Body
The purpose of this policy is to outline the guidelines and restrictions for storing research data by students at Booth. Ensuring the confidentiality, integrity, and availability of research data is paramount to maintaining ethical standards and compliance with institutional, legal, and funding body requirements.
This policy applies to all students involved in research activities at Booth, including but not limited to MBA, MiM/MiF and PhD students. It covers all forms of research data, whether digital or physical, collected or generated during the course of research.
Research Data: Any recorded information (regardless of form or medium) necessary to support or validate research findings, including raw data, processed data, and metadata.
Storage Systems: Any digital or physical system used to store research data, including cloud services, external hard drives, institutional servers, and personal devices.
- Research data must be stored only on approved storage systems provided or sanctioned by Booth.
- Approved digital storage systems include:
- Institutional servers with proper security measures.
- This includes project shares on the EMC Isilon, research servers and VM’s, directories within Mercury and other research systems, and RCC research systems.
- Authorized cloud storage services.
- This includes University Box accounts configured for group/department use, Faculty Dropbox accounts, and University provisioned AWS/Azure/GCS accounts.
- Physical data (e.g., paper records) must be stored in secured locations with restricted access.
- *Personal devices such as personal laptops, smartphones, and tablets are not approved for storing research data.
- Unauthorized cloud services (e.g., personal or student provisioned Dropbox, Google Drive, etc.) must not be used for storing research data.
- External hard drives and USB drives may only be used with explicit approval and must be encrypted.
*Booth owned laptops are not recommended for data storage. These devices can be lost, stolen, damaged, or have hard drive failures. Research data should always be stored on a platform with persistence and fault tolerance.
- Access to research data should be restricted to authorized personnel only.
- Sharing of research data with external parties must comply with Booth’s data sharing agreements and policies.
- Collaborative research data sharing must use secure, Booth-approved methods.
- All digital research data must be encrypted at rest and in transit using institution-approved encryption standards.
- Physical data must be stored in locked cabinets or rooms with access limited to authorized personnel.
- Regular backups of research data should be performed and stored securely on Booth-approved systems.
- Research data must be retained for a minimum period as specified by funding bodies, regulatory requirements, or University policies.
- Upon conclusion of the retention period, data must be securely disposed of using Booth-approved methods for data destruction that are in compliance with any contractual obligation.
Students: Ensure compliance with the data storage policy and report any breaches or issues to the supervising faculty member or Information Security.
Supervising Research Faculty: Oversee student adherence to the policy and provide guidance on approved storage systems and practices.
Information Security: Monitor compliance and activity. Conduct audits.
Data Governance: Provide support and training on data storage policies.
This policy will be reviewed annually and updated as necessary to reflect changes in technology, regulations, and institutional practices.
For questions or further information regarding this policy, please contact Information Security.