Instructions for Preparing the Data Protection Plan for Use of Restricted CTS Data

Purpose of the Data Protection Plan: The Data Protection Plan becomes part of the signed agreement between ICPSR and the Restricted Data Investigator(s). If the agreement is executed, all members of the research team with access to the data are contractually obligated to follow all aspects of the Data Protection Plan. The fundamental goal of the protections outlined in this plan is to prevent persons who are not signatories to the Robert Wood Johnson Foundation Employer Health Insurance Survey [Community Tracking Study and State Initiatives in Health Care Reform Program], 1997 Restricted Data Use Agreement or the Supplemental Agreement With Research Staff from gaining access to the data. The agreement will not be executed if the plan is not written with sufficient specificity, or if data protections are not deemed adequate by ICPSR.

What should be covered by the plan: The Data Protection Plan applies to both the raw data file received from ICPSR as well as any copies made by the research team, and any new data derived solely or in part from the raw data file. The plan also should address how computer output derived from the data will be kept secure. This applies to all computer output, not only direct data listings of the file.

Components of the plan: Your Data Protection Plan should contain the following components:

1. Make reference to Title of Research Project and Principal Investigators.

2. List and describe all locations where copies of the data will be kept.

3. Describe the computing environment in which the data will be used:

Computing platform (PC, workstation, mainframe platform)

Number of computers on which data will be stored or analyzed

Whether personal computers used in the research project will be attached to a network or will operate independently (stand-alone)

Physical environment in which computer is kept (e.g., in room with public access, in room locked when not in use by research staff)

4. List and describe device(s) on which data will be stored: (on network server, on mainframe computer storage device, on PC hard drive, on removable storage device such as CD, floppy drive, or Zip® drive.)

5. Methods of data storage when data are not being used.

6. Methods of transmitting the data between research team members (if applicable).

7. Methods of storage of computer output (in electronic form as well as on paper).

Types of protection expected: Although there are alternative ways to assure security for the data and applicants should prepare their plans in a manner that best meets their needs, some or all of the following features are typically found in successful data protection plans:

Password protection for all files containing data (note that password protection is not regarded as sufficient protection by itself)

Removable storage devices holding the data (CDs, diskettes, zip drive disks, etc.) kept in a locked compartment/room when not in use

Printouts derived from data analysis stored in a locked compartment/room when not in use

No storage of the data on networks, LANs, etc.

No transmittal of data or analysis output derived from the data via email, email attachments, or FTP (either over the Internet, and Intranet system, or within a local area network)

Use of the data on a dedicated computer kept in a secure room and not connected to a LAN

No backup copies of the data to be made

Data stored in strongly encrypted form