Ensuring your data are safe is crucial to any research project. A good storage and backup strategy will help prevent potential data loss.
Ensuring the security of data requires paying attention to physical security, network security, plus the security of computer systems and files to prevent unauthorized access or unwanted changes to data, disclosure, or the destruction of data. Data security arrangements must be proportionate to the nature of the data and the risks involved.
Encryption can be used for safely storing and sending files. Regular backups protect against accidental or malicious data loss, and this procedure can be easily automated. Data must be securely destroyed once it is no longer needed, as merely deleting files and reformatting a hard drive will not prevent data recovery.
A plan for storage of research data
A plan for storing research data is essential, both for the short and long term. The short-term plan considers how to store data during research, whereas the long-term plan identifies how and where to store data for archiving and future reuse after research activities end.
Which storage media?
Data accessibility depends on the quality of the storage media and the availability of the relevant data-reading equipment. An Amstrad floppy disc may still work perfectly 20 years after it was made, but the lack of working machines means the data on this disc may not be easily recoverable.
Optical media are vulnerable to damage by poor handling, changes in temperature, relative humidity, air quality, and lighting conditions. Data files should be copied to new media every two to five years after creation.
It is also good practice to check the data files on these discs at regular intervals. T
Magnetic media, like hard drives or tapes, are also subject to physical degradation and should be regularly migrated to fresh media.
File-sharing services, such as Google Docs, OneDrive, and Dropbox, may not be suitable for confidential data.
We recommend that any storage strategy, even for a short-term project, should involve at least two different forms of storage, for example, on the hard drive and DVD. Whichever form is chosen, the data integrity should be checked periodically.
How do you store confidential, sensitive, and personal data?
Storage of data that are considered confidential or sensitive may need to be addressed during consent procedures to inform the people to whom the data belongs and how and why the data will be stored.
Legally, data that contain personal information must be treated with more care than data that do not, as dictated by the Personel Data Protection (KVKK or GDPR)
Personal information can be removed from data files and stored separately under more stringent security measures. Any digital files or folders that contain sensitive information and data should be encrypted.
Signed consent forms or other non-digital records may contain identifying information and should be stored separately from data files, although an anonymous ID system can help link the two sets of materials together if required.
Protect against accidental or malicious data loss
Making backups of files is an essential element of research data management which ensures that original data files can be restored from backup copies, should they get damaged or go missing.
Regular backups help protect against accidental or malicious data loss due to:
The form of backup procedure required for a project will depend on local circumstances, the perceived value of the data and the levels of risk of losing data you are prepared to take. Carrying out an informal risk analysis can provide a good indication of backup needs.
Ensuring the security of data requires paying attention to physical security, network security, plus the security of computer systems and files to prevent unauthorized access or unwanted changes to data, disclosure, or destruction of data.
Data security arrangements must be proportionate to the nature of the data and the risks involved. Attention to security is also important when data files are to be destroyed.
Data that contain personal information should be treated with higher levels of security than data that do not, as the safeguarding of personal data is dictated by national legislation, the Personal Data Protection, which states that personal data should only be accessible to authorized persons.
Personal data can be stored in digital files or can exist in non-digital format: Patient records, signed consent forms, or interview cover sheets containing names, addresses, and signatures.
Security can be made easier by: