In this section you will provide the long-term plan for the data including how the data will be reported, stored, and potentially shared with others.  To learn more about research records retention and destruction approval requirements, please see the UVA's Records & Information Management website regarding current requirements for research records.

Data Reports & Storage Questions

How will data/materials be stored? What measures will be taken to secure these data during collection and analysis? If the data includes recordings, what will be done with the recordings? Describe the long-term plan for maintaining the data when the active research phase is completed.

Properly storing data can be as critical as carefully collecting it; it the data are sensitive, you will need to have an appropriate data security plan in place. Data security is a UVA policy, not just an IRB-SBS recommendation. For more information, see UVA Information Security. The UVA Library has an excellent site on research data management. In addition, UVA Information Security's Security Guidance outlines the policies regarding data security, particularly security for highly sensitive data. In this question, you will need to demonstrate that you have a plan that is compliant with UVA policy and meets the standards necessary for the data’s level of security. Studies that are considered “highly sensitive” will be reviewed by an information security professional as part of your IRB-SBS review process.

How will data/materials be reported for this study? Will the results be reported in aggregate, or will individual data be discussed?

Understanding how the data will be reported is an important component in assessing how well a participant’s confidentiality will be protected. Confidentiality doesn’t necessarily need to be guaranteed; rather, a participant needs to understand how their data will be used and that information needs to be included in the consent form. The Board will compare your answers in this section (and others in the protocol) to what you’ve provided in the consent form to make sure that the participant is receiving the complete picture when they are provided the opportunity to consent.

If a participant decides to withdraw from the study, how will you handle their data?

Not every study will be able to guarantee that data can be withdrawn from a study if a participant decides to withdraw; however, if it’s possible, the option should be presented to the participant in the consent form. Essentially whatever process you have for withdrawing the participant should be described here and it will need to match what is described in the consent form. If you can’t withdraw a participant’s data, they need to understand that fact before they provide consent.

Do you plan to publish your raw data after the study is completed?

Increasingly more researchers are publishing raw data and making it accessible for other researchers. In some ways, this reduces the burden on participants as researchers can reuse data rather than duplicate efforts by gathering their own data and putting other participants at risk. However, if you plan to publish your raw data or even if you think it is a possibility, this fact needs to be communicated in the consent form. It is much easier to inform participants of the possibility (even if it doesn’t happen) than try to inform participants about the additional use of their data after the fact.

Will other parties (i.e. other corporations, institutions, researchers) have access to or retain a copy of the data?

If the answer to this question is yes, please include this information in the consent form so that participants understand how their data will be used.

 

 

Pre-Reviewer Evaluation

  • The plan for protecting the confidentiality of the data been described, including storage (location, duration) of the data and access by others.

 

IRB-SBS Reviewer Evaluation

  • The confidentiality protection plan for data that are collected and stored via the Internet is technologically sound.
  • Appropriate measures are included to protect vulnerable participants in regards to how their information is managed and protected.

 

Related Sections