Data Security
IRB Standard Operating Procedure
Keeping your information secure while using any device connected to the internet is always recommended, but additional layers of protections are advised if your research involves personally identifiable information.
The IRB now requires that all human participant data be stored on a College of Charleston server, not on a local device (see Local Storage below) whenever possible.
If you will be doing human participant research involving sensitive personally identifiable data you will be required to explain the data security measures in the IRB application in the Privacy and Confidentiality Section.
Data in Transit
Regular email is NOT secure. If you need to transmit or receive sensitive information the following options are available for the use of College faculty and staff:
- SecureShare is a Web-based application that allows faculty and staff to securely and temporarily share files across campus and externally. You can access Secure Share off campus as long as you have internet connection. You may also share files with members of the general public. In doing so, you must initiate the share.
- The College email encryption service allows approved campus Exchange email users (cofc.edu) to send sensitive data safely and securely to external users (non cofc.edu). The email encryption service ensures that the recipient retrieves the message through an encrypted web portal for a more secure transmission.
International research
If you are doing research outside the United States, the IRB requires that you do not store any human participant data on a local device. Upload your information as soon as possible to secure cloud storage. Local devices, including flash drives, are easily lost or stolen. This can result in your loss of research data and, if you are doing sensitive research, you may endanger your participants.
Cloud storage
Some recommended storage services that encrypt end-to-end or encrypt your data before uploading are:
- OneDrive
- Google Drive on your computer (but NOT on a mobile device)
- Sync.com (must pay for this service)
- Amazon (must pay for this service)
- Dropbox
Protecting data stored locally
Local storage means keeping information on a disk or drive which is directly attached to the computer or device.
If you must temporarily store your data locally, be sure that the device is kept in an area that is physically secure, for example, password protection, restricted access to the room, and locks on server and storage area. You must encrypt your data if they contain personally identifiable sensitive information.
The College of Charleston’s IT Department has some guidance on keeping your device(s) secure. Primarily, you will want to make sure the following are in place:
- up-to-date and running antivirus software,
- up-to-date Operating Software and Applications (most recent security patches), and
- a strong password.
If you are using a computer on campus, then the computer will already be connected to a secure network. If you are using your home network, then you will want to make sure that it is a secure as possible. A physical connection is always the most secure, but if you use Wi-Fi, you will want to take a few extra steps to make sure that your connection is secure.
More information about securing your home network can be found at cisa.gov.
----------
IRB related questions? Contact compliance@cofc.edu.
Technical computer system questions? Contact helpdesk@cofc.edu.
----------
IRB Approved: October 13, 2017
Revised: October 4, 2019