The University generates a lot of research data each year. This needs to be managed securely for the integrity of the research we do. As a researcher you need to ensure that the data you generate is managed securely in line with University and external policies.
Projects should generate a data management plan detailing the data used and generated, how this will be stored and shared and any ethical and commercial sensitivities. This plan will cover the whole lifecycle of the data from collection to archiving, and any dissemination and sharing. We have previously posted on why data management is important and data management planning. This post covers how you should store research data and what you need to consider when data is shared in or out of the University.
University research data storage
The Edinburgh Napier University Research Data Policy mandates that University approved systems must be used for storing all research data. This applies whether research is funded externally or internally.
Managed data storage for digital research material is provided by Information Services as follows:
- Externally funded research project: 0.5TB per project X:drive when requested by the Principal Investigator.
- Researcher on internally funded research projects: 10GB X:drive when requested by the researcher.
- Researcher with internal/unfunded research project requiring an X:Drive should contact RDM@napier.ac.uk to provide information and DMP to get a code to request an X:Drive
- PhD research student: 10GB V:drive. All current PhD students have been given a V:drive. All new PhD research students will have their V:drive enabled when their IT accounts are created.
X:Drives are requested via this webform. You will need to provide the project finance code [RXXX] as reference number. You also will be asked some questions about the data and asked to provide a copy of your DMP.
Larger storage requirements for data-abundant projects should also be requested via this web form, and these will be considered on a per project basis.
If using external services, you must be aware of the security and backup facilities provided. You should also be clear where the data servers are located as GDPR legislation requires that all personal data is stored within the EU. More information on storing data can be found on the UK data service website
If you request assistance with your DMP or require a draft DMP to be reviewed email RDM@napier.ac.uk . The review will cover GDPR as well as general data management advice
Security and Controlling Access
It is important that you keep your research data safe and secure while you are working on them. Data security involves ensuring that only authorised people have access to read, edit or use your data. This protects against both inappropriate disclosure of information and malicious or accidental modification.
The University’s information security guidance applies to research data and must be read by all researchers. The guidance includes information on encryption, access control, using your own devices, mobile computing and network security. Online training is available.
Access restrictions: You must secure your data if they contain personal information, to protect the identity of people covered by the Data Protection Act. You may be contractually obliged to keep research data confidential if they are covered by intellectual property agreements or are commercially sensitive.
Sending data: You will sometimes need to send data to people who don’t have access to your secure storage system (X:Drive or V:Drive). Encrypting a file before you send it via insecure means (e.g. email) ensures that the contents can only be read by someone who has the key. Advice on data security and encryption is available from Information Services. If you need to send or receive data from outside the University you should seek advice from IS, Governance Services and RIO. If you contact RDM@napier.ac.uk we can direct you the correct people within the University and facilitate the checks to ensure your data can be sent safely.
Securing data: Data security applies to both electronic and physical resources and involves the use of passwords, encryption, and physical locks. Information Services provides guidance on creating a strong password. Physical data and mobile storage devices can be securely stored by locking them in drawers or cabinets and locking rooms when unattended as per the University records and information security guidance.
Sharing research results is an established academic practice, whether through publication or through more informal means with colleagues and collaborators. The increasing digitisation of research means that it has never been easier to share data on a more detailed level.
There are a number of reasons why you might consider sharing your own research data:
- Sharing supports research integrity by allowing the analysis to be easily verified
- Sharing can be a source of new collaborations, as your work is more discoverable
- Published articles whose underlying data are also published often receive more citations
- Published data can often be used in novel ways not expected by the original data creators, such as large-scale meta-analyses
- Where shared data are reused this can be used by the originator as evidence of impact, helping career progression
- Many funding bodies require data from funded projects to be publicly available where possible (e.g. RCUK, and EC policies on access to research outputs).
When data is shared GDPR, ethics and commercial sensitivites need to be considered. This is before the data is in the public domain and/or shared with others.
When sharing data which is not openly available a data sharing agreement should be put in place before the data is transferred outwith the direct project team/from the data owner. This will cover the nature of the data and how it should be used. Usually this covers how the data will be transferred securely, which is very important if the data is being shared out of the EU.
Contact RDM@napier.ac.uk for advice on sharing data and dealing with data sharing agreements.