Data Protection Plan Requirements and Guidelines for DNORS Restricted Data - Version 4

This page describes the required contents of the Data Protection Plan for DNORS Restricted Data Version 4. It describes the basic information that all Data Protection Plans should include, the type of protection expected, and the disclosure rules for presenting and publishing results based on these data.

Researchers requesting Version 4 of the DNORS Restricted Data must use a Secure Data Enclave. The Secure Data Enclave must implement a complete set of physical and computer security measures. Data users interested in using Version 4 of the Restricted Data should consult with DNORS staff before submitting a preliminary application.

Researchers should propose to set up a physical enclave, with a dedicated computer (and printer, if needed) that is not connected to any type of network (LAN or otherwise) and that is kept in a locked room with limited access.

The Version 4 Data Protection Plan must describe the following elements of the work and computing environments:

List and describe all locations where the original and any copies of the data will be kept (and provide building name, street address, and room numbers);
Describe the computing environment in which the data will be used, including:
- Computing platform (e.g., personal computer, workstation, mainframe) and operating system;
- Number of computers on which data will be stored or analyzed;
- Whether PCs used in the research project will be on a network or will be stand-alone.
- Physical environment in which computer is kept (e.g., in room with public access, in room locked when not in use by research staff)
- A list and description of all devices on which data will be stored (e.g., network server, mainframe computer storage device, PC hard drive, removable storage device such as CD, floppy drive, or zip drive);
- Methods of data storage when data are not being used;
- Methods of transmitting the data between research team members (if applicable);
- Methods of storage of computer output both in electronic form and in hard copy (on paper or other media); and
- Instruction in data protection policies that will be provided to each staff member and student before they receive access to the data as well as recurrent instruction that will be conducted at least annually.

Types of Protection Expected

Although a successful Data Protection Plan for DNORS Version 4 may vary across research projects and depend on the host institution. It must be based on providing exceptional security for the data. The plan must be developed in consultation with DNORS staff.

The Data Protection Plan should also specify the following items:

Prepare and maintain a log of all data files acquired. Record dates that data and paperwork are received and returned or destroyed;
Pledge to destroy all files containing Restricted Data at the end of the project;
Report any and all violations of the Data Safeguarding Plan to RAND, the Restricted Data Investigator, and the home-institution IRB;

The Restricted Data Investigator must regularly monitor procedures for use of the data by all project staff and collaborators. Clear rules about Restricted Data Protection Requirements should be posted in a location that is readily visible to staff. At the conclusion of the research project, all original DNORS Restricted Data files and all analytic data files containing DNORPS Restricted Data elements and unpublished printouts must be destroyed.

Disclosure Rules

The Data Protection Plan must carefully describe how researchers and staff members will avoid inadvertent disclosure of respondents' geographic locations or identity in all working papers, publications, and presentations.

At minimum, researchers must agree to exclude from any type of publication or presentation, the following information:

Listing of individual cases;
Description of individual case;
Listing, description, or identification of a tract or tracts by number, by name, or by descriptive information;
Maps with any features (such as landmarks, road networks, original tract shape or physical features) that allow tracts to be identified; and
Summary statistics or tabulations by geographic level below the 13 New Orleans Planning Districts.

School Districts Still Struggled in Year Three of the Pandemic

Superintendents Have High Job Satisfaction and Normal Turnover Rates

Recovered, but Not Whole: U.S. Jobs Rebounded but Not for Everyone

The 'Right to Life' Will End Up Killing Women

988 Mental Health Hotline: Connecting People to Care

The Policy Currents Podcast

Improving Psychological Wellbeing and Work Outcomes in the UK

Managing Escalation in Crisis and War

Getting to Know Military Caregivers and Their Needs

Planning for the Rising Costs of Dementia

Data Protection Plan Requirements and Guidelines for DNORS Restricted Data - Version 4

Types of Protection Expected

Disclosure Rules

Connect

Contact Us

I am interested in

Follow

Stay Informed

Resources

Site Information