About Data Security

Overview of IPA’s data security standards and implementation guides for protecting sensitive research data, including PII handling, device security, encryption protocols, and compliance requirements.

Data security is a fundamental responsibility in research involving human subjects. At IPA, we implement comprehensive protocols to protect sensitive research data, maintain respondent confidentiality, and ensure compliance with ethical and legal requirements.

Why Data Security Matters

Research data often contains personally identifiable information (PII) and sensitive details about study participants. Protecting this information is essential for:

• Ethical responsibility: Honoring the trust participants place in researchers
• Legal compliance: Meeting requirements from IRBs, donors, and regulations like HIPAA and GDPR
• Research integrity: Preventing data breaches that could compromise study validity
• Organizational reputation: Maintaining IPA’s standing as a responsible research institution

Our Approach to Data Security

IPA’s data security framework addresses the complete research data lifecycle:

• Data Collection: Encrypted surveys, secure devices, and field protocols
• Data Storage: Multi-layer encryption using tools like Cryptomator and SurveyCTO
• Data Processing: Access controls, PII separation, and secure analysis environments
• Data Sharing: De-identification procedures and approved publication practices
• Data Retention: Secure archiving and timely destruction of PII per IRB requirements

Key Security Principles

Our data security protocols are built on these core principles:

1. Encrypt everything: All PII must be encrypted at collection, transmission, and storage
2. Separate early: Remove PII from research data as soon as possible
3. Limit access: Only IRB-approved, trained staff can access PII
4. Document everything: Maintain clear records of security procedures and incidents
5. Plan for emergencies: Have protocols ready for device loss, data breaches, and technical failures

Documentation Resources

Standards and Protocols

• Data Security Protocol - Reference guide with IPA’s complete data security standards
• PII Handling Standards - Definitions and protection requirements
• Encryption Requirements - Technical standards for data protection

Implementation Guides

• How to Implement Data Security Protocols - Step-by-step implementation guide
• Quick Start Security Setup - 30-minute essential security checklist
• Role-Specific Checklists - Tailored procedures for different team roles
• Emergency Procedures - Response protocols for security incidents

Tools and Training

• Cryptomator Setup Guide - File encryption for cloud storage
• SurveyCTO Encryption - Survey data protection
• Human Subjects Training Requirements - Mandatory certifications for PII access

Getting Started

New to data security at IPA? Start with these essential steps:

1. Read the standards: Review the Data Security Protocol to understand requirements
2. Complete training: Ensure you have required human subjects protection certification
3. Set up your environment: Follow the 30-minute Quick Start guide
4. Know your role: Check the role-specific checklists for your responsibilities

Questions or Issues?

For data security questions or to report security incidents:

• Contact your project’s designated Data Security Coordinator
• Refer to the emergency procedures for urgent situations
• Review troubleshooting guides in the implementation documentation

Remember: When in doubt about data security, always ask for guidance rather than risk a breach.