FAQ: Guidelines for Access to and Use of Research Data

Guidelines for Access to and Use of Research Data

The following are guidelines from the Office of the Vice President and General Counsel (OGC) concerning access to and use of research data created by U-M employees using resources controlled by U-M (“Research Data”). These guidelines relate to intangible research data and do not cover tangible property such as specimens or samples.

  1. General Principle: U-M may access, retain a copy of, and use all Research Data unless otherwise provided by law, U-M policy, or a written agreement to which U-M is a party.
    1. Relevant U-M Policy  – U-M policy supports this general principle, providing that Research Data “is a University asset” and “is not owned by a particular individual, unit, department, or system of the University.” SPG 601.12. U-M policy further provides that:
    2. Authorities Superseding or Supplementing the General Principle:
      • Agreements – Sponsored activity, data use, confidentiality, material transfer, or other similar agreements will often have language concerning control of or access to Research Data.
      • IRBs – Institutional Review Boards and informed consents may limit the access to and use of Research Data obtained through or about research participants.
      • Other Laws, Consents, or Regulations – Federal and state laws and regulations, and other research participant consents, may further restrict the use and dissemination of specific types of Research Data. For example, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulates the use and disclosure of personal health information.
    3. Circumstances Requiring U-M Access to or Use of Research Data – The following are examples of circumstances in which U-M would require access and use Research Data:
      • To comply with agreements, such as sponsored activity, non-disclosure, data use, data sharing, or material transfer agreements;
      • To ensure the appropriate security, use and maintenance of research participant data and materials (e.g., Research Data related to animals or radioactive materials);
      • To protect the rights of research participants, students, faculty, and staff (e.g., their rights to access Research Data in which they participated);
      • To perform or satisfy U-M and third party compliance and audit functions;
      • To secure and protect intellectual property rights;
      • To investigate charges of non-compliance, misconduct, or conflict of interest;
      • To respond to questions about the accuracy, authenticity, provenance, or primacy of Research Data; and
      • To comply with legal or regulatory obligations (e.g., responding to a subpoena or other court order).
  1. Responsible Management of Research Data – Responsible management of Research Data is essential to: (1) protect the rights of research participants; (2) prevent loss of data; (3) prevent security breaches; (4) comply with applicable research contracts; (5) preserve data quality and integrity; (6) facilitate the sharing of data; etc.
    1. Data Management Practices and Plans – Researchers, such as principal investigators, and administrators responsible for research oversight, such as research associate deans, should establish responsible management practices for Research Data within their units or projects consistent with the data stewardship provisions of SPG 601.12 (sec. III). Standards and best practices within a particular scientific discipline should also inform these plans on the following aspects of data management:
      • acquiring data;
      • labeling data and managing metadata;
      • securing data;
      • archiving and data curation;
      • disseminating data;
      • using/re-using data and implementing back-up (contingency) procedures;
      • ensuring data quality and integrity; and
      • identifying individuals responsible for data management for a particular project.
    2. Exit Strategies Concerning Research Data – Issues concerning Research Data frequently arise when a researcher (inclusive of study team members) leaves a particular project. As part of any researcher leaving a project (such as through cessation of employment, graduation of students, or other termination of involvement with a project), the unit should consult the departing researcher concerning: (a) the existence and location of Research Data with which the researcher has been involved; (b) whether and to what extent the departing researcher may desire to access Research Data after leaving U-M or the project; and (c) the approvals and written agreements necessary to continue to access Research Data. Under U-M’s general principle (see Section I above), U-M should generally retain a copy of any Research Data when a researcher involved with that Data leaves U-M employment.
  1. Finding Assistance With Research Data Issues at U-M
    A variety of resources are available as starting points to assist you with questions concerning Research Data:
Issue Resource
Questions about Research Data collected or generated as part of a sponsored activity Office of Research and Sponsored Projects (ORSP)
Questions about protecting Research Data in the “Cloud” Information Technology Services (ITS), “University Data in the Cloud”
Questions about protecting Research Data on personal devices Information Technology Services (ITS), “Safe Computing”
Questions about what is an IT Security Incident and how to make a report about a Security Incident Information Technology Services (ITS), “Report an IT Security Incident”
Questions about how to manage sensitive Research Data Information Technology Services (ITS), “Sensitive Data Guide”
Questions about how to share Research Data with collaborators in a secure manner with MiShare “MiShare File Exchange Service”
Questions about HIPAA compliance concerning Research Data. Office of the Vice President and General Counsel, Research Attorney
Questions about Research Data supporting an invention reportable to the Office of Technology Transfer. Office of Technology Transfer
Legal disputes with a third party concerning Research Data. Office of the Vice President and General Counsel
Research misconduct questions concerning Research Data. UMOR – Research Misconduct
Questions about an employee leaving U-M and Research Data generated or possessed by that employee. Academic HR (Faculty), Staff HR (Staff), also, ORSP
Questions about secure data deletion and media disposal Information Technology Services (ITS), “Secure Data Deletion and Media Disposal
Other general questions concerning Research Data ORSP