Data Management: Working Data: Policies & Practices

Faculty Manual 7.2: Faculty Research and Scholarship

IT Security: Guidelines for Protecting Sensitive Data

ECU PRR: University Student and Employee Computer Use Policy

ECU PRR: Academic Computer Use Policy

ECU PRR: Family Education Rights and Privacy Act (FERPA or Buckley Amendment)

ECU PRR: Health Insurance Portability and Accountability Act (HIPAA) Privacy Policies

ECU PRR: Health Insurance Portability and Accountability Act (HIPAA) Security Policies

ECU PRR: Social Security Numbers (SSN) and Personal Identifying Information (PII) Regulation

ECU Standard for Collection, Use, Disclosure of SSN and PII

• Family Educational Rights and Privacy Act (FERPA)

• Health Insurance Portability and Accountability Act (HIPAA)

• North Carolina Identity Theft Act

Who owns the data I collect?

• You AND the University (see Faculty Manual 7.2, IV.E).

How long must this data be retained?

• In general, at least 5 years (or longer if required by funder)
• High value data sets may need to be kept for longer periods

When should I encrypt my data?

• Any time it's sensitive (that which could cause harm to individuals, the university, or the intellectual property rights of the researchers and sponsors) and...
  • Any time you're sending data off-campus
  • Any time you're storing on a mobile or personal device

How can I share data responsibly with off-campus collaborators?

• If you are the PI and the data are NOT sensitive, use OneDrive or a departmental PirateDrive folder.
• If you are the PI and the data are sensitive, consider a departmental PirateDrive folder or Project REDCap for PHI. FERPA data that does not include SSNs may be stored in OneDrive.
• If the external research collaborator is the PI, follow the protocols of the host institution and if you downloaded data, follow both the host protocols and ECU's recommended practices. (Contact Kathy Verbanac or Mary Farwell if there are conflicts in recommended practices between institutions.)
• Consider a Data Use Agreement for external collaborators.

Can I use Cloud Computing services?

• OneDrive is the only approved Cloud Computing solution approved for ECU research and academic data. See ITCS's Cloud Computing and ECU Data guidelines

How do I pay for data storage?

• Write it in your grant.
• Contact your Chair or Associate Dean for Research to determine whether there are departmental or college-level funds.