Data security

Research data security is essential to prevent unauthorised access, disclosure, destruction or amendment of data. The principal investigator or lead researcher of a project is responsible for ensuring data security, the level of which depends upon the nature of individual data. Higher levels of security are required for sensitive data, which may include identifiable personal information, pose risks to commercial or intellectual property rights, or compromise national security. Researchers should also be aware of the GDPR and its implications for research.

If you have any concerns about data security, you should contact the IT Services helpdesk.

Data security options

There are a range of data security measures you can take. These include:

  • Controlled access to digital files through password protection and/or encryption
  • Firewall and anti-virus protection installed on all computers used
  • Identification and guarantee of the location of stored data
  • Controlled access to rooms and equipment where data (digital or physical) are held
  • Use of the University of Sheffield VPN when working off campus. (This allows access to IT Services research data storage, avoiding the need to store data insecurely elsewhere.)

Further security measures to protect sensitive data include:

  • Ensuring conditions of data providers’ consent are met
  • Anonymisation techniques or data aggregation to avoid disclosure of sensitive data
  • Never storing highly sensitive data on cloud services, including Google Drive, or on machines connected to an external network
  • Encryption of data if remote access is necessary, including via email or file transfer
  • Encryption of data transported on storage devices

Sensitive data may need to be destroyed if they are deemed to have no long-term value, or due to ethical requirements. In certain cases, data should be destroyed so that no information can be recovered. Researchers should be aware of the University’s information security policies.

Find out more about data security:

Access control

A number of individuals may require access to a project’s research data, potentially with different privileges to read, write, update or delete. IT Services research storage provides password protection and access to collaborators within the University.
The University Google Drive can be used to give controlled access to external collaborators, with the exception of highly sensitive data.

Find out more about access control and collaborative research:

For further information, please contact rdm@sheffield.ac.uk.