570 Management of Research Data and Records By Investigators and Academic Departments

  1. Introduction
  2. Definitions
  3. Ownership, Stewardship, and Custody of Research Data and Records
  4. Retention of Research Data & Records
  5. Intellectual Property Issues Involving Research Data and Records
  6. Related Policies & References
  7. Contact for Information

Standard of Practice
Management of Records by Investigators and Academic Departments

Effective Date
1 September 2019

Revision History
1 September 2019 (Created)
30 April 2026 (Revised)

1. Introduction

Research data and records are governed by Federal, State, and local regulations. Both the university and investigators are accountable for proper management of research data and records and must comply with regulations, meet industry standards, and follow best practices related to collection, transmission, storage, and security of the information. Multiple offices at ECU are involved in these processes, and this guidance is provided to help navigate the complex processes and procedures.

2. Definitions

2.1 Research Data

Research data is the recorded factual material commonly accepted in the scientific community as necessary to validate research findings. (2 CFR § 200.315(e)(3)).

2.2 Records

Research record means the record of data or results that embody the facts resulting from scientific inquiry, whether in physical or electronic form, including but not limited to proposals, data, laboratory records, reports, manuscripts, presentations, and publications (42 CFR § 93.236).

2.3 Research

Research is the systematic study directed toward fuller scientific knowledge or understanding of the subject studied (2 CFR 200.1).

3. Ownership, Stewardship, and Custody of Research Data and Records

The university and investigators share responsibility and access to research data and records and jointly determine their use, disposition, and, when appropriate, transfer of legal ownership. Data, records, and intellectual property generated in the course of university employment are owned by the university, which is responsible for ensuring access, integrity, and security for external stakeholders. Investigators, as the creators and primary users of research data and records, serve as their primary stewards and custodians. When faculty receive data, information, or specimens from other institutions under Confidential Disclosure Agreements (CDA), Data Use Agreements (DUA), or Material Transfer Agreements (MTA), ownership typically does not transfer; however, investigators remain responsible for stewardship in accordance with the applicable agreement.

3.1 Roles and Responsibilities

3.1.1 Administration

3.1.1.1 General

The general structure, policies, and procedures of data oversight and management at ECU can be found at the Data Governance website. The Data Governance Regulation assigns the members of Academic Council as the trustees for research data and records with final authority over use and disposition of information within their respective divisions.

3.1.1.2 Institutional Steward

The Assistant Vice Chancellor for Research Administration and Compliance is the institutional steward for research data and represents research on the Data Stewardship Committee.  He/she interfaces with investigators, Academic Council, and the Data Stewardship Committee, facilitating research while maintaining compliance with Federal, State, and local regulations.  He/she advises Academic Council, establishes and implements institutional policies and procedures, and executes agreements for the interinstitutional transfer and sharing of research data.

3.1.1.3 Data Security Oversight

The HIPAA Security Offices (Research HIPAA Compliance and ECU HIPPA Security Office), Identity Theft Protection Committee (ITPC), and IT Security Computing Services (Information Security Standards for ECU) are engaged when the research involves human subjects, ensuring that personal health information and personal identifiable information is collected, transmitted, and stored appropriately.

3.1.1.4 Sequestered Data

In instances where data and records are sequestered as part of an investigation into allegation of research misconduct or when patent litigation is imminent, the university provides copies of data and records to the investigator as needed to allow continuation of active research projects.

3.1.1.5 Contractual Custody Outside ECU

In instances where contractual agreements stipulate that another institution shall have custody of original primary data, ECU transfers the original data to that institution and retains a true copy of all data and records generated for the study.

3.1.2 Principal Investigator

The Principal Investigator (PI) is the steward and custodian of project-specific data and has responsibility for ensuring the integrity, security, retention, and disposition of the original research data and records.

3.1.2.1 PI Responsibilities – Prior to Collecting Data

Determine the security classification of data and records involved in the study (ECU Data Classification).

Develop a plan for managing the data (Data Management Plans) in compliance with ECU’s approved guidelines for protecting (Article – Guidelines for Protecting S…), storing,  (Article – Overview – File Storage Sec…), and transmitting (Sensitive Data Storage and Transmission) sensitive data and records involved in the project.

Obtain approval from the IRB and all ancillary reviewers for collection and use of human data, including Data Use Agreements and/or from the IACUC for collection of data from animals.

Ensure resources are available from either internal or external funds to cover the expenses of data and record preservation and security.

Inform research team members of their specific roles and responsibilities in data management, retention, and security.

3.1.2.2 PI Responsibilities – During the Project

In accordance with IRB, IACUC, HIPAA, and/or sponsor-approved protocols:

          • Document that project data are collected, transmitted, and stored as stated in approved protocols.
          • Alert the appropriate office of deviations in protocols that impact data integrity or security.
          • Amend previously approved protocol and data management plan to reflect changes in processes and procedures.
          • Appropriately organize and label data and records to allow the identification of specific information within the records by someone who was not involved with the original project.
          • Provide access to sponsors and institutional officials as required by contractual and regulatory obligations.

Refer requests by external parties to audit project data and records to the Chief Audit Officer in the Office of Internal Audit and Management Advisory Services and Assistant Vice Chancellor for Research Administration and Compliance in the Office of Research Administration (the study team does not communicate directly with external auditors without express permission from Internal Audit).

Refer requests under the Freedom of Information Act (FOIA) to the Office of University Counsel.

3.1.2.3 PI Responsibilities – After Project Completion

Consolidate and co-localize the data files and records for the project.

Ensure access by the institution as required to address issues including, but not limited to public disclosure, regulatory compliance, research integrity, misconduct, personnel actions, and public records requests.

Retain the data files and records according to IRB, IACUC, FDA, sponsor, and other agency guidelines and regulations as detailed in, but not limited to, the UNC Records Retention and Disposition Schedule (See Section 4, below).

3.1.2.4 PI Responsibilities – Prior to Leaving ECU

Request from the Assistant Vice Chancellor for Research Administration and Compliance that ownership of the original data be transferred to the investigator or another institution to support continuation of the project.

Provide the Department Chair with copies of the original research data and records for permanent archiving.

Provide copies of the data and records to collaborators and co-investigators.

3.1.3 Department Chair

The department chair or designee is responsible for ensuring that copies of the original research data and records are retained in the unit as appropriate for the research activities and financial support of the project.

4. Retention of Research Data and Records

The UNC Records Retention and Disposition Schedule defines rules for retention and disposition of different kinds of research information. The Schedule incorporates many of the Federal, State, and UNC System requirements into one set of rules. For data and records not covered in the Schedule, investigators should refer to sponsor and agency guidelines specific to their areas of investigation. The following is a summary of data and record retention guidelines relevant to research.

4.1 Animal Research Records (UNC Standard 6.2)

Records documenting the use of animals for research. Includes manifests, disposition logs, reports, correspondence, and other related records.

Destroy in office 7 years after final disposition of animals.

4.2 Complaints, Deviations, and Violations (UNC Standard 6.3)

Records documenting complaints related to a specific study or principal investigator under review for potential violations. Includes complaints, correspondence, and other related records.

Destroy in office 3 years after conclusion of study or resolution of complaint, whichever is longer.

4.3 Live Tissue Research Records (UNC Standard 6.7)

Records documenting the use of live tissue in research. Includes manifests, disposition logs, reports, correspondence, and other related records.

Destroy in office 7 years after final disposition of tissue.

4.4 Research Data Sets (UNC Standard 6.8)

Data sets used to produce reports by any unit in the University. Retain in office permanently, unless otherwise specified by terms of contract.

4.5 HIPAA Records (UNC Standard 18.6)

Documentation of HIPAA authorization or waiver/alteration of HIPAA authorization is retained for a minimum of 6 years (45 CFR 164.316).

4.6 FDA Investigational New Drug (IND)

Retain for 2 years after a marketing application is approved for the drug; or if an application is not approved for drug, until 2 years after shipment and delivery of the drug for investigational use is discontinued and the FDA so notified (21 CFR 312.57(c)).

4.7 FDA Investigational Device Exemption (IDE)

Retain records for 2 years after the investigation is terminated of completed, or the date that the records are no longer required for purposes of supporting a premarket approval application or a notice of completion of a product development protocol, whichever is later (21 CFR 812.140(d)).

5. Intellectual Property Issues Involving Research Data and Records

Preparation and retention of research data and records are essential for determining inventorship and establishing priority of intellectual property, as well as defending against patent infringement claims. To protect the rights of investigators and the university regarding intellectual property generated through their research programs, it is recommended that specific recordkeeping and retention practices be followed, including the use of bound and/or electronic laboratory notebooks that contain confirmatory dates for each experiment Furthermore, research data containing confidential or proprietary information should be protected from public disclosure and stored in accordance with university-approved policies and procedures.

6. Related Policies and References

7. Contact for Information

Assistant Vice Chancellor for Research Administration and Compliance