Research Protections Policies

RP15 Research Data Management

Policy Status
New
Subject Matter Expert
Debra Thurley, 814-865-1775, djd116@psu.edu
Policy Steward
Associate Vice President for Research, Director of the Office for Research Protections

Contents:

EXECUTIVE SUMMARY

The responsible stewardship of Research Data is vital for producing reproducible, transparent, and high-quality research data, meeting sponsor requirements for data management and sharing, demonstrating a commitment to ethical and legal standards, and contributing to the institution’s research mission to advance discovery, collaboration, and interdisciplinary research to promote human and economic development, global understanding, and progress professional practice through knowledge expansion and application. All members of the research and scholarly community share in the responsibility of applying research data management practices that maintain rigor and trust in research and scholarship as well as allow the University to respond in sufficient detail to questions of accuracy, authenticity, and privacy and to remain in compliance with laws and regulations governing the conduct of University Research. Recognizing the shared responsibilities of both researchers and the University, the intent of this policy is to (1) promote good data stewardship practices and to define ownership of Research Data, (2) outline the responsibilities of researchers and the University in managing the use, distribution, and preservation of Research Data, (3) set forth expectations for active data management, (4) encourage open sharing practices when appropriate, and (5) provide principles for storage, retention, and departure from the University. Additionally, alongside this policy, procedures for complying with specific requirements are documented as guidance or standard operating procedures.

SCOPE

This policy is applicable to Research Data that is either generated, collected, or retained for the purposes of University Research through one or more of the following means: (1) utilizing funds (such as grants, fellowships, internal funds, or other forms of sponsorship) administered by the University, (2) being conducted by faculty, staff, or students as part of their employment or formal research roles, or (3) involving the use equipment, facilities, or other unique access provided to University researchers.

As such, this policy applies uniformly to both sponsored and unsponsored research and is applicable to a broad spectrum of individuals engaged in research activities at the University. These individuals include faculty, staff, students participating as employees or research assistants, postdoctoral scholars and fellows (as defined in Policy RA68), visiting scholars (as defined in Policy AC01), and any persons employed at the University that perform, conduct, or are otherwise engaged in research activities that would result in the creation or collection of Research Data. This policy does not apply to students engaged in research and scholarship exclusively as part of their coursework (e.g., senior thesis or research term paper).

DEFINITIONS

Research
Research means a systematic investigation, study, evaluation, demonstration, or experiment designed to develop or contribute to generalizable knowledge. Regardless of method (e.g. qualitative or quantitative), this applies to all fields of scholarly study, including but not limited to all fields of science, mathematics, engineering, arts, the humanities, and law. 
Research Data

Research Data refer to any type of records, materials, or results that emerge from scholarly inquiry. Research Data include any data needed to validate and replicate research findings. Research data is sufficient to facilitate 1) reconstruction of experimental methods or other analytical practices that underpin scholarly interpretations and arguments and, where appropriate 2) accurately interpret research data outputs, regardless of form or recorded medium. Research data comprises a portion of the research record.

Research data may also be defined by or subject to sponsor, funder or publisher requirements and standards.

Research Outputs

The results, findings, or reports produced by the design and execution of research inquiries that contribute to any body of knowledge. The research community may seek to replicate or validate research outputs through the review and analysis of research data. The form of research outputs may vary according to scholarly disciplines, but could include computer code, algorithms, curated or analyzed sets of data, videos, films, patents, archives, publications and books. Research outputs comprise a portion of the research record.

Research Record

Any data, documents, computer files, or materials that document a scientific or other form of scholarly inquiry. Research records can be written or non-written, electronic or hard-copy. Regardless of the form in which personnel maintain research records, they should be able to meet reasonable expectations to provide evidence or information regarding the proposed, performed, reviewed, or reported research. A research record may include, but is not limited to, grant or contract applications, whether funded or unfunded; grant or contract progress and other reports; collections of primary sources, whether textual, auditory, or visual; notes taken from research in physical or digital archives; laboratory notebooks (physical and electronic); printed or electronic communication; ethnographic field notebooks; interviews and survey data; podcasts; videos; photographs; films; slides and exhibits; biologic materials; computer files and printouts; manuscripts and publications; equipment use logs; laboratory procurement records; animal facility records; human and animal subject protocols; consent forms; medical charts; participant research files; abstracts, theses, oral presentations, and internal reports.

Metadata

Metadata is the information that describes and documents research data. This Policy applies to metadata that is necessary to understand the resulting Research Data.  This may include computer code used to generate, validate, or replicate findings.

Researcher

Researcher is defined as University-affiliated faculty, staff, students (both undergraduate and graduate), and any other persons employed at the University involved in the design, conduct or reporting of research regardless of the funding source, including academic appointees, staff, postdoctoral scholars, research trainees, and medical center staff and clinicians.  

Principal Investigator

As relates to this policy, the Principal Investigator (PI) refers to the individual ultimately accountable for the management of Research Data and/or the oversight of delegated responsibilities regarding the management of the Research Data. The institution recognizes at least one PI for each research project subject to the applicable University policy and guidance. The PI’s responsibilities with respect to Research Data are outlined in this policy and include, but are not limited to: 

  1. determining what needs to be retained in sufficient detail and for an adequate period of time, adhering to other applicable policies,
  2. establishing and maintaining appropriate procedures for the protection of Research Data and other essential records, particularly for long-term research projects;
  3. managing access and the sharing of research data, including publishing or sharing Research Data in repositories,
  4. maintaining confidentiality of Research Data, where appropriate; and
  5. complying with applicable state and federal laws and regulations.

RESEARCH DATA OWNERSHIP

The University asserts ownership of and assumes responsibility for the security and management of research data resulting from (1) research conducted by or under the auspices of individuals performing their assigned or assumed duties, (2) using University resources, such as facilities, infrastructure, equipment, or supported technologies, or (3) with funding from or administered through the University. 

Good data management practices and practical considerations necessitate that the University and University Researchers act in partnership.

University Researchers are the primary stewards of Research Data. As such, University policies ensure that ownership considerations do not hinder researchers from reusing the Research Data for other University Research, collaborating, creating scholarly works, sharing, or taking a copy of Research Data with them should they depart the University (see ‘Leaving the University’). It is crucial to note that this policy respects PI’s autonomy in stewarding Research Data including deciding which Research Data to preserve or dispose of, as long as legal and contractual obligations are met. The policy acknowledges non-exclusive ownership of Research Data owned by third parties or jointly owned through collaborations. Additionally, it does not impede compliance with scholarly discipline standards, data management plans, or legal, funder, and contractual requirements.

The University’s ownership of Research Data serves as a foundation for promoting its mission, maintaining good stewardship practices, and fulfilling legal obligations, particularly as the contracting party for and direct recipient of extramural awards that impose access requirements and regulatory compliance obligations. While PIs serve as primary stewards, the University may assume custody of Research Data in specific circumstances, such as investigation into research misconduct allegations, litigation, or to ensure research continuity.

INSTITUTIONAL RESPONSIBILITIES

In addition to the PI responsibilities for data management outlined above, the University’s responsibilities, as carried out by department, school, center, institute, or administrative staff include, but are not limited to:

  • Implementing relevant policies, procedures, and/or guidelines that set institutional expectations and requirements for responsible management of research data and the proper conduct of individuals interacting with research data.
  • Protecting the right of research personnel to carry on research and publish the results and underlying data.
  • Protecting the rights of research personnel to access research data resulting from research in which they participated. Reviewing, negotiating, and executing required agreements and contracts associated with data use, sharing, transfer, and collaborations to ensure the University can meet obligations concerning the protection and integrity of research data.
  • Assessing compliance with University policies, requirements from regulatory and compliance bodies, applicable laws and other relevant agreements regarding the management, retention, and sharing of research data and outputs; and coordinating institutional response and actions as necessary.
  • Offering baseline infrastructure for the storage, computing, and protection of research data and outputs and providing guidance for Research Data that needs additional support or resourcing.
  • Providing training (directly or via third-party) to support best practices in data management.

RESEARCH DATA RETENTION

The PI is responsible for determining what needs to be retained in sufficient detail and for an adequate period of time to enable appropriate responses to questions about accuracy, authenticity, primacy, and compliance with laws and regulations, as well as sponsor and/or journal requirements applicable to the retention of data related to the conduct of research.

PIs must retain Research Data for at least the specified minimum period required by applicable laws and regulations, sponsorship requirements, or other agreements. Penn State expects research personnel to retain, via archives and/or placement in established repositories, research data and outputs for a minimum of seven years after the final reporting or publication of a project, whichever occurs later.

PIs may choose to retain the data beyond the minimum period so long as it is preserved and monitored accordingly, up to any destruction deadline specified by laws, regulations or other agreements. When applicable, the University’s Retention Schedule should be followed. It is important to note that when data retention is governed by multiple regulatory authorities or entities, the PI should retain the research data for at least the longest term specified by any of the said entities. Transferring data to repositories with appropriate preservation terms satisfies the retention requirement.

RESEARCH DATA ARCHIVING & PUBLIC ACCESS

The University is committed to fostering a culture of open research and innovation. As such, while not a requirement, the institution affirms its dedication to not impose unnecessary restrictions on such practices and researchers are encouraged to make their research data publicly accessible in a manner that is consistent with FAIR principles via established data repositories (funder-approved, community-developed disciplinary, or institutional) whenever possible, following university, ethical, legal, and intellectual property requirements.

The University acknowledges that researchers may have legitimate reasons to withhold or delay data sharing, such as protecting proprietary interests or meeting legal obligations. Protected or sensitive Research Data should not or may not be shared outside of the University without ensuring compliance with applicable community norms, laws, regulations, agreements, grants, contracts, and other University policies. Principal Investigators (PIs) are responsible for (1) ensuring that the access is allowable based on University policy and standards, compliance or regulatory body requirements, data provider or funder terms and conditions, and any other requirements articulated in agreements, consent forms, or University policy and (2) obtaining necessary agreements (such as an Outgoing Data Use Agreement) prior sharing data when required.

The University commits to providing support and training for ethical data management and sharing practices.

None of these provisions are intended to subvert existing state or federal regulations, or alter a PI’s traditional ability to hold Research Data proprietary, or to require others to hold Research Data proprietary, until the results of the research have been published and the terms of the research agreement or project have been fulfilled. If Research Data are outside the period of retention specified in this Policy, the destruction of those Research Data are at the discretion of the PI unless the department, school/college/unit, or other University office specifically requests the retention of the Research Data. Processes for destruction or discarding of Research Data must follow applicable federal regulations, University policies on record retention and data disposal, sponsor requirements, and other applicable rules and guidelines.

The National Institutes of Health policies on data sharing and sharing of biomedical research resources are models that investigators may find useful when planning for the sharing of Research Data (in all instances, Principal Investigators should consult individual award terms to determine whether an individual award is subject to any special handling of Research Data).

RESEARCH DATA ACCESS

 As owner of the Research Data, the University has the right to access the original Research Data or deemed equivalent copy to ensure that it meets its obligations of ethical, legal and financial accountability for the Research Data. The PI(s) will provide such access to the University upon reasonable request. The Principal Investigator(s) will also provide access to authorized representatives of extramural sponsors of the research and/or to designated governmental officials, where such access may be necessary to ensure its accountability for the Research Data. The PI(s) will also facilitate requests for access to Research Data by members of the research team who were involved significantly in the design, conduct, or reporting of the Research Data to the extent feasible or allowable by legal or security requirements. The PI may decline a request for access if the requestor has previously been determined to have engaged in research misconduct or unethical use of the data.

The University expects Research Data be made available subject to the requirements of funders, journals, ethical standards set by professional societies, the terms of applicable data use agreements (DUAs), or other governing agreements, regulations or guidelines. PI(s) shall make every effort to protect intellectual property rights as defined and governed by the Penn State Intellectual Property policies.

LEAVING THE UNIVERSITY

Prior to separation from the University as defined in HRG20, PIs are responsible for ensuring that appropriate offices have been notified, that all protocols, grants, and contracts are transferred or terminated, and that all materials, Research Data, and equipment have been disposed of or transferred in accordance with University policy and award terms and conditions, if applicable. See also the HR-mandated separation protocols identified in HRG20 (Checklist for Departing Researchers).

Subject to applicable policy, agreements, and approvals, in most cases when the PI or co-investigators involved in research projects at Penn State leave the University, PIs may take copies of Research Data for projects on which they have worked. Original Research Data cannot be transferred without explicit permission. Such permission could include an explicit expectation that the University can have access to the data if necessary. While PIs are responsible for following any research compliance requirements, the University retains compliance obligations for the research even if the PI leaves and takes the project with them. In all cases, PIs should be aware of data ownership and responsibilities.

When a Principal Investigator leaves the University and a University Research project is to be moved to another institution, the ownership of Research Data may be transferred or licensed to the new institution in accordance with a locally developed process. This may include approval from the applicable institution, school, department and/or other academic units. The University may impose conditions on such transfer or may require the Principal Investigator to leave copies of the Research Data with the University. In either of these instances:

  • The remaining members of the research team retain the rights to use the Research Data needed to continue their work.
  • The individual who leaves the University must arrange with their school, department and/or other academic unit for the management or disposition of any Research Data that remain at the University in accordance with University policies and/or legal, funder, or contractual requirements. This may include the use of data repositories.
  • The University has the right to sequester or otherwise obtain access to Research Data for a required investigation pursuant to University policy and/or legal, funder, or contractual requirements, litigation, or to ensure continuity of research, regardless of the location of Research Data.

Unless other collaborators are able to continue the research project and take over the management of the research data, the PI's department or the administering unit (in the case of a grant administered by a unit different from the department) becomes responsible to initiate steps to ensure that the research data is continued to be managed or archived as appropriate.

NONCOMPLIANCE

The deliberate or reckless mismanagement of research data and/or primary materials constitutes unacceptable conduct and may require corrective actions and/or reporting to the necessary individuals, including but not limited to sponsors and funding agencies.

CROSS REFERENCES

AC01: Visiting Scholars

HRG20: Checklist for Departing Researchers

RA68: Postdoctoral Appointments
 

Most recent changes:

  • June 26, 2025 - New policy. 

Revision History (and effective dates) 

Date Approved
Date Published
Effective Date