Instructions for Preparing the Data Protection Plan
Purpose of the Data Protection Plan: The Data Protection Plan becomes part of the signed agreement between ICPSR and the Restricted Data Investigator(s). If the agreement is executed, all members of the research team with access to the data are contractually obligated to follow all aspects of the Data Protection Plan. The fundamental goal of the protections outlined in this plan is to prevent persons who are not signatories to the Restricted Data Use Agreement or the Supplemental Agreement With Research Staff from gaining access to the data. The agreement will not be executed if the plan is not written with sufficient specificity, or if data protections are not deemed adequate by ICPSR.
What should be covered by the plan: The Data Protection Plan applies to both the raw data file received from ICPSR as well as any copies made by the research team, and any new data derived solely or in part from the raw data file. The plan also should address how computer output derived from the data will be kept secure. This applies to all computer output, not only direct data listings of the file.
Components of the plan: Your Data Protection Plan should contain the following components:
Make reference to Title of Research Project and Principal Investigators.
List and describe all locations where copies of the data will be kept.
Describe the computing environment in which the data will be used:
Computing platform (PC, workstation, mainframe platform)
Number of computers on which data will be stored or analyzed
Whether personal computers used in the research project will be attached to a
network or will operate independently (stand-alone)
Physical environment in which computer is kept (e.g., in room with public access, in room locked when not in use by research staff)
List and describe how data will be stored: (e.g., on PC hard drive, on removable storage media such as CD, diskettes, or Zip(R) drive.)
5. Describe methods of data storage when data are not being used.