Re: Policy and Procedure for Electronic Research Tools

["Kenneth G. Arnold" <bkarnold () CBU EDU>]

We have had two instances recently where we needed feedback from students
and faculty/staff.

1.  We needed permission from the students to include their ID picture in
the video year book that was being created by the yearbook staff.
2.  We wanted the students and faculty/staff to complete an online
evaluation survey of our technology services.

In both cases an email was sent out to the person including a link to a web
page.  The link was similar to the
following:   http://www.cbu.edu/survey.cgi?email=user () cbu edu&pin=543823

The email address was to limit the responses to one response per user.  The
pin was to verify that this was the person who actually received the
email.  The pin numbers were generated randomly prior to sending out the
emails and a mass emailing program inserted the correct link in each email
as it was sent out.  If the person did not use the pin number associated
with that email address, the response would be considered an error. The cgi
collected the email addresses of the people who had followed the link to
indicate their approval to use their ID picture for the yearbook.  The
email for the survey stated that the email address was being used only to
make sure that each person responded only once and that the email address
would not be associated with any response they gave to the survey.  Of
course the cgi could have been written to know exactly who said what in the
survey but ours was not written that way.  The users just had to trust us
on this.

At 10:54 AM 7/5/2005, you wrote:
> Recently, I visited with our Research and Compliance Training Officer
> (IRB) concerning some of the electronic tools researchers are using to
> gather data for projects from human subjects on both sensitive and non
> sensitive topics.
>
> Some of the tools discussed were e-mail questionnaires and online surveys.
> If possible can any of you share with us what your institution or research
> group/board has done to ensure that data is secure and is only viewed and
> accessed by those who have to the right to it.
>
> Can you share what you have in the way of policy, procedure, education,
> training and security tools used?
>
> Theresa Semmens, CISA
> IT Security Officer
> North Dakota State University
> IACC 210C
> Ph: 701-231-5870
> E-mail: theresa.semmens () ndsu edu
>
> "If you believe you cannot do something, it makes you incapable of doing it.
> But when you believe you can, you acquire the ability to do it, even if you
> did not have the ability in the beginning."       Mahatma Gandhi


Brother Kenneth Arnold
System Administrator
Information Technology Services
Christian Brothers University
(901) 321-4333