Research records (including physical and electronic) should be:

• Stored on NIH servers, devices, and equipment
  
  
• Backed up
  
  
• Secure, physically and electronically (e.g. password protected and encrypted in some cases)
  
  
• Kept for at least 7 years after the completion of the research or longer as required by written agreement or applicable policy or law (e.g., FDA regulations, Privacy Act)
  
  
• Accessible to all members of the research team
  
  

Note: Research data are federal records; destruction or removal of federal records (without permission) is a serious offense.

In some cases, outside parties may be able to obtain research data through a Freedom of Information Act request.