The Shanghai Intercultural Institute (SII)

Shanghai International Studies University (SISU)

Guidelines for Research Data Collection, Privacy, Protection, and Management

(in accordance with GDPR: https://gdpr-info.eu)

The Shanghai Intercultural Institute (SII) is proactive in research data collection, privacy, protection and management based on (a) Shanghai International Studies University’s (SISU) commitment to research excellence and fostering discovery, (b) applicable laws and regulations, (c) SISU’s commitment to provide appropriate responses to questions about accuracy, authenticity, and primacy of research conducted under the auspices of the University, (d) SISU’s interest in supporting, safeguarding, and responsibly commercializing intellectual property, and (e) the maintaining the continuing value of secure research data to the researchers involved. This statement is an acknowledgement and response to research environments that are changing due to the exponential growth of data, legislative and sponsor mandates on data management, and new solutions for data storage.

This policy aims to:

• clarify responsibilities and accountability with respect to research data collection, privacy and management

• aid in decision making with respect to best practices for management of research data;

• promote coordination between support providers to ensure that services meet the functionality needs of SISU’s research community and avoid overlap or competing service offerings; and

• help the University to assure compliance with all applicable laws and regulations and internal requirements with respect to research data management practices, data storage, data security, and sharing and dissemination of research data.

Signed Consent or Consent Paragraph

Some surveys may not require signed consent. For surveys where there is minimal risk to participants, where the signature on consent is the only piece of identifying information being collected, and/or for surveys conducted online, a simple consent paragraph as opposed to the much longer signed consent form is suitable. Please note that even though participants may not be required to sign a consent form, consent is still being obtained and participants should still be given the same type of information (voluntary nature of study, risks, benefits, procedures to maintain confidentiality, etc) as participants who will be physically signing a consent form. The shortened paper survey consent paragraph or online survey consent acts as a consent document for participants and the process of participants proceeding to the survey and completing it constitutes consent.

Anonymity and Confidentiality

Few surveys are truly considered anonymous. Even though a participant is not being asked for their name in the survey, other pieces of information (IP address, email address, zipcode, etc) and/or demographic questions (sex and race especially in a small sample with low diversity) could potentially be used to glean the identity of individual participants. Also, in a face-to-face survey even if a name is not being recorded the mere fact of the researcher meeting the participant face-to-face negates the concept of anonymity. A more accurate description of survey data would be that it will be confidential meaning that researchers will utilize certain procedures to maintain the confidentiality of participants’ data.

Confidentiality in an Online Survey

For online surveys special attention must be paid to how participants data will be secured. This entails having a familiarity with: the survey software being used, the types of information being collected (IP address, email address), the options the survey software provides regarding what information to collect, the ways in which information will be stored, and how any identifying information will be de-linked from survey data, etc. It is important to note that third party survey software companies (i.e. Survey Monkey, Zoomerang, etc.) differ from software licenses made available through SISU (i.e. – Qualtrics, etc) so the researcher will need to be aware of these differences and the affect this will have on how and where survey data is stored and maintained. Aside from the ways in which any survey software will collect and maintain survey data, the researcher will also need to provide information about how the data, once retrieved from the survey software provider, will be maintained (i.e. – on password protected computers, on password protected cloud storage [What are the Terms Of Service for cloud storage company], etc). This information is necessary for the IRB to assess the level of security and subsequent risk to participants data being divulged. Information regarding data security would need to be included in the protocol submission and in the consent form.

Data Management and Storage Policy

Data may have long-term scientific or institutional value, but all preserved data should be subject to review or assessment by the SISU Research Office. The SII holds forth this policy that data should be stored in locked offices on computers that are password porotected. In the case the digital data is being generated, research fellows will implement the SISU Research Best Practices Approach to preserve data in reposiritiories that may be subject to audit or review by adminisitration.

For all reserarch projects using data on participants or human subjects, data should be kept in a way that is compliant with SISU institutional review board requirements or specific research protocols mandated by laws and regulations. Depending on the data use, it is SII will make to determine how access will be provided for those not involved in the research project.

It is important to note that these policies are subject to change to meet the university needs, but provide an initial framework for the continued assurance of data protection regulations (aiming to be compliant with the EU’s GDPR and other identity protection guidelines).