Data Management

Data management plans provide procedures and policies for data collection and protection. A data management plan should include:

  • who has access to the data
  • where is the data stored (all locations)
  • when will the data be used
  • how will the data be used and reported
  • when will the data be destroyed

Informed consent forms should describe the data management plans and how the data will be reported publicly.

Data Storage

When working with participant data, consider the data management policies associated with your institution. That can help you determine the appropriate ways to store and share data based on the level or severity of the information. Your institution will have guidance about what systems are appropriate for storage of particular information. For example, you may not be allowed to store specific participant information in Google Drive or Dropbox.

Depending on the data, you may be expected to encrypt the files before storing them on a server. Some files may have to be kept separate and encrypted like identifier lists.


If part of your research required linking multiple data sources to the same participant, you will go through a process of deidentifying your data. This is done by creating a unique id for each participant and then replacing the participant’s identifying name with the unique id. The identifier list is typically stored in an encrypted file away from deidentified data.

Previous submodule:
Next submodule: