Data security
Guidance on research data security and the measures you can take to protect sensitive data.
About
Research data security is essential to prevent unauthorised access, disclosure, destruction or amendment of data.
The principal investigator or lead researcher of a project is responsible for ensuring data security, the level of which depends upon the nature of individual data.
Higher levels of security are required for sensitive data, which may include identifiable personal information, pose risks to commercial or intellectual property rights, or compromise national security.
The SafePod at The University of Sheffield is a safe setting allowing researchers access to a range of datasets that require secure access. For support accessing secure data on individual computers (including Office for National Statistics datasets), contact the Information Security Team at info-security@sheffield.ac.uk.
Export control legislation (staff only link) may apply if there is a risk to national security or concern about the country to which data is being transferred. Researchers should also be aware of the GDPR and its implications for research.
If you have any concerns about data security, you should contact the IT Services helpdesk (student/staff only link).
Data security options
There are a range of data security measures you can take. These include:
- controlled access to digital files through password protection and/or encryption (University login required)
- firewall and anti-virus (University login required) protection installed on all computers used
- identification and use of appropriate storage (see Data Storage advice)
- controlled access to rooms and equipment where data (digital or physical) are held
- use of the University of Sheffield VPN (University login required) when working off campus (this allows access to IT Services research storage (University login required), avoiding the need to store data insecurely elsewhere)
Further security measures to protect sensitive data include:
- ensuring conditions of data providers’ consent are met
- anonymisation techniques or data aggregation to avoid disclosure of sensitive data
- never storing highly sensitive data on cloud services, including Google Drive, or on machines connected to an external network
- encryption (University login required) of data if remote access is necessary, including via email or file transfer
- encryption of data transported on storage devices
- use of the University’s Secure Data Service, a secure, cloud-based platform for researchers working with sensitive data.
Sensitive data may need to be destroyed due to ethical or contractual requirements, or when the desired outcomes have been achieved. In these cases, data should be destroyed so that no information can be recovered.
Researchers should be aware of the University’s information security policies (University login required).
More information about data security
Information security (University login required)
Legal and ethical issues (UK Data Service)
Working remotely (University login required)
Information security for research (University login required)
Access control
A number of individuals may require access to a project’s research data, potentially with different privileges to read, write, update or delete.
IT Services research data storage (student/staff only link) provides password protection and access to collaborators within the University.
The University Google Drive can be used to give controlled access to external collaborators, with the exception of highly sensitive data.
More information about access control and collaborative research
Data security and privacy with Google (University login required)
University storage (including for collaborative working) (University login required)
Strategies for collaborative research (UK Data Service)
For further information, contact rdm@sheffield.ac.uk.