Back to Forum Back to Top


How should GPS data be stored?


Back to Forum

Browsing: How should GPS data be stored?

Vincent Chan

Posts: 7

If a researcher collects data from a participant using a wearable global positioning system device, what is a “best practice” for securely storing this data?

Camille Nebeker

Posts: 56

Can you share a description of your secure geodatabase? Are other researchers who collect geodata able to use your platform?

Katie Crist

Posts: 6

This is a description of the HIPAA compliant super-computing cloud we are using. Dubbed the "Sherlock Cloud", this environment is HIPAA-compliant and FISMA (Federal Information Security Management Act) security certified. As a result, documented plans are in place for security, risk, contingency, and incident response. Yearly third party audits, background checks on staff, and physical security of the computing equipment and location are also in place. Systems administration of the software infrastructure includes: timely security patches of software packages (e.g. PostgreSQL database), log collection and review, intrusion detection systems monitoring, firewall segmentation, strong authentication, encryption of data transfer, encryption of data at-rest, and backups that include off-site copies.

Marta Jankowska

Posts: 3

Other researchers can contact us about utilizing the secure geodatabase for their studies, as well as look into developing their own HIPAA geodatabase using local or Amazon HIPAA cloud services. Our IRB was sensitive to Amazon HIPAA cloud, however I have discussed with other research groups that their IRBs were okay with using the service.

Rubi Linares-Orozco

Posts: 33

From my previous experiences with GPS in research studies, most studies that used GPS were looking at identifying behavioral patterns and were not focused on "identifying" an individual or keeping identifiable data on a specific individual.

The description of how they would protect the data looked something like this: "GPS data is not transmitted in real time. Any potential risk of embarrassment or privacy due to analysis with GIS data is mitigated by developing variables from the GPS data like the number of walking trips taken or average distance walked. Additionally, environmental measures created from the GIS analysis will be used in statistical modeling at the group level only, and will not be individually mapped or visualized for publication purposes. Data collected from the GPS device will be kept confidential within the research team, and that no material that could personally identify them will be used in any reports or publications from this study, unless explicit permission is given via written release. Participant data will not be sold or exchanged with anyone. All data will be stored on a firewall and password-protected project server at the institution that can only be accessed by authorized members of the research team and/or institutional officials."

One of the potential harms raised was whether the GPS data could depict a pattern that could potentially place the subject in legal harm or social harm, which is why the issue of privacy and data sharing was emphasized in the security measures. However this language would be dependent on the device you are using. For example, if you are utilizing cell phone GPS Data, there is no control over what cell-phone companies do with the data, so you cannot guarantee that the data will not be shared or used to identify the individual. Which doesn't mean you can't use cell phone data, it just means you have to be transparent about the risks and detail what you as an investigator can and will do to assist in safeguarding data collected for research purposed, and also provide education to your subjects on these potential risks and what these risks really entail.