Please read the below procedures for the appropriate methods to obtain and/or manage data.
University of Maryland, Baltimore County
UMBC has a procedure for the review and approval of data use agreements (DUAs) to address issues such as limitations on use of the data, liability for harm arising from the use of the data, publication, and privacy rights that are associated with transfers of confidential or protected data. Managed by the Office of Sponsored Programs, investigators must first supply information about the DUAs and obtain university approval.
National Science Foundation
NSF has published a revised version of their Proposal and Award Policies and Procedures Guide (PAPPG) that requires, in all proposals submitted or due on or after January 18, 2011, a supplementary document of no more than two pages describing a Data Management Plan for the proposed research. As a supplementary document, the data management plan is not included in the 15-page limit for proposal bodies. Fastlane will not permit submission of a proposal that is missing the Data Management Plan. Use the below for more information: The NSF Data Sharing Policy page describes dissemination and sharing of research results
Other Regulatory Requirements
HIPAA – HIPAA Privacy Rule protects the privacy of individually identifiable health information
FERPA – the Family Educational Rights and Privacy Act protects the privacy of student education records
CIPSEA – the Confidential Information Protection and Statistical Efficiency Act of 2002 protects data or information acquired by a federal agency under a pledge of confidentiality for exclusively statistical purposes from being disclosed in identifiable form.
Guide to GDPR compliance – provides library of straightforward and up-to-date information to help organizations achieve GDPR compliance.