Research Data Security

Many ECU faculty, staff, and student members engage in research that involves the collection or use of identifiable private information. Federal law and ECU Policy provide specific guidance for protecting personally identifiable information (PII). Specific information for researchers regarding University requirements for conducting research may be found within the Research and Graduate Studies Division.

Information contained on the RGS site is intended to provide guidance to researchers in protecting PII and other sensitive data that might be included in their research information.

Guidelines:

• Store the data on a secure server or Pirate Drive rather than personal desktops or portable devices
  - ITCS managed servers and Pirate Drive have layered security and credentialed administrators for added security
  - Desktops and portable devices are more vulnerable to theft and viruses
• Do not store the data on home computers
• Encrypt PHI or PII stored locally on your desktop or any portable device
• - IronPort Encrypted Flash Drive
  - Guardian Edge
• Encrypt the transmission of PHI or PII (e-mail, file transfer to other agencies, CDs, etc.)
• Physically secure both electronic and paper files
• Do not store backup copies of research data on unencrypted storage devices – flash drives, CDs, home PC, etc.  

Click on the Research Data Security Checklist to assist you with answering your research data security questions.  

Resource Links:

SSN Use, Disclosure and/or Storage Request Form

HIPAA De-identification Requirements

ITCS Sensitive Data Acceptable Storage Device List

Data Transmission Security Checklist

National Science Foundation (NSF) Data Management Plan

National Institutes of Health (NIH) Data Security Requirements

To learn more, access a list of guidelines from the Sensitive Data page.