A string of green digital numbers and letters appears on a black background in a window on a Mac computer. At the top of the screen are the words "BEGIN CERTIFICATE." The beginning of the string of numbers and letters is visible, but as you work your way across and down, the characters become blurred and indecipherable. The visible characters are: "MIIFfzCCBGegAwIBAgIHBF," then "BhMCVVMxEDAOBgNVBAgTBBF," then "BgNVBAoTEUdvRGFZ," then "aWNhdGVzLmdvZGFkZ," then "ODcwHhcNMDk," then "ZWN1cmUuY29k," then "bGlkY."

Security of data should be every researcher’s concern

A brass lock with a silver loop and the word "GUARD" stamped on its face secures a silver hasp on what appears to be a door, which is painted black.

Have you thought about how secure your research data is lately? If the answer is no, this post will be helpful for you in many ways. Here are some quick tips and references that will aid in designing your data collection process and submitting the design to the IRB/Compliance Office as part of your protocol application.

The Office of Research Compliance does not consider Google Drive to be secure storage for sensitive data. While Miami University IT services may be managing the accounts, the servers could be abroad. With that being said, the nature of the data will dictate the security procedures. For innocuous survey data, the use of Google Docs might be secure enough for the means of collecting data. If the information is extremely sensitive or personal data, we do not recommend the use of Google Docs. In fact, according to the FERPA policies at Miami University, for a faculty member to discuss grades via email, they are supposed to be certain that the document exchanged is with the student (or they must have the student’s signed, written permission) and that the student explicitly states their permission to put grade information into email.

Some considerations:

  • Innocuous data: Google Forms, Qualtrics, and Survey Gold are acceptable.
  • Extremely sensitive data: Always best to be on paper for maximum security.
  • Data with regulatory oversight (HIPPA, FERPA): Are more restrictive; Miami has a contract with Qualtrics that states the servers must be in the United States. On the other hand, a Google Form can be configured to require a Miami UniqueID to be entered, but there is no assurance where the servers are located. Due to this, access to the data is less secure.
  • Filelocker can be used to temporarily store (90 days) and transfer files securely to and from behind the Miami firewall. This is a useful utility for any data file that is too large for email attachment. IT Services established this system initially because of concerns about export control of technology.

The Office of Research Compliance hopes you found this information useful. This general information is provided to aid you in understanding the issues related to data security that the compliance oversight committees must consider.

Written by Jennifer Sutton, Associate Director, Office of Research Compliance, Miami University.

Photo of “Guard” lock by David Goehring via Flickr.  Photo of SSL certificate by jeff_golden via Flickr.  Both used under Creative Commons license.

Picture of King Library at Miami University during Fall Semester. Picture of trees with fall leaves in the foreground.

Research compliance office announces training location, issues reminder

A smiling, bearded man wearing a black bowler hat, an old-fashioned looking purple suit and a grey cravat shouts into a battered cardboard megaphone while pointing out of the frame with his right hand.


IRB trainings to be held in new ORU classroom

As the beginning of a new academic year begins, so does a new series of IRB application trainings. Starting Fall 2014, IRB application trainings will be offered in the new Office for Research for Undergraduates (ORU) classroom in Suite 122 King Library. Registration information for Fall 2014 semester is now posted on the Research Compliance website.  Faculty who teach research methods courses and would like a consultation and/or classroom instruction for the IRB process and overview should contact the Research Compliance Office.

CITI accounts must be updated to include @MiamiOH.edu email addresses

Faculty, staff, and students with active CITI accounts who were with the university prior to July 2013 should update their accounts to use the new MiamiOH.edu domain. Your Miami University email account ought to be the primary email address affiliated with CITI. It is important that you receive timely reminders from CITI regarding your completion reports and expiration dates. For CITI completion dates please use the online search utility.

Featured image (left) by Miami University Photo Services.  Photo above by J. Scott via Flickr, used under Creative Commons license.