Storing your data securely

University filestore provides a convenient and secure storage option. It also has the advantage of being regularly backed up by IT Services.

Using the University filestore may be necessary if you need to meet requirements for guaranteed UK storage or storage on site.

Your personal filestore is convenient for your own use. If you need more space to store your research data you should contact your Departmental Computing Officer or IT Services.

IT Services also provide additional storage in the form of the shared filestore (known as Storage). This is useful if you need to be able to share a working area with a number of colleagues/project team. There is no charge for this service.

Information for staff leavers/student leavers pages provide instruction on what to do with research data stored on the filestore before you leave.

Please note: Data stored on a departmental fileserver is the responsibility of the department concerned. Always check with the manager of the fileserver for details of their policies and security setup.

The University's cloud storage option Google Drive is recommended for active research data storage in most cases.

IMPORTANT: If you are using research data supplied by a third party, ensure that you are aware of the requirements of the data provider, who may not agree to datasets being stored or shared via Google Drive. You should also follow any funder requirements for data storage and its location. Consider whether the datasets would be more appropriately stored on the University filestore.

The University has a contract with Google which includes assurances around data protection. For more information see IT Services' Google Apps legal information outlining the terms and conditions, Privacy and data protection, Usage guidelines and Google Apps data & security web pages.

Information for staff leavers/student leavers pages provide instruction on what to do with research data stored on Google Drive before you leave.

Please note: The use of a personal (non-University) Google account is not recommended as this will not be covered by the University's contract arrangements.

Native Google Drive files (e.g. Google Docs and Google Sheets) will need to be downloaded into different formats before transfer to the University's Research Data York service. Ensure that the file format chosen adequately and accurately captures the content of the item, e.g. that calculated values in spreadsheets are retained or comments within documents captured.

The University Data Safe Haven is a controlled and secure environment for undertaking research using sensitive data that requires additional safeguards.

You should use the Data Safe Haven when you:

• need to access and work with sensitive data that requires a high degree of security
• and other researchers need to work together on a project involving sensitive data
• need to meet your data provider requirements to use a secure platform.

Prior to using the service you must complete the Data Safe Haven training.

If you wish to discuss the Data Safe Haven in more detail, contact itsupport@york.ac.uk.

Storing files on your hard drive (C: drive) is not recommended. There is a risk of data loss and you can't guarantee that others will not be able to access your machine. See IT Services' web page for more information:

• File security

Be aware of the risk of losing any portable device. Ensure that your data is regularly backed up (e.g. on the University filestore or Google Drive) as making backups of files ensures that original data files can be restored from backup copies, should originals get damaged or go missing.

Encryption must be set up on any device that contains personal or sensitive data. See IT Services' web pages for more advice:

• Protecting confidential data

USB sticks and other external storage devices are very susceptible to loss or damage. They should be avoided where possible and must not be used for unencrypted personal or sensitive data. See IT Services' web pages for further advice:

• Protecting confidential data

We advise that you do not upload personal or sensitive data to services that the University does not have a contract with.

For more information and alternatives, see Usage advice for cloud services on the IT Services' web pages.

The DropOff Service may be suitable for the exchange of files but you must still encrypt personal or sensitive data.