skip to main content columnskip to left navigationskip to horizontal navigation

Information Technology Services

Digital Research Data Storage and Backup

 

Digital Research Data Storage and Backup

an Information Technology Services Policy

Purpose

To assure that digital research data are stored and backed up in appropriate locations and identify persons responsible.

    1. Section 1 - Definitions:

Data Backup: Data Backup refers to a secondary location to which data files are copied and from which data files can be retrieved in the event that data files in the initial storage location unexpectedly become unavailable.

Data Categories:

  • FERPA Research Data: Research data that include the use of a student’s educational record.
  • Fundamental Research Data: Research data not related to humans.
  • HIPAA Research Data: Highly sensitive data that include identifiable human subject data collected or created in conjunction with a HIPAA covered research study as classified by the ETSU/VA IRB.
  • Other Sensitive Human Subject Data: Research data that have identifiers that are not covered by HIPAA or FERPA.
  • Unidentifiable Human Related Research Data: Research data related to humans but which contain no recognizable human identifiers.

Data Encryption: Protection of data by conversion into an encoded format that requires a decryption key for data access.

Data Storage: Data Storage refers to the initial location where data files are deposited and saved.

    1. Section 2 – Responsibility for Research Data Storage and Backup:
  • All researchers, and student researchers and staff under their supervision, share the responsibility for storage and backup of research data for the duration of their research studies.
  • Student researchers must provide copies of their research data to their research supervisors at intervals determined by the supervisor and at the conclusion of the study.
  • The research supervisor or designate is responsible for storage and backup of data for a period of 6 (six) years from the end of the calendar year in which the study is closed or for the requisite time period specified by the research sponsor or other regulators, whichever is longer.
    1. Section 3 - Appropriate Storage and Backup Locations for Digital Research Data Files:
  • HIPAA Research Data must be stored in a research project folder in the appropriate College folder on the HIPAA-compliant network drive. These files are encrypted and backed up by ITS Systems Support. Access must be restricted to authorized persons.
      • Contact the HIPAA Compliance Officer if you require access to this drive.
      • Researchers who require any long term storage solutions other than the HIPAA-compliant network drive must contact the HIPAA Compliance Officer.
  • FERPA Research Data, and Other Sensitive Human Subject Data should be stored in a research project folder on a network drive. It is recommended that files be encrypted by the research study staff. Files on the network drive are backed up by ITS Systems Support. Access must be restricted to authorized persons. If encryption is used, encryption keys should be backed up by the Principal Investigator to their ETSU MS OneDrive for Business account behind ETSU account credentials.

  • Fundamental Research Data and Unidentifiable Human-Related Research Data should be stored on ETSU-owned internal computer drives, behind ETSU account credentials, and backed up to one of the following:
      • ETSU MS OneDrive for Business account behind ETSU account credentials (and not a personal OneDrive account);
      • an ETSU-purchased external hard drive (not a personal external drive); or
      • an ETSU-purchased USB flash\thumb drive (not a personal flash/thumb drive).
    1. Section 4 – Special Notes to Student Researchers:
  • Student researchers share in the responsibility for safe, secure data storage and backup with their faculty research supervisors.

  • HIPAA, FERPA, and Other Identifiable Human Subject data are deemed highly sensitive. 
      • If you require a copy of HIPAA, FERPA, or Other Identifiable Human Subject Research Data to work on when you are not on the campus network, the data may be temporarily stored on an encrypted USB flash\thumb drive. The encrypted drive should be purchased with research funds or by the department or college under which the research is performed.
      • You should not copy HIPAA or FERPA research data to a personal computer.
  • Fundamental Research Data and Unidentifiable Human-Related Research Data may be temporarily stored on your password protected personal computer or laptop. If for any reason your research supervisor does not have a copy of the data, it is recommended that you provide them with a copy and back up the data to one of the following:
      • unshared folders of your ETSU MS OneDrive for Business account, behind ETSU account credentials,
      • a USB flash\thumb drive that is not shared with anyone other than your research supervisor, or
      • an external hard drive that is not shared with anyone other than your research supervisor.
    1. Section 5 - Examples of Storage or Backup mechanisms which are NOT appropriate for HIPAA Research data:
  • Dropbox
  • Google Drive
  • Personal cloud storage accounts
  • Unapproved business cloud services (contact HIPAA Compliance Officer)
  • Personal computers, personal flash drives, personal external drives
  • Personal mobile devices
  • Network Drive
    1. Section 6 – Contacts

HIPAA Compliance Officer – Lindsay Daniel, , (423) 439-8533

Director, Research Computing – David Currie, , (423) 439-6457

    1. Section 7 – Main Features of the Research Data Storage & Backup Policy
 

Research Date Type

Security
Risk

Data Encryption

 

Password Protection

Data Storage

 

Data
Backup

Data
Access

Temporary Off-Network Copy

HIPAA Data

High

Required; data are encrypted in transit to the network drive*

 

Required

Stored in a Network Drive Project Folder by Researchers*

 

Backed up to tape drive by ITS

Authorized Study Staff Only

Encryption required on ETSU-owned USB Flash Drive

FERPA and Other Identifiable Human Subject Data

High

Recommended; if you encrypt your data, save and back up your encryption key.

 

Required

Stored in a Network Drive Project Folder by Researchers**

 

Backed up to tape drive by ITS

Authorized Study Staff Only

Encryption required on ETSU-owned USB Flash Drive

Fundamental and Unidentifiable Human-Related Data

Low-
Moderate

Optional

 

Required

Stored on ETSU Owned Computer Internal Hard Drives by Researchers***

 

Backed up to ETSU One-Drive Accounts by Researchers

Authorized Study Staff Only

Encryption optional on an ETSU-owned USB Flash Drive

*Researchers who require access to the network drive must contact the HIPAA Compliance Officer –

*Auto encryption of data during transmission to the network drive occurs only for Windows 10 users.

**Principal investigators who require access to the network drive should use the link below to request a project folder with access restricted to the study staff; ITS will assign a name to the folder; please include the names and ETSU e-mail addresses for additional study staff who require access to the project folder in section 4 of the form.
Return the completed application form Attention ITS, Box 70728.  Computer Account Request Form

***If the principle investigator for a Fundamental Research Project is an ETSU employee, they may request space on network drive. Data stored on the network drive are backed up by ITS.

Notes:                 
Export Control Compliance – Before transporting or transferring unpublished research data in or out of the country, or presenting unpublished data outside of the country, consult with the Assistant Vice President of Research and Director of Sponsored Programs, Wendy Eckert.

icon for left menu icon for right menu