Calendar A-Z Index School of Arts and Sciences University of Pennsylvania

Research and PII

Printer-friendly versionPrinter-friendly versionSend by emailSend by email

If your research involves humans, it very likely has to deal with PII in one way or another.

If you need to pay your subjects, you may need to collect their Social Security Number (SSN). Penn's Social Security Number Policy has very clear guidelines on how you must protect SSN's. Working closely with your Regional Business Office you should develop a procedure that eliminates the need for you or your lab to keep or transmit these SSN's.

Your research itself may require the collection of sensitive data. Regardless of the sensitivity of the data you collect, you will need to work with the Office of Regulatory Affairs (ORA) to get approval for your Human Subject Research from Penn's Institutional Review Board (IRB). If you are not sure if your research requires IRB review, you should contact the ORA and they will work with you to determine if your work is exempt. When preparing your IRB protocol you will be required to specify how you will protect the confidentiality of subject data as well as the subject's privacy. SAS Information Security is happy to discuss these protections with you in advance of your IRB submission. Please write to if you would like to discuss research data protections.