Policy 588: Research Data

Section: Operating Policies
Sub-Section: Research and Sponsored Projects
Policy Number: 588
Subject: Research Data
Covered Employees: USU Employees and Students
Origin Date: May 5, 2017
Effective Date: May 5, 2017
Download the PDF File for Policy 588


Research data are an essential component of any research university, and shall be managed so that compliance with all legal, regulatory, contractual and policy obligations are met.

The purpose of this policy is to describe the rights and responsibilities of individual researchers and the institution in the use, retention, maintenance and sharing of data produced as part of USU’s research enterprise. Except as set forth herein, this policy applies to all USU personnel (faculty, staff and students) and encompasses all Research Data produced under USU projects, whether through external funding sources or USU sources. Research Data so produced at USU shall be recorded, maintained, retained, used, protected and shared in accordance with State and Federal regulations and with USU policies and procedures. In cases where a conflict or discrepancy exists between this policy and Federal or Utah State laws, regulations or guidance, the Federal or state requirements shall take precedence.

USU may choose not to claim rights to data generated or collected by:

  • Investigators, if there is a specific condition to the contrary in the sponsored project’s grant, contract or cooperative agreement, or if the investigator is engaged in Scholarly Works as defined and within the limits set forth in USU Policy 587, “Intellectual Property,” such that the activity is considered to be the unrestricted property of the author.
  • Students, so long as the students:
    • Are not also employees of the university with a work assignment related to research; and
    • Are engaged in activities that are conducted without the use of substantial University resources, including USU facilities equipment, materials, or financial support.

Other related policies include:

#583 – Research
#584 – Human Participants in Research
#585 – Animal Care and Use
#587 – Intellectual Property (reflecting Federal guidance as included in OMB Uniform Guidance (2 CFR Part 200))
#558 –Information Security Policy (Pending)



Research shall be as defined in Policy 583.1.5.1, “Research” and shall be understood to encompass all those activities carried out by Investigators within their respective role statements, employment assignments or courses of study which are designed to increase knowledge or improve upon human inventions.


Investigator shall be as defined in Policy 583.1.3.2, “Investigator,” and under this policy shall mean a person or entity affiliated with USU, whether as an employee, student or otherwise, whose role statement, job description, employment assignment and/or function within the University is, either in whole or in part, to carry out Research, whether sponsored by external or internal sources. Such Investigators shall include, but not be limited to, USU faculty, professional researchers, librarians who have a research role, research assistants, laboratory and clinical staff, and others as may be designated by the Vice President for Research.


Principal Investigator shall be an Investigator who has primary responsibility within the University for the design, conduct and reporting of Research.


Research Data shall be as defined in the Uniform Guidance, 200.315(e) (iii), and shall mean:

“[T]he recorded factual material commonly accepted in the scientific community as necessary to validate research findings, but not any of the following: Preliminary analysis, drafts of scientific papers, plans for future research, peer reviews, or communications with colleagues. This ‘recorded’ material excludes physical objects (e.g., laboratory samples). Research data also do not include:

“Trade secrets, commercial information, materials necessary to be held confidential by a researcher until they are published, or similar information which is protected under law: and

“Personnel and medical information and similar information the disclosure of which would constitute a clearly unwarranted invasion of personal privacy, such as information that could be used to identify a particular person in a research study.” Though the above Uniform Guidance definition focuses on the “scientific community”, USU implements this more broadly across our academic community encompassing any Investigator engaged in Research, as defined above.


Intangible Property, as defined in 2 CFR 200.59 shall mean “property having no physical existence, such as trademarks, copyrights, patents and patent applications and property, such as loans, notes and other debt instruments, lease agreements, stock and other instruments of property ownership,” and includes Research Data in accordance with 2 CFR 200.315(e)(3).


Tangible Research Property shall be as defined in Policy 587.2.5: “tangible items produced in the course of research, such as compositions, chemical compounds, Biological Materials, materials, drawings, devices, integrated circuit chips, computer databases, computer software, prototypes, circuit designs, and equipment.” Tangible property shall be treated as Research Data only to the degree that it meets the definition in 2.4 above, or when agency-specific regulatory language or contract language requires that it be classified as Research Data (e.g., physical samples or photographic images when they are used to support findings in published papers).


OMB Uniform Guidance, Section 200.315(a) provides guidance on ownership and use of Intangible Property, including Research Data. USU applies this guidance to all Research Data. Therefore, title to Research Data vests in Utah State University (USU) immediately upon its acquisition. USU must use Research Data for any originally-authorized purpose as outlined in any funding agreement sponsoring the Research, and must not restrict access to the Research Data in contravention of Federal or other applicable regulations or contractual requirements.


Research Data must be retained in accordance with 2 CFR 200.333 for federally funded Research (i.e., a minimum of three years after the submission of the final expenditure report in most cases) or, for non-federally funded research, for a minimum of three years after the completion of the research project under which it was gathered. Longer retention of data may be required under additional circumstances, such as, but not limited to, the following:

  • Conditions of the funding agency,
  • Program income transactions,
  • Protection of intellectual property,
  • Student involvement. Research Data must be retained at least until the degree is awarded or until it is clear that the student has abandoned the work.
  • Charges, audits, claims, or litigations regarding research, such as allegations of scientific misconduct, non-compliance or fraud or abuse. In these circumstances, Research Data and underlying data gathered in the conduct of research that is the subject of investigation is often required to be retained for seven (7) years after proceedings adjudicating such charge, audit, claim or litigation have resulted in full resolution and final action. Consult University Counsel and the Division of Research Integrity and Compliance for specific retention requirements when audit, investigations or legal proceedings incorporate Research Data.

Retention requirements must be compliant with any data restrictions, as outlined in section 588.5.4, below.

If public access to Research Data is required by the sponsor as set forth in 5.1, below, the University is responsible for providing such access unless the research study is transferred to another entity, as set forth in Section 588.5, below. Therefore, the Research Data must remain at the University under the management of a designated investigator/data steward.


5.1 Data Sharing Requirements

Under the Office of Science and Technology Policy Memorandum entitled “Increasing Access to the Results of Federally Funded Scientific Research” (dated February 22, 2013), the Federal Government requires that: ”to the greatest extent and with the fewest restraints possible…the direct results of federally-funded scientific research are made available to and useful for the public, industry and the scientific community. Such results include peer-reviewed publications and digital data.”

USU’s mission aligns with this requirement. USU’s Publication Policy as stated in Policy 583.6, is that “[r]estrictions on publication of the results of Research are incompatible with the basic concept of a research and educational institution as a source of knowledge.” USU Policy 586, “Open Access to Scholarly Articles”, further states: “Utah State University is committed to the widest dissemination of employees’ scholarly articles.” The results to be made available extend to Research Data that supports peer-reviewed publications. Federal agencies have promulgated policies under the OSTP guidance. USU complies with all applicable agency policies, and makes Research Data available as broadly as possible while also providing protection to data collected or acquired in the planning or conduct of research that is specifically restricted or controlled under Federal laws and regulations (e.g., export controlled data, Protected Health Information, or FERPA-protected Personally-Identifiable Information). For additional information regarding data access requirements of Federal Agencies and others, consult with the Data Services Coordinator at the USU Libraries.

Access to Research Data, and to data related to research but not yet incorporated in a peer-reviewed publication may be granted by the PI to co-investigators or other individuals. The PI is responsible for informing all data recipients of any limitations or restrictions on the use or dissemination of the data. Recipients are subject to all USU policies and procedures, state and federal laws, and contractual obligations relevant to the data they are provided by the PI.

5.2 Data Repositories

In addition to the sharing of Research Data that supports published research results, USU also engages in sharing of Research Data in the context of ongoing research collaboration. Such collaborations may be facilitated through the use of public or controlled data repositories. PIs shall exercise caution when publishing data to repositories to ensure that no data that is under contractual, regulatory or policy restrictions, as set forth in 5.4, below, are released to a repository or system that does not provide adequate security, as required under USU Policy # 558, “information Security.”

USU’s University Libraries provides access to public data archiving through its Open Access Institutional Repository, currently DigitalCommons@USU, provided at https://DigitalCommons.usu.edu. Refer to USU’s Repository Terms of Deposit for guidance on preparation and submission of data to the Open Access Institutional Repository. When USU Research Data is to be archived in discipline-specific or other public data repositories, metadata directing users to such data may be included in the University Open Access Institutional Repository as a means of fulfilling Data Sharing requirements.

5.3 Legal and regulatory access

To ensure needed and appropriate access – for example, to facilitate response to an allegation of research misconduct – university policies and procedures provide for sequestration of records under the authority of the Vice President for Research.

In some instances, a research sponsor has a legal right of access or access may be requested through the sponsoring agency under the federal Freedom of Information Act (FOIA). Such Requests will be coordinated through General Counsel, in its capacity as USU’s FOIA and GRAMA officer, or the Vice President for Research.

5.4 Data Restrictions

USU is subject to regulatory requirements that affect the acquisition and protection of data associated with Research and other operations. Among federal regulations and policies that affect USU’s treatment of data are the following:

  • The Health Insurance Portability and Accountability Act (HIPAA), 45 CFR Part 160 and Part 164, Subparts A, C & E, controls the use and release of Electronic Private Health Information (e-PHI) and impacts Research carried out by, or in collaboration with, USU Health Care Components. See USU’s Hybrid Entity Declaration for a list of units required to comply under HIPAA.
  • The Family Educational Rights and Privacy Act (FERPA) 34 CFR Part 99 and the associated Protection of Pupil Rights Amendment (PPRA) protects individual’s educational records and controls the information that can be gathered and released concerning students in US educational institutions. FERPA and PPRA impacts Research carried out with students in K-12 and institutions of higher education.
  • Export Control regulations are contained in the Export Administration Regulations (15 CFR 730-774) and the International Traffic in Arms Regulations (22 CFR 120-130). These regulations are overseen by the Department of Commerce and the Department of State, respectively. The goal of export control regulations is to prevent the sharing of technological items information that has been identified as posing potential threats to US national interests with foreign nationals. Data that is export controlled should never be shared publicly, but work accomplished as Fundamental Research may be released, as it is exempt from export control. Investigators should coordinate with the RGS Division of Sponsored Programs and USU Export Control Officers associated with RGS Division of Research Compliance & Integrity, when conducting research involving export controls.
  • Federal agency restrictions are sometimes placed on release of information or technology developed under federal funding. Such data are sometimes referred to as Sensitive but Unclassified in federal funding instruments. The Division of Sponsored Programs has primary responsibility for negotiating the terms of federal agreements, and seeks to limit USU’s liability related to data restrictions. Investigators should coordinate with the Sponsored Programs Division when they identify language that appears to restrict USU’s ability to freely publish its research findings.
  • USU Information Security Policy provides guidance on protection of restricted data, including physical security and information technology systems security. The policy discusses oversight of Institutional Data and provides for the classification of data types.
  • Intellectual Property protections are set forth in USU Policy 587 and reflect the requirements of the Bayh-Dole Act of 1980. Release of certain protectable information prior to taking steps to protect intellectual property rights limits USU’s ability to provide appropriate protections, and may inhibit the university in establishing patent or other rights as anticipated under Bayh-Dole and other statutes. For additional information concerning intellectual property rights, contact the Technology Transfer Services Division within the Office of Research and Graduate Studies.
  • Contractual Restrictions are sometimes negotiated between USU and research sponsors that include restrictions on release of certain data. For example, non-disclosure agreements often accompany certain research contracts of cooperative agreements. The Division of Sponsored Programs (DSP) has primary responsibility for negotiating contracts with research sponsors. Investigators should coordinate with DSP to provide the least restrictions reasonable related to public release of data, in accordance with the intent of the OSTP Memorandum referred to in Section 5.1 above.


Original Research Data and preliminary data collected or acquired in the conduct of Research at USU must be retained at USU, except as set forth below when the Principal Investigator (PI) leaves the university. When an investigator at USU leaves the University, the investigator may take copies of Research Data and other data associated with the Research when the individual’s participation in the design, conduct or reporting of the associated project can be established, and with permission from an authorized university representative.

When a PI leaves USU the Department Head and/or Dean, shall determine who will take responsibility for Research Data as set forth in RGS Procedure 588-PR.


7.1 University

Utah State University has the authority and is responsible for

  • Negotiating and Complying with the terms of sponsored research agreements;
  • Ensuring the appropriate use of project resources, e.g. animals, human subjects, recombinant DNA
  • Protecting the rights of researchers, including, but not limited to, their rights to access data associated with research in which they participated;
  • Securing intellectual property rights;
  • Facilitating the investigation of charges, such as research misconduct or conflict of interest;
  • Maintaining confidentiality of data, where appropriate; and
  • Complying with applicable state and federal laws and regulations

7.2 The Principal Investigator

The Principal Investigator (PI) has the authority and responsibility for primary stewardship of Research Data and all data associated with the conduct of research under their supervision on behalf of the University. In this capacity, the PI is responsible for data management in keeping with this policy and best practices in the PI’s discipline as follows:

  • Designing and implementing data acquisition processes that will support the conduct and reporting of research
  • Implementing data management systems that accommodate any applicable data security, protection, or restriction requirements
  • Ensuring proper management and retention of data in accordance with this and other USU policy
  • Establishing and maintaining appropriate procedures for the protection of restricted data and other essential data and records
  • Ensuring compliance with program requirements
  • Maintaining appropriate confidentiality of data
  • Complying with applicable state and federal laws and regulation
  • Archiving data appropriately, following USU’s Repository
  • Terms of Deposit and/or licensing with Creative Commons or Open Data Commons license.

In case of incapacity of the PI, that individual’s Data Trustee will take custody of the research data until other suitable arrangements are made for alternate custody of the data.