The following guidelines will help you employ best practices when handling participants' data.
Questions to consider when developing your protocol application include: Where will the data be stored? Who will have access to the data? Am I storing the data in the safest manner? Could these data be lost?
At the end of a study, what will you do with your data? You may choose to delete or destroy the data. An alternative is to de-identify the data and store them securely.
Student PIs should ensure that faculty advisers have access to any data collected as part of student research projects. All data should be fully deidentified or transferred to the faculty adviser's possession prior to student graduation (which is also when IRB approval expires).
Either scan data into an electronic format or storage, or keep in a locked filing cabinet in a secure office. Once data have been transferred to an electronic format, destroy original paper forms (e.g., by shredding), unless keeping original paper copies is required (e.g., by professional standards).
Once recordings (i.e., video or audio) are transcribed, destroy the recordings as soon as the accuracy and completeness of the transcriptions have been verified. If using recordings as primary data sources and not transcribing them, take extra precautions to secure the recordings, particularly those containing identifiers. Further, retain such recordings at the end of the study as research data.
CODED: When a researcher replaces identifying information (names, addresses, etc.) with a code involving letters, numbers or some other combination, AND the researcher maintains a separate list with a code key, so that linking the data with the list would reveal an individual's identity and responses.
NON-IDENTIFIABLE DATA / DE-IDENTIFIED: When the researcher does not collect any direct identifiers (name, address, etc.) OR enough indirect identifiers (age, race, gender, etc.) so that a combination could reveal an individual's identity, and when no code exists to link an individual to responses. Or when all potentially identifiable identifiers have been stripped from the data, so that neither the researcher or any other person could re-identify an individual identify in connection with the data.
See also the guidance section on Anonymity, Privacy, and Confidentiality.