Data Storage and Ownership

Does the collection of data include human subjects data? 

  • If the data involves human subjects, see the section on IRB approval, and bring it to the attention of the IRB at the time of application.
  • Work with CALS Research Division to ensure appropriate data use terms are inserted into the subaward or negotiated in a separate Data Use Agreement (DUA).
  • If you are receiving data under a DUA, also consult with the IRB to determine the data security level.
  • Work with appropriate school IT security officer to ensure that the data is stored in accordance with any data security requirements.

Do you know what data security level your project belongs to and the according responsibilities? 

  • See the Data Security, Management, and Retention policies and supporting documentation at https://research.wisc.edu/data-security-management-and-retention/
  • Work with appropriate school IT security officer to ensure that the data is stored in accordance with any data security requirements.
  • When traveling abroad, data security risks may be elevated, depending upon the nature of the data and your destination.

How can you protect the security of your devices and the data on your devices? 

  • The security of devices and in particular, the data on those devices, should be considered in any international project. The risks can take many different forms from surveillance and theft to malware and hacks. The degrees of privacy and security can vary greatly from one country to the next.
  • To protect your information and devices—especially if you’ll be conducting research—it’s important that you develop a data security plan that both serves your project’s needs and adheres to the import and export controls and local laws of the host country.
  • Read up on tips to keep your data safer when traveling.
  • If secure network access is available, always connect to UW Madison’s network via VPN. And if a secure network is not available, consider using an “empty” machine to collect the data. Consider using an iron key or an encrypted external hard drive to store documents. Access to a SharePoint site of cloud service may also be accessible. If your project involves working with human subject data, contact your School’s Institutional Review Board (IRB) for approval. They may be able to connect you with a foreign IRB that can help you navigate the host country’s privacy and data protection regulations. The foreign IRB may also need to approve your research.
  • Cyberattacks and cyber monitoring are becoming more prolific and sophisticated. Be aware of and comply with visa, customs, and security rules to minimize the chances that you or your devices will be easy targets or selected for scrutiny.