Skip Navigation

UMaine Research

Follow us on Twitter Join us on Facebook Watch us on YouTube Contribute to our Flickr Group

Data Encryption

Data Encryption Requirement

             To ensure confidentiality of identifiable, electronic data, the Institutional Review Board (IRB) is now requiring that the electronic key linking participants’ identities to their data be encrypted.  This will be accomplished by the use of TrueCrypt, a free, open-source disk encryption software.  The accompanying document includes instructions on using and installing the software.

Points to remember:


-           If data are collected without identifiers (i.e., anonymous data), encryption is not required.

-           Most often, the only data that must be encrypted is the computer file that is the key linking participants’ names to collected data – generally a small file.  If data are coded, but the key is in paper format (i.e., handwritten), there is nothing to encrypt (obviously!).

-           If electronic, identifiable data are not coded, the entire dataset must be encrypted.  This might occur if:  a) the dataset includes participants’ names (usually not done), or b) the data could be identifiable because of the type of data collected (e.g., some demographics can identify people).

Instructions on how to use TrueCrypt (Word)

Contact the IRB Office with questions, (, 1-1498).

NOTE:  Use of a different encryption program is acceptable.









The Institutional Review Board thanks the Department of Information Technologies for assisting in the selection of the encryption program, and Dr. John Koskie for his help (and patience) in developing the accompanying document.


Back to Compliance