Sample Data Security Plans

Please note that the following are not requirements, but examples of what procedures are possible.

Low Security

Project: Survey of Middlebury College students (over 18) regarding their perceptions of campus environmental policies. Names and email addresses will be collected so that participants can be entered into a prize drawing and/or be contacted for follow-up interviews.

Data Security Plan: Surveys will be collected via a Middlebury-supported platform: Qualtrics. Identifying information will be stored separately from survey responses and linked with a code that only the researcher has access to. The identifying information and code will be stored on the researcher’s OneDrive account, which is password protected. Data files will be deleted when the project is complete. Note that for low-risk projects, the Data Security Plan is composed of information submitted via the application, plus anything agreed to during the review process.

Medium Security

Project: Survey and interviews with adults regarding traumatic childhood experiences. Identifying information will be collected on the survey in order to schedule the follow-up interview.

Data Security Plan: Identifying information will be stored separately from survey responses and linked with a code that only the researcher has access to. The identifying information and code will be stored on an encrypted flash drive that is kept in a locked office. Interviews will be transcribed and stripped of all identifying information; audio files will then be destroyed. The researcher also plans to take notes during the interviews, which may include some identifying information. The hard copy consent forms and the interview notes will be kept in the researcher’s locked office. Data files will be deleted, and all hard copy files shredded, after three years.

High Security

Project: Longitudinal study of gang members regarding drug use and criminal behavior, including surveys, interviews, and participant observation. Collecting names, photos, and identifying information is essential to the project in order to keep in touch with participants throughout the duration of the study and to document their experience. If data from the project were disclosed, subjects would be in legal trouble.

Data Security Plan: The researcher has worked with IT to come up with their data security plan. All identifiable information is stored on a dedicated computer that does not have a network connection and is not used for any other purpose; the computer is password protected and files are encrypted. The researcher stores the computer, camera, and photos in a locked file cabinet in a locked office that only they have access to. All files will be destroyed at the completion of the project in 10 years.