address, identification number, or other unique individual characteristics making it possible to identify an individual from within the research subject pool are collected.
    • Confidential: Data in this category can be linked to the source individual. Research team members are obligated to protect confidential data from disclosure outside of the research team. Some ways to prevent unauthorized disclosure of confidential data include:
      • Storing research subject identifiers separately from the research data.
      • Utilizing a unique code to refer to the research subject’s data. It is important to note that this method does not make the data anonymous.
      • Storing the code key and the subject’s identifiers separately.
    • De-identified: De-identified data is a data set that has removed any and all direct and indirect identifiers or codes linking the data to the research subjects.
  • Information on the Storing Data by Type and Storing Data by Solution pages will assist you in finding the appropriate IT resources for use with your research data.

Data Storage

Data Destruction

The PI should securely destroy data as soon as possible after collection if the research design allows, or at the conclusion of the project and in accordance with any agreements entered into by the university and the research sponsor.