Secure Data Storage

Investigators are required to describe “the extent, if any, to which confidentiality of records identifying the subject will be maintained” as part of the informed consent procedure. Investigators therefore often seek to provide the maximum confidentiality for identified data about research participants. Wellesley College provides guidance on secure storage of data files. Per this policy, “Library and Technology Services will provide secure file storage space, maintain the servers and provide back-up for the data. The Chief Information Officer has responsibility for this policy.” Investigators should be familiar with these options, and address any questions or concerns to the Chief Information Officer.

The Google Platform utilized by the College has been reviewed by Brandeis University's Human Research Protection Program office (our designated IRB) and deemed appropriate for IRB purposes.

Data Retention

Even once your research is complete, you are still required to keep certain records and data from your research. In general, any records required as part of your IRB review (e.g., informed consent documents) should be kept for at least three years after the completion of the research ("completion" means that all data analyses specified in the IRB application have been completed).

Other regulations or policies may apply to the retention of records, including study data. How long investigators need to store data depends on the funding source, the type of data and other factors. At a minimum, data should be stored for three years from the end of the funding, if the project was funded by NIH or NSF. The federal Office of Research Integrity offers some guidance on this.

Data Sharing

Before sharing your data with colleagues outside of your original research team, consider the following:

  • NIH offers the following advice on informed consent and data sharing: "In preparing and submitting a data-sharing plan during the application process, investigators should avoid developing or relying on consent processes that promise research participants not to share data with other researchers. Such promises should not be made routinely or without adequate justification described in the data-sharing plan."
  • Is your data fully de-identified? NIH provides a Data Sharing Workbook, which includes recommendations for de-identifying data. Note: "It is rarely sufficient to simply remove names, addresses, telephone numbers, Social Security Numbers, and the like."

See the NIH FAQ on data sharing.