Keeping your data safe

During the research project you will need to store your digital research data so it is secure and backed up regularly, but is easily accessible to those authorised to do so.

Data storage during the research project

It is good practice to store only what you need to keep and keep at least three copies of crucial data. It is recommended that data is stored on the University’s networked fileservers and copies kept on remote storage and /or portable storage.

There are four options for data storage:

Networked University drives

Filestores – the personal U drive or shared M drive. As these are secure and backed-up regularly, they are ideal for master copies of your research data. They are also conveniently accessible from wherever and whenever required.

Local drives

PCs and Laptops  - Data can be lost because local drives can fail, or the computer may be lost or stolen. These are convenient for short-term storage and data processing but should not be relied upon for storing master copies, unless backed-up regularly. In some cases, highly secure local drives that are unconnected to a network, yet rigorously backed-up, are appropriate for storing very sensitive data.

Remote or Cloud storage

The University of Sheffield provides cloud storage service through Google Apps, which meet data security and privacy requirements. Other commonly used services, such as Dropbox and Mozy, will not be appropriate for sensitive data, and their service level agreements should be studied before using them to store your research data.

External portable storage devices

External hard drives, USB drives, DVDs and CDs. These are very convenient, being cheap and portable, but not recommended for long-term storage as their longevity is uncertain and they can be easily damaged. They should not be used for unencrypted sensitive data as they can be easily lost.

The University of Sheffield CICS provides information about:

Backing-up your research data

Digital files may be accidentally lost or corrupted so that errors are introduced or the file becomes unreadable. To avoid corruption of data, the researcher is responsible for ensuring that data are backed-up regularly – ideally automatically and to several locations. This ensures a copy of the data is made that can be retrieved if the original is lost or corrupted.
The ‘3-2-1-rule for Backup’ is a simple way to remember best practice:

3: Keep 3 copies of important files

2: on 2 different media (if possible)

1: with 1 copy being stored offsite (or offline)

The personal and shared networked filestores managed by CICS are regularly backed-up, so if you store your data at another location, you will need to manage the back-up strategy. The UKDA provides advice on Backing-up data.

Non-digital research data

Non-digital textual data should ideally be digitised to facilitate long-term preservation and sharing. Audio and audio-visual tape recordings, photographic prints and slides, microscope slides may also be digitised.
If your research data consists of physical objects (samples, slides, artifacts) which cannot be digitised, then these should be stored securely so that access may be permitted on request.

Data security

Data security is needed to prevent unauthorised access or disclosure and changes to or destruction of data. The principal investigators are responsible for ensuring data security. The level of security required depends upon the nature of the data – personal or sensitive data need higher levels of security.

  • Computer and file security involves controlling access to folders and files through password protection and by encryption. Anonymisation techniques or data aggregation may be used to avoid disclosure of sensitive data.
  • Network security involves firewall protection and anti-virus protection installed on every computer. Avoid storing sensitive data on a machine connected to an external network, and avoid using cloud file sharing services (Google docs or Dropbox) for sensitive data. If remote access is necessary, sensitive data must be encrypted. Avoid sending sensitive data via email or file transfer, without encryption.
  • Physical data security requires control of access to rooms and equipment where data (digital or physical) are held, and avoid transporting of sensitive data unless encrypted.

Sensitive data may need to be destroyed if they are deemed to have no long-term value, or due to ethical requirements. The data must be destroyed so that no information may be recovered. Researchers should be aware of the University of Sheffield Information Security policies.

The University of Sheffield CICS provide:-

For more information about controlling collaborators’ access to your research data see Collaboration.

For further information, please contact rdm@sheffield.ac.uk