Important: data Retrieving
For practical procedure regarding MEG data retrieving see the specific guidelines.
General Data Management
Management of the data collected at the MEG Lab is based on the guidelines described in the CIMeC General Data Protection Regulation, which applies Regulation (EU) 2016/679 “General Data Protection Regulation” (hereinafter “GDPR”), to scientific research. The two essential points to be considered when handling data are:
1) For any research project, responsibility for the data processing procedure is assigned to the project PI; it is therefore essential that the PI, together with collaborators, define data processing right from the preparatory phase of the research project;
2) Personal data processing is subject to severe privacy protection restrictions, violation of which entails legal risks for both the PI and CIMeC. Luckily, pseudonymisation and anonymisation make it possible to manage data far more freely. It is therefore best to apply the provisions of the GDPR, which require the pseudonymisation/anonymisation of data as quickly as possible along the processing chain.
For a description of the procedure necessary to define data processing by the PI and for the general CIMeC data-processing guidelines, refer to the CIMeC Data Protection Regulation. Below is a description of the specific guidelines of the MEG Lab, with operative suggestions to implement the necessary security protection for each stage of data processing, including the aim to pseudonymise/anonymise data as quickly as possible in the processing chain, releasing the restrictions on personal data processing.
Data collected and processed by the MEG Lab
The following types of data are collected and processed by the MEG Lab:
MEG data: MEG/EEG recordings of participants’ neural activity. Data is saved in a proprietary format defined by the manufacturer of the magnetoencephalograph (“fiff” format). The file does not contain any data that can identify the participant. Reconciliation is possible only by matching the file name, which contains a unique pseudonymous alphanumerical code assigned to each participant, with the code present in the reconciliation file. The data is therefore pseudonymised. Each file is saved on the MEG console and, overnight following its recording, an automatic system moves the file from the console to a dedicated share on the CIMEC storage that is read-only for researchers. The moving procedure involves a check of file integrity by means of MD5 code, as well as a check that the file name meets with the standard. The file name must contain the unique code assigned to the volunteer and the reference project, and it must not contain a name or surname that can directly identify the participant. Once saved to the dedicated CIMEC share, the file is removed from the MEG console.
Eye-tracking data: data produced by the eye-tracking system available at the MEG laboratory. These are recordings of the participant’s eye movement during the experiment. The data in itself does not contain any information that could identify the participant. The file name is set by the researcher but must not contain any directly identifying personal data, except for the pseudonym code to allow for potential reconciliation. This data is saved to the eye-tracker control PC for as long as is necessary for recording. Once obtained, the researcher is responsible for transferring it to a suitable computer storage device, preferably the CIMEC share.
Behavioural data: various types of data resulting from the trial scripts of the specific experiment. The contents of this data vary from experiment to experiment, depending on the needs of each project and as outlined during the experiment design and project approval phase. It is strongly recommended that they not contain any data allowing the participant to be identified, except for the pseudonym code if reconciliation should be necessary. This data is stored on the MEG laboratory stimulation PC for only as long as necessary for registration. Once obtained, the researcher is responsible for transferring it to a suitable computer storage device, preferably the CIMEC share.
MEG recording compatibility questionnaires: these are paper documents with information collected before the experimental recording to identify potential incompatibilities with the MEG recording session. The questionnaires contain personal and potentially sensitive data. The laboratory is not the data controller of this data collected by the researcher, who is responsible for it.
Reconciliation file: document associating the pseudonymisation code (and therefore the data collected) with the contact and personal data of the participant. The laboratory is not the data controller of this data collected by the researcher, who is responsible for it.
Data processing procedure
Researchers must adhere to the following guidelines:
- Each research project is assigned a local password and username on the stimulation computer. The eye-tracking computer and MEG console are not password-protected and are available to the researcher exclusively during the trial session. It is therefore essential that, at the end of each experiment, the researcher transfers the data collected – apart from the MEG data, which is automatically transferred – to the CIMeC share, as outlined in the general guidelines. When necessary, BT1 the reconciliation file must not be kept on the laboratory computers.
- The researcher shall name all files relating to the data collected (behavioural, eye-tracking and MEG) with a pseudonym code. The researcher is also responsible for naming the MEG data file according to guidelines on the laboratory wiki and specifying the laboratory. Under no circumstances shall file names be used that contain personal information, which would enable the immediate identification of the participant.
- MEG data is automatically copied to a protected share of the CIMeC share, with read-only access for researchers. If there are no inconsistencies or errors in naming the files, copying is automatic. The day after the session, the researcher shall copy the data from the read-only share to the personal protected share space of the CIMeC share, into a protected folder, separate from that containing the reconciliation file. CIMeC ensures storage of MEG data for up to 18 months after the date of the session.
- Eye-tracking data is saved to the eye-tracker control PC, which, for technical reasons, is not connected to the network. At the end of the trial session, such files must be copied to a protected folder of the CIMeC share, separate from the folder containing the reconciliation files, and they must then be deleted from the eye-tracker control PC. They can be copied using a password-protected pen drive, taking care to delete the data from the drive, once transferred to the CIMeC share.
- Behavioural data is saved to the stimulation PC, which, for technical reasons, is not connected to the network. At the end of the trial session, such files must be copied to a protected folder of the CIMeC share, separate from the folder containing the reconciliation files, and the must then be deleted from the stimulation PC. They can be copied using a password-protected pen drive, taking care to delete the data from the drive, once transferred to the CIMEC share.
- CIMeC refuses all and any liability for the storage of data saved to the laboratory computers.
- As soon as possible (especially quickly if participants are not expected to be called back for a subsequent trial session), delete the reconciliation file. At this point, the pseudonymised data becomes anonymised and is no longer subject to any protection restrictions.
- The researcher enters the participants’ data and the associated file names into the reconciliation file on a computer assigned for personal use or on the CIMeC share. In extraordinary cases, this file may be saved and edited by the researcher on a laboratory PC, taking care to delete it from the laboratory PC and to transfer it to the CIMeC share at the end of the trial session and, no matter what, by the end of the working day.
Back to: MEG Lab Home Page