Relocation of Research Data and Records



Data Storage Advice for Research Records covered by IRB oversight


Follow these general guidelines if the documents or records covered by the IRB oversight need to be moved from the site disclosed in the original protocol.  When in doubt, always feel free to clarify with the IRB office ( 

  1. Pack the data in secure containers such that the records are not revealed or damaged during inadvertent accidents during the relocation process. 
  2. IRB requirements are to keep data for three years. Any data within that window should be handled however you said in your application.
  3. Researchers frequently have to keep the data longer than three years due to ongoing projects, publication preparation, or journal guidelines.  As long as the data are held in the investigators custody, the storage and data protection must be followed as described in the protocol.
  4. Data not in use any longer can be destroyed as disclosed in the original IRB application unless an IRB amendment was approved to handle the data otherwise.  MTSU IRB recommends that data no longer used can be destroyed by secure shredding.
  5. The IRB also recommended that PIs close their IRB protocols once their data collection has been completed.  Closing a protocol does not prevent the data analysis or use the data for publication as outlined in the application.  The data close out notice will provide the data storage deadline and other important instructions.
  6. The investigators must be aware the the relocation may pose inadvertent compliance violations. Therefore, it is prudent to plan ahead.  Do not hesitate to contact the IRB in the event you believe a compliance brach has occurred.  The Office of Compliance and IRB will work with investigators to help resolve any issues that are not in control of the investigators.

One way to avoid paper clutter is to convert all the paper documents to electronic files.  However, please be aware that scanning documents using a network scanner could potentially result in creating a duplicate in the server.  Therefore, the scanning must be done in a manner such that the documents are copied only in a secure storage site accessible only to those who are listed in the protocol.