The university is intrinsically responsible for how research is conducted and how research outputs are managed. A number of other offices/units on campus have a vested interest in management of sensitive research data and can provide different forms of support at various stages of the research data lifecycle. While the libraries are primarily focused on encouraging best practices, other units will have more expertise and experience with legal requirements. The ones covered here include:
If your research is focused on humans, then your project must be approved by the IRB. Expert review of research protocols is carried out through the work of UT Austin’s two IRBs to ensure that research is well designed and likely to yield generalizable knowledge, and that risks are commensurate with benefit and accurately disclosed to research participants. The IRB has the authority to approve, require modifications, disapprove, suspend, terminate and observe the consenting process for research that falls within its scope of review, as specified by federal regulations and institutional policy. UT Austin has two IRBs: a Social Behavioral and Educational Research IRB (SBER_IRB) and a Health Sciences IRB (HSIRB).
The IRB offers human research training which is mandatory for anyone who hasn't had it in the last three years. All persons with a role in the research (e.g., Principal Investigators, Co-Investigators, Project Managers or Research Assistants) and who are designated to perform the following duties must take the training:
The IRB also has templates for Informed Consent forms in the UTRMS-IRB Library, “Templates” tab.
In the context of sensitive data, ORSC is responsible for overseeing areas such as foreign collaborations and export control. Researchers either intending to collaborate with researchers based in countries with hostile relations with the U.S. or who work on topics related to national security (e.g., nuclear, chemical, biological, weaponry, missiles or unmanned vehicles technologies topics; encryption) are subject to additional institutional and federal policies.
The Office of Sponsored Projects (OSP) serves as the coordinating office for externally funded research and sponsored projects at The University of Texas at Austin. The mission of the OSP is to assist faculty and professional research staff in their efforts to secure and ensure proper stewardship of external funding. OSP assists research faculty and staff with the following: proposal review, authorization and submission; award negotiations and acceptance; account management; close-out, reports, audits, collection; professional development and education; export control and research compliance.
While OSP may not appear to be directly involved with data, they can be. They have an understand funding contracts, and they can be involved with Data Use Agreements as part of research compliance.
Enterprise Technology, more generally known as 'IT,' is responsible for developing and overseeing policies to ensure digital security across the university. Some policies are good general best practices, such as using a secure password for your work computer; using the university VPN when off-campus; and installing anti-virus software that is run regularly. Others are more specific, such as policies about accessing university resources while traveling to certain countries or which cloud storage is and isn't appropriate for different types of data.
The mission of the Information Security Office (ISO), as required by state law, is to assure the security of the university's Information Technology (IT) resources and the existence of a safe computing environment in which the university community can teach, learn, and conduct research.
UT Austin has issued rules for all researchers to ensure that sensitive digital research data is appropriately protected. Protecting this data requires a commonsense approach to managing your computer systems. You need to be aware of common vulnerabilities and then take steps to shield those vulnerable areas. The university has people and tools available to support you in making this happen. The page on Protecting Sensitive Research Data lists some of the computing equipment options fo storing and working with sensitive data.
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 Generic License.