What forms of control do I have over access to my data? Do I need to restrict access in any way?
Securing digital research data is part of the issue of information technology security. You should always have up-to-date anti-virus software installed on your office and home computer.
If you have sensitive data that are covered by privacy laws or confidentiality agreements, it is best to store them on a computer that is not connected to any network. If this is not possible, then you can also consider encrypting your data.
The final issue to consider is physical security. A computer that is not connected to a network is still vulnerable to theft and malicious damage/modification to data. For further information on this topic can be found in the University’s guidance on security:
For highly sensitive data you can use an external hard drive and store it in a locked safe overnight. Such data should not be stored on portable drives such as laptops and flash drives unless absolutely necessary. It is highly recommended to encrypt such data if you have to store them on these devices.
Encryption, whereby data is transformed into code, is a good way of ensuring its confidentiality and security. You will find the University's guidance on encryption useful:
Truecrypt is well-regarded free encryption software that is available for all platforms.
The University also has comprehensive guides to the disposal of confidential and/or sensitive waste held on paper, CDs, DVDs, tapes, discs and disposal of records:
A-Z Guide to Recycling & Waste
If your research involves human subjects, you will need to consider both legal and ethical obligations regarding sharing your data.
The 1998 Data Protection Act affects the processing of personal or sensitive data and the circumstances under which you can share them with others.
The University's Records Management Section has online guidance and offers direct support for decisions about information disclosure:
The role of the University's various research ethics committees is to develop policy and general guidance for Colleges and Schools on ethical issues arising from non-medical research involving human participants. Your School may have its own research ethics committee or guidance.
Avoidance of disclosure of personal or sensitive data can be accomplished in a number of ways, including anonymisation techniques or data aggregation for numeric data, editing of video or sound recordings, use of pseudonyms in qualitative data.
Different methods have different consequences for data quality, and should be considered in tandem with the consent process, for example, what sort of informed consent you seek from your subjects.
To explore this topic further, consult our online Research Data Management Training course (MANTRA) and the suggested 'Further Reading' at the end of each module: