Human Research Protection Program

Data Management and Protection

For detailed information on how to protect research data, see HRPP’s Guide to Data Management and Protection (pdf).

When conducting human subjects research, as the investigator you must be mindful of how you will protect the privacy and confidentiality of your research subjects and the safety of the research data — both while the research is being conducted and once it has been completed. A large part of this is how you transfer and store the data you collect. 

In fact, Institutional Review Board approval cannot be granted without a description, in your protocol, of an appropriate research data management plan. Your research data management plan must describe how the data will be stored while they are being collected, transported and analyzed; how they will be treated (confidentially, de-identified); and how/when/if they will be destroyed once the research is complete. 

How you manage and protect the research data will help determine the level of safety and protection you afford them.

Why Is Data Management Important?

Data management protects the privacy and confidentiality of your subjects, and the safety of the research data. As an investigator, you have the responsibility to do all you can to uphold the pledge you make to your subjects during the informed consent process to protect their privacy and keep their data safe. 

Your research data must be protected from many things such as loss, theft, corruption and cyberattack. The more sensitive the data, the more significant these threats become. 

Keep in mind that all research involves some risk and, in reviewing your IRB protocol, the Institutional Review Board will assess the potential risks to participants and evaluate your plan for minimizing these risks — a plan that includes proper data management and protection. Note that such a plan is required even when conducting minimal risk research and dealing with anonymous or de-identified data.