Sensitive Data Practices & Storage: Guidance

Researchers should be aware of new data protection question in WVU+kc

In October, when submitting IRB protocols and proposals in WVU+kc, you will see this new question about protecting your human subject research or sponsored project data, “Does this project have data protection requirements?”

Your activity includes data protection requirements if you see the following statements or similar statements in your grant or data set usage terms and conditions:

  • “The computer where the research data will be stored must be in a locked room and cannot be connected to the internet.”
  • “The computer where the research data will be stored must be encrypted.”
  • “The researchers who will access the research data must use secure authentication.”

Identifying and securing data is becoming an increasingly common requirement from sponsored research granting agencies and/or other owners of data sets. All investigators should be proactive in ensuring that these data protection requirements are met.

If your activity has data protection requirements, please answer the new WVU+kc question “YES” and a WVU information security professional will contact you to work out a plan to move your project forward.

Please contact Information Technology Services at infosec@mail.wvu.edu if you are uncertain whether your data needs to be protected or if you want advice on an appropriate data protection plan.