|Arts & Letters||Greg Toppleemail@example.com|
|Design & Social Inquiry||Matthew Canavanfirstname.lastname@example.org|
Password-protection of individual files/documents is usually offered by the manufacturer of the software, (i.e.: Microsoft). Users must control the security of their own documents.
In general, good practice is to have three copies in at least two locations (e.g. original + external/local backup + external/remote backup). Geographically distribute your local and remote copies to reduce risk of calamity at the same location (power outage, flood, fire, etc.).
To be sure that your backup system is working, periodically retrieve your data files and confirm that you can read them. You should make these checks when you initially set up the system and on a regular schedule thereafter. CDs or DVDs are not recommended because they are easily lost, decay rapidly and fail frequently.
FAU has a policy in place 6 for backups to ensure that the institution has a safe and recent copy of data in case a system crashes or other disaster occurs. The system(s) run a backup script each night when there is little activity. A third-party cloud storage company maintains offsite backup data. All data is encrypted and stored safely.
Personal identifying information should be kept separate from the research data AND data should be stored in an encrypted format.
The research plan should determine which personnel will have access to the data.
Principal investigators should have clearly established who controls the data (e.g., the PI, a student, lab personnel, university, or sponsor).
The IRB protocol should specify whether any outside parties will have access to study data and the process for storing and/or transferring that data.
Data transmission needs a plan to protect the confidentiality of the data.
Research teams are advised to develop standard operating procedures regarding a secure transmission process regardless of the data being anonymous, coded or non-sensitive.
Secure data transmission processes are a best practice and mitigate the potential of data breaches.
FAU provides extensive guidance, software and resources to assist researchers to encrypt and transfer data.
An optimal option is to create/find a data repository. The decision should be based on the long-term security offered and the ease of discovery and access by colleagues in the field. There are two common types of repository to look for:
Prior to data access, students and external investigators not explicitly listed in the IRB data access listing should:
Note: This must all be documented electronically or on paper, approved by the PI and the data manager should be informed.
Note: The data manager will create an individual folder on the secure server or cloud server for each separate study project.