Data Management Plan Template

Describes how your study will collect, store, access, retain, share, and destroy participant data.

1. Data Collection

• Types of data: [FILL IN]
• Collection method: [FILL IN]
• Identifiers collected: [FILL IN]
• Sensitive data flag: [FILL IN]

2. Storage

• Primary storage: [FILL IN]
• Encryption: [FILL IN]
• Backup: [FILL IN]
• Separation of identifiers: [FILL IN]

3. Access Control

• Authorized personnel: [FILL IN]
• Access method: [FILL IN]
• Audit log: [FILL IN]
• Revocation procedure: [FILL IN]

4. Retention

• Retention period: [FILL IN: typically 3–7 years]
• Rationale: [FILL IN]
• Custodian: [FILL IN]

5. Sharing

• Within team: [FILL IN]
• External collaborators: [FILL IN]
• Public sharing / repository: [FILL IN]
• What will be shared: [FILL IN]
• What will NOT be shared: [FILL IN]

6. Destruction

• Trigger: [FILL IN]
• Electronic method: [FILL IN]
• Paper method: [FILL IN]
• Biospecimen method: [FILL IN]
• Certification: [FILL IN]

7. Breach Response

1. Secure the affected system immediately.
2. Notify the PI within 24 hours.
3. Notify the IRB within 10 business days.
4. Notify affected participants as required by HIPAA / state law.
5. Document the incident, response, and corrective actions.