Submitted by Andrew.Johnson on Tue, 08/18/2015 - 17:26
Thank you for your question! There are two main things you have to think about: security of the physical space and security of the technology. If you're getting data from a provider, they will tell you what you have to do to secure it. To get help complying with those requirements, you may want to go to your central IT department, your Office of Research Protections, your Office of Sponsored Programs, and/or the dean of your department. If you are collecting data yourself, here are some best practices to help you design a security plan: best practices for physical space - a room without a master key, that restricts access to only key project personnel - a way to secure materials within the room (e.g. having a locking drawer or cabinet) best practices for technology - a non-networked computer or a computer networked to a partitioned server - with antivirus software installed and regularly updated - password protected - all necessary tools for analysis installed If you're a student, you'll most likely need to have faculty member sign off on your project, whether you're collecting data yourself or using data from an external source.