chat loading...
If you work as part of a team, you’ll also need to consider how to provide each person with the data access they need. Certain types of data may also have additional requirements: for example, personal data must be handled in accordance with the relevant legislation (see the Ethical and Legal Issues section for more on this topic).
All your research data needs to be appropriately stored during each phase of your project. University policy states that all research data must be stored in the university’s managed environment to protect against a data breach (as defined by the UK GDPR) and more general research data loss and corruption, as well as unauthorised access and modification.
The University currently offers Microsoft OneDrive for Business as a managed storage solution. For more information, consult the IT Service Desk.
When data is worked on collaboratively by a project team, it should be stored in a central location that can be accessed by everyone. Ad-hoc solutions such as emailing files to colleagues can lead to problems: it’s all too easy for people to end up working on the wrong version of the data, or to make incompatible changes. Additionally, unless encryption is used, email is not regarded as a secure communication method.
Some types of data require special protection. In particular, there are legal requirements covering the storage and processing of personal data (that is, data about identifiable living human beings). There may be additional ethical requirements, such as ensuring that any promises made to research participants are kept.
If you opt to use private storage (e.g. personally owned devices, or equipment bought using a research project’s budget), it will be your responsibility to ensure that data is stored in an appropriate manner and complies with all relevant security requirements.
In general, it is not good practice to rely on storage media such as USB sticks and portable hard drives. This type of device can be useful for very short-term storage or for transferring files which don’t need to be kept particularly secure, but they are not a robust long-term solution, as they can easily be lost or damaged.
If you do need to use portable storage, you should put in place working practices which transfer data from the portable device to a secure location as quickly as possible. If the material stored includes personal data or information that is confidential or otherwise sensitive, you should always use encryption.
You can encrypt individual files or folders or the hardware (e.g. laptop, hard drive, USB key, or mobile phone) on which the data is kept. Encryption of portable devices used to store research data (such as laptops and tablets) is good practice and essential when working with personal or otherwise sensitive data. Recent versions of Windows and Mac OS both come with built-in encryption software (BitLocker and FileVault, respectively). Consult the IT Service Desk for further guidance on file encryption.
Commercial cloud storage can often seem like a tempting prospect: it can be convenient and cost effective. However, there are reasons to be wary. This type of storage may fail to meet the University’s security requirements, and may not be fully GDPR compliant, making it unsuitable for use with personal data.
If you are contemplating using an external service to store any data which you wouldn’t be happy to make publicly available on the web, you should seek further advice. Check with the IT Service Desk or your Digital Skills Advisor for guidance on the best storage solution for your needs and ensure you meet the requirements of the University’s Research Data Management Policy and any funder policies.
It is vital to have a system in place for regularly backing up data, to avoid the risk of loss through accidental deletion, hardware failure, or theft or damage of equipment.
Backup copies of data should be kept in different locations. Making a second copy of your files is of limited value if it’s then stored alongside the primary copy, where the same thief or fire might easily deprive you of both.
If at all possible, the backup process should be automated. This removes the risk of forgetting, or simply not getting round to it because you’re busy with other things.
If you’re working with personal data, or material that’s otherwise confidential or sensitive, it’s important to ensure that your backup copies have adequate security. Many of the same considerations apply here as to storage of the primary copy of your data.