III.

Data Security Plan In compliance with the NCERDCs requirements regarding data security and confidentiality protections, I will make certain that all data files will be stored only on password-protected network space provided by the Department of XXX at YYY University. Only the project researchers named on the application cover page will be able to view and access this secured network drive. All future persons involved in the research will sign confidentiality agreements with the NCERDC. These data files will be used exclusively for the purposes of this research project. When using student data, the following procedures will be observed: 1. Computing Equipment. All data supplied by the NCERDC will be stored and accessed on the secure server with password protected access. No data will be stored or analyzed on any portable devices, including laptop computers. Access Procedures. Access to the server space is limited to persons approved for use of the NCERDC data. The passwords are known only to members explicitly authorized for access to the respective confidential and restricted use data, as well as computer support staff. Passwords will be changed periodically. Encryption Software. We currently use the built in Windows Encryption Anti-Virus Software. McAfee Anti-virus software is installed and updated periodically to ensure that no infected files can be transferred to the machine. Paper Printout Access. Results from data manipulations can be printed by downloading compliant information to a jump drive and accessing printing equipment. Derived results will be treated in the same manner as the original data. Paper printouts will be shredded when no longer needed. Treatment of Derived Data. All data derived from restricted data is handled in the same manner as the original restricted data. We understand that derivations from restricted data include, but are not limited to: (a) subsets of cases or variables from the original restricted data; (b) numerical or other transformations of one or more variables from the original restricted data, including sums, means, logarithms, or products of formulas; and (c) variables linked to another dataset using any variables from restricted datasets as linkage variables. Updates of Security Procedures. If requirements for the handling of confidential or restricted data change, provided they become more stringent, our data protection plan will be amended accordingly, and procedures for handling restricted-use data will be adjusted to comply with the new requirements.

2.

3. 4.

5.

6.

7.