CON Research Data Security and Storage

Purpose

In agreement with UNMC Human Research Protection Program (HRPP) Policies and Procedures and University of Nebraska Executive Memoranda covering data security, the purpose of the policy on data security and storage is to ensure the secure storage of research data on all five UNMC College of Nursing campuses to protect the privacy interests of research subjects; to maintain the confidentiality of data; and to prevent unauthorized access, intrusion, and theft of data.

Scope

This policy applies to all CON faculty, staff, and students engaged in research.

Policy

Ensuring the security of stored data is governed by HRPP Policy 3.3, Privacy Interests and Confidentiality of Research/Registry Data. Data that are stored in hardcopy must be stored behind two locks (i.e., locked cabinet in a locked office) to ensure research data security.

The Principal Investigator (PI) must verify on the IRB application that only those with a “need to know” have access to the research data. Anyone who accesses stored research data must have obtained prior permission from the PI. If accessing data with identifiable participant information, the person must also be listed on an approved IRB protocol.

If the data are extracted and stored on an electronic device such as a hard drive or mobile device (e.g., flash drive, laptops, PDAs), the user must have an additional layer of security precaution such as encryption or password protection, as outlined in HRPP Policy 3.3.

Per HRPP Policy 1.17, Retention of Research Records, all research records must be maintained and stored securely, in accordance with Nebraska State Law, for at least seven years beyond the termination of the study or longer as required by sponsors. At the end of the seven years, the data must be appropriately archived or destroyed. In accordance with University of Nebraska Executive Memorandum No. 42 – Policy on Risk Classification and Minimum Security Standards, parties must contact UNMC ITS for assistance with disposal of data that is confidential, restricted, sensitive, not legally available to the public, or where protection is required by law, regulation, or sponsor requirements. In the event that the responsible party departs UNMC and is unable to be reached after multiple contact attempts, the Associate Dean for Research may permit Niedfelt Nursing Research Center staff the authority to destroy or archive the data in accordance with Executive Memorandum No. 42.

Prior to storing data for a new research purpose, the researcher must submit a plan for approval to the Associate Dean for Research that describes where the data will be housed and how it will be maintained upon separation from the University. Researchers in need of physical space to store research data must inform and request secure storage facilities from both the assistant dean of the researcher’s division and the Associate Dean for Research. The UNMC campus library should be contacted for assistance with locating appropriate data repositories for public dissemination of data.

Per University of Nebraska Executive Memorandum No. 41, all research data and/or materials transferred to or from the University shall be shared or transferred in accordance with all applicable international, federal, state, University, or sponsor requirements. Transferring, moving, or sharing research data requires agreements such as the Data Use/Data Transfer Agreement (DUA/DTA) for confidential or sensitive research data or Material Transfer Agreements (MTAs) to protect intellectual property rights. UNMC Sponsored Programs Administration should be contacted to coordinate the sharing or transfer of data to or from another institution via a DUA, DTA, or MTA.