Have you thought about how secure your research data is lately? If the answer is no, this post will be helpful for you in many ways. Here are some quick tips and references that will aid in designing your data collection process and submitting the design to the IRB/Compliance Office as part of your protocol application.
The Office of Research Compliance does not consider Google Drive to be secure storage for sensitive data. While Miami University IT services may be managing the accounts, the servers could be abroad. With that being said, the nature of the data will dictate the security procedures. For innocuous survey data, the use of Google Docs might be secure enough for the means of collecting data. If the information is extremely sensitive or personal data, we do not recommend the use of Google Docs. In fact, according to the FERPA policies at Miami University, for a faculty member to discuss grades via email, they are supposed to be certain that the document exchanged is with the student (or they must have the student’s signed, written permission) and that the student explicitly states their permission to put grade information into email.
- Innocuous data: Google Forms, Qualtrics, and Survey Gold are acceptable.
- Extremely sensitive data: Always best to be on paper for maximum security.
- Data with regulatory oversight (HIPPA, FERPA): Are more restrictive; Miami has a contract with Qualtrics that states the servers must be in the United States. On the other hand, a Google Form can be configured to require a Miami UniqueID to be entered, but there is no assurance where the servers are located. Due to this, access to the data is less secure.
- Filelocker can be used to temporarily store (90 days) and transfer files securely to and from behind the Miami firewall. This is a useful utility for any data file that is too large for email attachment. IT Services established this system initially because of concerns about export control of technology.
The Office of Research Compliance hopes you found this information useful. This general information is provided to aid you in understanding the issues related to data security that the compliance oversight committees must consider.
Written by Jennifer Sutton, Associate Director, Office of Research Compliance, Miami University.