Storing your data securely
It is essential that you choose an appropriate way to store your active research data (ie the data you are using).
You will need to take into account:
Ease of access for you and your collaborators, while ensuring no unauthorised access
The back-up systems associated with particular storage options
The security of your data. This is critical if you are working with sensitive or personal data
- Any funder, data provider or departmental requirements on the location or type of data storage.
For information on retention, disposal and archiving of research data when it is no longer in use, see the Sharing, preserving and depositing your data pages.
Where to store your data?
University filestore provides a convenient and secure storage option. It also has the advantage of being regularly backed up by IT Services.
Using the University filestore may be necessary if you need to meet requirements for guaranteed UK storage or storage on site.
Your personal filestore is convenient for your own use. If you need more space to store your research data you should contact your Departmental Computing Officer or IT Services.
IT Services also provide additional storage in the form of the shared filestore (known as Storage). This is useful if you need to be able to share a working area with a number of colleagues/project team. There is no charge for this service.
Information for staff leavers/student leavers pages provide instruction on what to do with research data stored on the filestore before you leave.
Please note: Data stored on a departmental fileserver is the responsibility of the department concerned. Always check with the manager of the fileserver for details of their policies and security setup.
The University's cloud storage option Google Drive is recommended for active research data storage in most cases.
IMPORTANT: If you are using research data supplied by a third party, ensure that you are aware of the requirements of the data provider, who may not agree to datasets being stored or shared via Google Drive. You should also follow any funder requirements for data storage and its location. Consider whether the datasets would be more appropriately stored on the University filestore.
The University has a contract with Google which includes assurances around data protection. For more information see IT Services' Google Apps legal information outlining the terms and conditions, Privacy and data protection, Usage guidelines and Google Apps data & security web pages.
Information for staff leavers/student leavers pages provide instruction on what to do with research data stored on Google Drive before you leave.
Please note: The use of a personal (non-University) Google account is not recommended as this will not be covered by the University's contract arrangements.
Native Google Drive files (e.g. Google Docs and Google Sheets) will need to be downloaded into different formats before transfer to the University's Research Data York service. Ensure that the file format chosen adequately and accurately captures the content of the item, e.g. that calculated values in spreadsheets are retained or comments within documents captured.
The University Data Safe Haven is a controlled and secure environment for undertaking research using sensitive data that requires additional safeguards.
You should use the Data Safe Haven when you:
- need to access and work with sensitive data that requires a high degree of security
- and other researchers need to work together on a project involving sensitive data
- need to meet your data provider requirements to use a secure platform.
Prior to using the service you must complete the Data Safe Haven training.
If you wish to discuss the Data Safe Haven in more detail, contact firstname.lastname@example.org.
Storing files on your hard drive (C: drive) is not recommended. There is a risk of data loss and you can't guarantee that others will not be able to access your machine. See IT Services' web page for more information:
Be aware of the risk of losing any portable device. Ensure that your data is regularly backed up (e.g. on the University filestore or Google Drive) as making backups of files ensures that original data files can be restored from backup copies, should originals get damaged or go missing.
Encryption must be set up on any device that contains personal or sensitive data. See IT Services' web pages for more advice:
USB sticks and other external storage devices are very susceptible to loss or damage. They should be avoided where possible and must not be used for unencrypted personal or sensitive data. See IT Services' web pages for further advice:
We advise that you do not upload personal or sensitive data to services that the University does not have a contract with.
For more information and alternatives, see Usage advice for cloud services on the IT Services' web pages.
The DropOff Service may be suitable for the exchange of files but you must still encrypt personal or sensitive data.
Other information security issues
You should also be aware of other related security issues, for example, the use of email when handling personal or sensitive data, account management, phishing, anti-virus software and the need to keep your computer up to date. See the IT security web pages for more information.
The Information Classification and Handling Scheme provides guidance on the classification of information (e.g. public, restricted, confidential) and the different levels of security required.
The University’s Information Security Policy and related policies are available at: Using and protecting information.
Records management guides (login required) a series of guides produced by the University of York to help support the maintenance and good management of records, including data (paper and electronic).
The Data Security (PDF , 255kb) guide is particularly helpful, offering guidance on data acquisition, storage, data retention, access controls, mailing records, third party access/processing, backups, and the disposal data - including advice on the management of personal and sensitive data.
University of Edinburgh, Research Data MANTRA
Storage and security a training module from the MANTRA research data management online course. This module provides an introduction to the issues involved in storing, securing and backing up your research data.