Data Protection Plan Requirements and Guidelines for DNORPS Restricted Data

This page describes the required contents of the Data Protection Plan for DNORPS Restricted Data. It describes the basic information that all Data Protection Plans should include, the type of protection expected, and the disclosure rules for presenting and publishing results based on these data.

The DNORPS Data Protection Plan must describe the following elements of the work and computing environments:

  1. List and describe all locations where the original and any copies of the data will be kept (and provide building name, street address, and room numbers);
  2. Describe the computing environment in which the data will be used, including:
    • Computing platform (e.g., personal computer, workstation, mainframe) and operating system;
    • Number of computers on which data will be stored or analyzed;
    • Whether PCs used in the research project will be on a network or will be stand-alone.
    • Physical environment in which computer is kept (e.g., in room with public access, in room locked when not in use by research staff)
    • A list and description of all devices on which data will be stored (e.g., network server, mainframe computer storage device, PC hard drive, removable storage device such as CD, floppy drive, or zip drive);
    • Methods of data storage when data are not being used;
    • Methods of transmitting the data between research team members (if applicable);
    • Methods of storage of computer output both in electronic form and in hard copy (on paper or other media); and
    • Instruction in data protection policies that will be provided to each staff member and student before they receive access to the data as well as recurrent instruction that will be conducted at least annually.

Types of Protection Expected

Although a successful Data Protection Plan may vary across research projects and depend on the host institution, it should include some or all of the following features:

  • Password-protected access to all computers storing the data;
  • Automatic activation of password-protection after five minutes of inactivity on the computer;
  • Encryption with password protection of all files containing data (identify encryption software to be used);
  • No storage of the data on laptop computers, unsecured network servers, etc.;
  • No automated backup copying of the data;
  • Secure storage of any and all removable devices holding the data (e.g., CDs, diskettes, zip drive disks, etc.), through encryption and storage in a locked compartment or room when not in use;
  • Storage of detailed printouts derived from data analysis in a locked compartment or room when not in use;
  • Shred all detailed listings and printouts that are no longer needed;
  • Prepare and maintain a log of all data files acquired. Record dates that data and paperwork are received and returned or destroyed;
  • Pledge to destroy all files containing Restricted Data at the end of the project;
  • Report any and all violations of the Data Safeguarding Plan to RAND, the Restricted Data Investigator, and the home-institution IRB;
  • No transmittal of data or detailed tabulations via email or email attachment (either over the Internet, an Intranet system, or within a local area network). Data can be transmitted by secure FTP provided that the data files are password protected and encrypted and the files are not placed on a public server that is accessible without a password;
  • Use of email, email attachment, FTP, or any other means of electronic transfer restricted to transmitting results from regression analyses and aggregate descriptive analyses; and
  • Brief all research staff that have access to the Restricted Data about the Data Protection Plan, appropriate Data Protection Requirements, and penalties for inappropriate use.

The Restricted Data Investigator must regularly monitor procedures for use of the data by all project staff and collaborators. Clear rules about Restricted Data Protection Requirements should be posted in a location that is readily visible to staff. At the conclusion of the research project, all original DNORPS Restricted Data files and all analytic data files containing DNORPS Restricted Data elements and unpublished printouts must be destroyed.

Disclosure Rules

The Data Protection Plan must carefully describe how researchers and staff members will avoid inadvertent disclosure of respondents' geographic locations or identity in all working papers, publications, and presentations.

At minimum, researchers must agree to exclude from any type of publication or presentation, the following information:

  • Listing of individual cases and
  • Description of individual cases.