Skip to Main Content
It looks like you're using Internet Explorer 11 or older. This website works best with modern browsers such as the latest versions of Chrome, Firefox, Safari, and Edge. If you continue with this browser, you may see unexpected results.

Writing Data Management Plans: Data Storage

Storage, Backup, & Security

It should go without saying that it is incumbent on you as a researcher to keep your data safe and secure throughout the research lifecycle. It can be a painful and expensive experience for you as a researcher when data is lost (perhaps forever), but it can a far worst experience for your research participants if (for example) interview transcripts were to fall into the wrong hands. For these reasons you should give full consideration to the storage (& backup) and the security of your research data.

 

Storage & Backup

Describe where the data will be stored and backed up during the course of research activities. It is recommended to store data in least at two separate locations, even if backups are performed. Use robust, managed storage with automatic backup. If external servers are used please ensure that they are compliant with GDPR and any other legislation related to the data collected.  Please contact IT services for options that may be available to you.

Storing data on laptops, stand-alone hard drives, or external storage devices such as USB sticks should be avoided.

Your plan should include any additional costs or resources needed to ensure your data is stored and backed up in an appropriate fashion.

 

Security

Consider data security, particularly if your data is sensitive e.g., detailed personal data, politically sensitive information or trade secrets. Note the main risks and how these will be managed. Pay particular attention to the risks associated with personal voice recorders if you are doing fieldwork and a secure connection cannot immediately be established. Please contact IT services for assistance with device encryption, especially for sensitive data.

If using commercially sensitive data outline the steps that will be necessary to prevent compromise by acts of industrial espionage.

If sharing sensitive data with third parties outside of your organisation it is necessary to document what systems and procedures are required.