Private information must be secure from the point of its initial collection to the time it is destroyed (or the point at which all identifiers are removed from it). Common practices to secure all research records include storing them in locked file cabinets and offices or on password-protected computers. All laptop computers or other mobile devices such as PDA’s, flashdrives etc used in the field to collect data should be password-protected and not left unattended unless secured from theft or encrypted. This concept also applies to the banking of data, or biological materials, for secondary uses. Thus, investigators must ensure that data banks and repositories maintain appropriate security, including ensuring that investigators gaining access to these data or materials have appropriate safeguards to continue to protect the data. This can be accomplished through the use of formal requests and requiring proof of IRB approval for secondary research projects. When collecting highly sensitive information, investigators should attempt to design protocols that provide for anonymous collection of data. This removes any risk of harm to the subject if the information is disclosed. When the study design requires that identifiers be associated with sensitive private information, investigators should code and strip the identifiers from the private information if possible. This can be accomplished by coding subject identification information on research data files and maintaining the linking mechanism in a secure location separate from the location where the remaining data is stored. In this way, if an unauthorized individual gains access to the data, he/she will not know to whom the data refers. Paper field notes and video and tape recordings should be kept in a secure area, in locked boxes, and/or be encrypted. Investigators should consider destroying field notes, video and tape recordings once transferred to data files. If sensitive data are to be stored on computer networks and servers, investigators should consult with technology experts, such as those at Yale ITS, to ensure that access to the network or server is appropriately protected from unauthorized use. Encrypting data stored on computers, particularly on portable devices such as laptops, PDA’s, CD’s, flashdrives etc, and not using e-mail to transfer sensitive data between collaborating investigators (unless encrypted) are additional ways to secure data. If collecting particularly sensitive data using video or audio recordings, investigators should transcribe the original recordings, or summarize the data available from them without identifiers, as soon as possible, and erase the original recordings. All protocols involving the collection of sensitive private information should include a requirement to destroy screening logs at the end of the recruitment phase and delete all identifiers at the end of the study, whenever possible.
Even if direct identifiers are not collected, investigators should be aware of information that might be collected during the study that could allow someone to infer a subject’s identity (such as address, occupation, dates of research interventions, hotel receipts paid by the study grant, IRS payment disclosures, and other similar information). All such data should be considered confidential and maintained accordingly.
The location where private information will be collected should also be thoughtfully considered during the design phase. In some instances, a subject’s presence at a particular location and time could imply participation in a study (e.g., if they are observed in a particular location within a community center where subjects are interviewed on domestic violence). When highly sensitive information is collected, protocols must designate a data collection location or incorporate procedures that will shield the subject from observation by the community while participating in the study.
When particularly sensitive information regarding drug abuse or other illegal activities is collected from subjects, investigators should consider obtaining a federal Certificate of Confidentiality (COC). A COC is one method for protecting subjects’ identities from forced or compelled disclosure during legal proceedings. Additional information on COCs can be found in the Specific Guidance on Special Issues section of this module.
Lastly, it should be noted that some data collection sites or sponsors such as the Veteran’s Administration require additional data security measures be taken. Researchers working off site need to be aware of the applicable policies and regulations.