Properly storing study data is essential for protecting confidentiality. The Board will need to know how you plan to house the data and how it will be organized. As the sensitivity of the data increases, so does the researcher’s responsibility for developing an adequate storage plan.
The benefits of using digital resources to collect, process, and store data are enormous. However, it is important that you are aware of the tools required to adequately protect data stored on a hard drive, the internet, or any other digital storage device. If you are collecting social security numbers and names, for example, and your computer is lost, stolen, or hacked, the results could be devastating for your participants. UVa’s IT Services Office requires that all University employees and students follow their Institutional Data Protection Standards; in addition, you may be required to follow their Policy on Electronic Storage of Highly Sensitive Data. The IRB-SBS expects your data storage policies to be in compliance with UVa’s information technology policies and with any other IT protocol that is considered best practice. For an additional resource, please see UVA Library's Data Management website.
If the materials you are collecting are not stored on digital devices, you are still required to handle these materials in a secure manner. Items such as research journals, paper surveys, writing samples, and other materials collected for research purposed need to be stored so that access is restricted to only those who have permission to access the materials.
In addition, the Board needs to understand who will have access to the data, regardless of how it is stored. Generally the Board requires that only the individuals listed on the protocol as part of the research team have access to the data.
It is essential that you keep your research records and data organized, not only for the purpose of making the research process more efficient, but also for documenting that you followed your protocol. When you store your data, make sure that you store consent forms so that you can document that all of your participants were properly consented. For more information, see Record Keeping.
How you store a participant’s identifying information in relation to their data is also an important consideration. If the data are anonymous (either collected anonymously or if you received data stripped of identifiers), you shouldn’t have identifying information to store, nor should you have the ability to reconnect data with identifiers. If it is necessary to keep identifiers connected to the data, it may be advisable to code the data and store the identifiers in a different location. In general, you will need to demonstrate that you have a data storage plan that meets the needs of the type of data you will collect.