Safe and secure storage of research data is essential to protect against data loss, unauthorised access, and ensure compliance with institutional, funder, data provider and legislative requirements.
When choosing storage options consider where, when and how many times the data will be backed up, data security, and access control - whether it will permit access for the research team and collaborators. Also consider whether you will need to archive your data at the end of your project and whether your chosen storage solution will permit this.
You should not keep person identifying information ("PII") indefinitely and should aim to anonymise it as soon as possible or follow the retention as prescribed by your funders, data providers or in line with the University Records Retention Schedule. As such, make sure you have processes for secure deletion of the data, both paper and electronic. Retention does not mean you archive after the retention period has been reached. Once retention is reached you will need to securely delete the person identifying information. If you will dispose of confidential or personal data then see the Information Governance Office guidance on disposal of confidential material.
Digital data solutions
All information must be stored and handled in a manner appropriate to its security classification, and the master copy of all digitally held information, regardless of its security classification, must be stored on University-approved systems. If you intend to capture audio, video or images of participants, these must be stored as described in the Taking recordings of participants for research projects SOP to ensure compliance with data protection laws.
To safeguard your data, we recommend using storage systems provided by the University, such as the Research Data Storage (RDS) Service, departmental shared drives or SharePoint. These systems are regularly and automatically backed up, and may be accessed on-campus and off-campus.
More detailed guidance and a summary table of digital storage and collaboration options are available on our Storage and Collaboration page.
Research Data Storage Service
- University-approved storage for research projects.
- Intended for use by research groups and supported by IT Services. Principal Investigators can apply for storage space using the request storage space form and can then grant access to other researchers and students.
- Each research project is entitled to 8TB of (replicated) storage, free at the point of use. Additional storage may be requested and charges apply. Research IT can provide further guidance on storage options.
- Accessible remotely via GlobalProtect Virtual Private Network (VPN).
- Hourly backups which can be accessed within 24 hours and daily backups which can be accessed within 35 days.
OneDrive for Business
- Available to all staff and postgraduate researchers.
- 1TB of storage space
- Use OneDrive for Business to store working drafts and for collaborating on documents before they are finalised and stored in a more permanent storage space such as Research Data Storage or Sharepoint
- OneDrive provides the ability to store and protect your files, and share them with other researchers working on your project, as well as those external to the University
- You can control access permissions to your files and folders in OneDrive
As per the University’s standard operating procedure for information security classification, ownership and secure information handling, please ensure that you have encrypted Highly Restricted or Restricted information such as person identifying information.
Data Safe Haven
- The Data Safe Haven provides an infrastructure for the secure management and processing of personal, sensitive and confidential information.
- For research projects that need to handle the following type of studies:
- All NHS-Digital data users who need to be NHS Information Governance Toolkit (IGTK) compliant, unless there are reasons this cannot proceed.
- Other, non NHS-Digital data users who also need to be NHS IGTK compliant, including section 251 approval.
- Other, non NHS-Digital data users where the data is highly sensitive and their security requirements could only be met by a data safe haven.
- Defence data.
- Enables secure file transfer.
- If you wish to discuss Data Safe Haven in more detail, contact the Research IT team.
Portable devices and media
Portable devices and media (such as laptops, USB sticks, external hard drives and DVDs) are vulnerable to failure, damage, loss and theft. The IT Services policy on point storage solutions strongly discourages their use. An unmanaged laptop can easily miss important updates such as anti-virus and become a target for hackers.
Nonetheless, there are exceptional circumstances, such as fieldwork, where portable devices and media may be necessary to temporarily store or transfer data. Where such exceptions exist, data should be moved as soon as possible to University-approved systems.
If you are using portable devices and media then:
- Temporary storage of Highly Restricted or Restricted information (such as person identifying information) outside of University-approved systems require the file, device or media to be encrypted and the device or media to be kept physically secure at all times.
- Consider the need for regular backups. The Information Governance Office can advise whether such duplication of information is recommended for specific scenarios. Duplicating versions of data already stored on the Research Data Storage Service (described above) is not necessary.
- Making backups ensures that original data files can be restored from backup copies, should originals be damaged or lost. It is helpful to regularly document and test your backup procedures to ensure they are functioning as planned.
- The 3-2-1 principle offers a useful rule of thumb:
- Save three copies of your data (original copy and two backup copies),
- two locally (on two different devices),
- and one off-site.
- Backing up your data at regular intervals minimises the amount of data you can lose. When deciding how regularly you should back up your data, consider how many hours or days of work you are willing to lose.
- Research IT provides support and guidance on digital data solutions.
- Information Governance Office provides support and guidance on data protection, records management, information security and a risk review service.