Skip to main content

FAQ - Study Data Security Requirements


What types of data must be maintained for a minimum of three years after the close of a study?

  • Signed participant consent/assent documents
  • Signed Parental/Guardian permission forms
  • Any other materials as directed by the HRRC that are not posted to protocol record on IRBNet

For an FDA regulated protocol, please contact the RPP office.

Go Back


Is it true that a student cannot have the data collected for his or her thesis or dissertation?

No. Students who have conducted research as fulfillment of a degree requirement may have a copy of the data as long as the original data are maintained on GVSU's campus.



Am I required to destroy my research data after three years?

No. Federal Regulations requires a minimum data storage period of 3 years after the close of the study, but no maximum storage period; data may be stored indefinitely. After the 3-year minimum storage period, the disposition of the data is at the discretion of the Principal Investigator.

For study materials that are subject to protection under HIPAA as protected health information the minimum storage time is six (6) years.

Signed consent forms may be scanned, digitized and stored electronically on a secure server.

Go Back


If I collect anonymous survey data from many subjects, do I have to keep all of the returned surveys for three years?

No. If the research is completely anonymous, including the consent process or documentation, data may be stored electronically as follows.

  1. All collected data must be input to a database or spreadsheet, and a printout generated.
  2. The printout must be verified against the actual returned surveys and must be 100% accurate; researchers should initial and date the verified printout.
  3. The database or spreadsheet must be saved to a disk (or larger storage disk or magnetic tape, as appropriate) and an additional back-up copy created.



Understanding and implementing the private information security policy

Appropriate Data Storage

At GVSU, data is appropriately stored on the L and N Drives of GVSU servers where it is secure and regularly backed up. These drives can be accessed from other locations on and off campus.

Sensitive data (for example, Social Security Numbers, unlisted phone numbers and grades) should not be stored on local drives (such as the "Desktop" or C drive of desktop computers and laptops) nor on removable disks, such as peripheral disk drives, CDs, DVDs or flash drives (also known as thumb drives or memory sticks). Not only are these disks and drives susceptible to theft, unintended trips through the laundry, accidental breakage or loss, they are not routinely backed up. Sensitive data should never be stored on home computers. See the HRRC policies and guidance on data security which can be accessed from our home web page.



What if my method of data collection involves FOIA requests?

If you research project uses FOIA requests to collect data, the University Counsel Office has offered to be available for any questions and/or concerns you may have.

Please contact Tom Butcher at 331-2067 or for advisement.



Resources for Data Security

Grand Valley State University's Interim Social Security Number Privacy Policy:

Grand Valley State University - Information Technology Unit Confidentiality Agreement & Security Policy Revised 6/16/08:

How to password protect a PDF document
Create a PDF document in the usual manner. In the open PDF document, click on Advanced, and then Security, and then Password encrypt. Follow the prompts. Take care not to forget the password as IT cannot "unlock" these for you.

How to Password protect a Word document
Security Use passwords that combine letters, numbers, and symbols. Weak passwords don't mix these elements. To make it memorable, it may help to substitute symbols and numbers that resemble the replaced letter. For instance, Sydney becomes $ydn3y or grateful becomes &r@t3fu1.

  1. Open the file.
  2. On the Tools menu, click Options, and then click Security.
  3. Do one of the following:

    Create a password to open

    1. In the Password to open box, type a password, and then click OK.
    2. In the Reenter password to open box, type the password again, and then click OK.

    Note: Microsoft has added password protection capability to many features in Office to help prevent unauthorized access to important information. If you are unable to access information because you do not know the correct password, please realize that: Microsoft support professionals cannot assist, under any circumstances, in the breaking of passwords applied to files and features within Microsoft programs.

    How to password protect an Excel document
    To allow only authorized users to view or modify your data, you can help secure your entire workbook file with a password .

    1. On the File menu, click Save As.
    2. On the Tools menu, click General Options.
    3. Do either or both of the following:
      • If you want users to enter a password before they can view the workbook, type a password in the Password to open box, and then click OK.
      • If you want users to enter a password before they can save changes to the workbook, type a password in the Password to modify box.

      Note Unlike passwords you specify in the Password to open box, passwords you specify in the Password to modify box are not encrypted. These passwords are only meant to give specific users permission to modify workbook data. For optimal password security, it's best to assign both passwords. An encrypted password to access the workbook, and one to provide specific users with permission to modify its content.

    4. If you want to use a different encryption type, click Advanced, click the type you want in the Choose an encryption type list, and then click OK.
    5. If needed, specify the number of characters you want in the Choose a key length box.
    6. Click OK.
    7. When prompted, retype your passwords to confirm them.
    8. Click Save.
    9. If prompted, click Yes to replace the existing workbook.

    Note You can also secure a workbook with a password on the Security tab of the Options dialog box (Tools menu, Options command).

    How to check for hidden columns in Excel
    Before you e-mail an Excel file, remember that a cursory look at a spreadsheet might suggest there is no sensitive data present when in fact entire columns or rows of such data are present. Just make sure that such information has not been hidden from view. The Hide feature can remove from sight whole columns or rows. Sometimes you will spot this by noticing that the column letters or row numbers are not sequential (that is, A, B, C, G, H... suggests that columns D, E and F are hidden). To Unhide, select the data columns or rows on either side and right click to Unhide.

    How to delete a column in Excel spreadsheets or Word tables
    In Excel or Word, select the column you wish to delete and then right click and choose the option to Delete (in Excel) or Delete Column (in Word). This technique can be useful for pruning out unnecessary but sensitive data, such as Social Security Numbers, from a table that is otherwise worth retaining.

    How to limit access to an L drive folder
    According to the Help Desk, while we cannot password protect folders within the L Drive, we can protect the documents within them by adding password protection (see above). The IT department can also set up specially defined shared folders.