Skip to main content
Skip to main content

Protecting Research Data

Data Confidentiality

Both the Common Rule and FDA regulations require attention to the privacy of research subjects, including the confidentiality of data about them. HIPAA adds its appropriate safeguards requirements for most research data derived from health care records.

Data confidentiality requires a secure computing environment. If you keep your research data on a personal computer, it is essential to follow basic security steps like keeping it physically secured, updating your software to keep it current, using access protections such as individual passwords, and generally following secure computing practices.

What FSU data is considered sensitive or confidential and needs to be protected?

Any data containing confidential, personal information related to business, financial, or medical transactions must be protected from loss, misuse, modification, and/or unauthorized access. This includes name, birth date, address, telephone number, social security number, personal photograph, amounts paid or charged in financial transactions or account numbers.

A caveat to this definition is the release of student “directory” information which includes a student’s name, address, telephone number, place and date of birth, honors and awards, and dates of attendance. Students can request non-disclosure of this information, and then it is not allowed.

Each department should have someone designated to be in charge of the protection of sensitive or confidential data. All employees who have access to sensitive or confidential data should be informed and trained about the protection of the data and should sign the Employee Confidentiality Statement.

For more information please read OP-F-7 Policy on Safeguarding of Confidential Financial and Personal Information

Resources

FSU Information Technology Services

National Institute of Standards and Technology - Computer Security Resource Center (CSRC)
A good overall resource for information security materials

United States Computer Emergency Readiness Team (US-CERT)
Another good overall resource for information security materials

Guidelines for Responsible Data Management in Scientific Research

Educational course about conducting responsible data management