A string of green digital numbers and letters appears on a black background in a window on a Mac computer. At the top of the screen are the words "BEGIN CERTIFICATE." The beginning of the string of numbers and letters is visible, but as you work your way across and down, the characters become blurred and indecipherable. The visible characters are: "MIIFfzCCBGegAwIBAgIHBF," then "BhMCVVMxEDAOBgNVBAgTBBF," then "BgNVBAoTEUdvRGFZ," then "aWNhdGVzLmdvZGFkZ," then "ODcwHhcNMDk," then "ZWN1cmUuY29k," then "bGlkY."

Security of data should be every researcher’s concern

A brass lock with a silver loop and the word "GUARD" stamped on its face secures a silver hasp on what appears to be a door, which is painted black.

Have you thought about how secure your research data is lately? If the answer is no, this post will be helpful for you in many ways. Here are some quick tips and references that will aid in designing your data collection process and submitting the design to the IRB/Compliance Office as part of your protocol application.

The Office of Research Compliance does not consider Google Drive to be secure storage for sensitive data. While Miami University IT services may be managing the accounts, the servers could be abroad. With that being said, the nature of the data will dictate the security procedures. For innocuous survey data, the use of Google Docs might be secure enough for the means of collecting data. If the information is extremely sensitive or personal data, we do not recommend the use of Google Docs. In fact, according to the FERPA policies at Miami University, for a faculty member to discuss grades via email, they are supposed to be certain that the document exchanged is with the student (or they must have the student’s signed, written permission) and that the student explicitly states their permission to put grade information into email.

Some considerations:

  • Innocuous data: Google Forms, Qualtrics, and Survey Gold are acceptable.
  • Extremely sensitive data: Always best to be on paper for maximum security.
  • Data with regulatory oversight (HIPPA, FERPA): Are more restrictive; Miami has a contract with Qualtrics that states the servers must be in the United States. On the other hand, a Google Form can be configured to require a Miami UniqueID to be entered, but there is no assurance where the servers are located. Due to this, access to the data is less secure.
  • Filelocker can be used to temporarily store (90 days) and transfer files securely to and from behind the Miami firewall. This is a useful utility for any data file that is too large for email attachment. IT Services established this system initially because of concerns about export control of technology.

The Office of Research Compliance hopes you found this information useful. This general information is provided to aid you in understanding the issues related to data security that the compliance oversight committees must consider.

Written by Jennifer Sutton, Associate Director, Office of Research Compliance, Miami University.

Photo of “Guard” lock by David Goehring via Flickr.  Photo of SSL certificate by jeff_golden via Flickr.  Both used under Creative Commons license.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.