Storing and backing up Data

During the research project you will need to store your research data so that it is secure and backed up regularly, but at the same time easily accessible to those who are authorised to do so.

Data storage during your research project
Research Store

The University’s Research Data Management Policy asks for all live research data to be stored on the University’s networked storage facilities, and it recommends the use of SHU Research Store (Q:\Research). There is no cap on the amount of storage a specific research project can use. Data will be backed up automatically to several locations on a daily basis, and are securely kept for a period of 90 days. The Research Store (Q:\Research) is conveniently accessible from wherever and whenever required, and access can be granted to students and third parties when required. It is therefore ideal for master copies of your research data.

Personal, confidential or sensitive data requires a storage solution that is compliant with the Data Protection Act and the University’s Data Protection Policy Statement. The Research Store (Q:\Research) can be used for these types of data under the condition that access permissions have been set up appropriately for a limited number of users. It is important to periodically review these access permissions, for example to reflect staff changes.

For more information on Q:\Research, see SHU Research Store.

Options

Generally there are four options for data storage:

  • Networked drives.
    You can store all kinds of information on your personal F: drive or the N: drive which is shared with members of staff. However, storage is limited and files on the N: drive cannot be shared with others than members of staff. Access to the Research Store (Q:\Research) can be granted to students and third parties when required.
  • Local drives on your PC or laptop.
    Data can be lost because local drives can fail, or the computer may be lost or stolen — and, unless the information on them is encrypted, could be used by other people. Local drives may be convenient for short-term storage and data processing but they should normally not be relied upon for storing master copies.
  • Cloud-based storage.
    The University has no control over cloud-based storage such as Dropbox and the company hosting your data will have access to all the material. Depending on their terms and conditions, they may also have the rights to use or publish the information in any way they choose — and their levels of security may not meet the level expected by members of staff and may not be backed up on a regular basis.The University does have an agreement with Google which allows staff to use a version of Google drive through their University log in details. This has different type of agreement from the personal versions of Google drive and keeps the copyright with the University, but is still not as secure as using the SHU Research Store. Please refer to the University’s Cloud Storage Policy if you are considering this option.

    Cloud storage solutions for personal, confidential and sensitive information — such as Dropbox and Google Drive — is not permitted, but exceptions may be made only if they meet the requirements of the University’s Electronic Data Encryption Policy and if they are agreed by local management and documented.

  • External portable storage devices.
    External hard drives, USB drives, DVDs and CDs may be very convenient, cheap and portable, but they are not recommended for long-term storage. These types of portable storage can easily be lost, damaged or stolen — and, unless the information on them is encrypted, could be used by other people. They should never be used for unencrypted sensitive data.
Backing-up your research data
Ideally, backing-up happens automatically and to several locations. If you are using the SHU Research Store, all files are automatically backed up every night. Two copies of each daily backup are kept on two separate locations, which means they are secure and protected by firewalls and access permissions. Each backup will be kept for 90 days. They can be restored on request if deleted by mistake or if older versions of the files need to be recovered. The SHU Research Store is therefore a good place for the master copy of your data.

The 3-2-1-rule is a simple way to remember best practice for backing up.

3. Keep 3 copies of important files (a primary and two backups)
2. on 2 different media types (such as CDs, hard drives, memory sticks and online storage)
1. with 1 copy being stored offsite (or online)

Security
Data security is needed to prevent unauthorised access to data, which may lead to disclosure of personal or sensitive data, or to changes to data or even their destruction. The principle investigator is responsible for ensuring data security.

Personal, confidential or sensitive data

Personal, confidential or sensitive data need higher levels of security than other data. In those cases, it is important that the storage solution you choose is compliant with the Data Protection Act and the University’s Data Protection Policy Statement. The University has a Guidance Note on Data Protection and Research (staff only) and guidance on the use of personal data by students.

Portable devices

Storage on portable devices and transferring personal information from one medium to another (for example via email) needs to be done with special care. If research data needs to be stored temporarily on portable devices such as laptops, tablets, phones, CDs and USB sticks, the researcher must ensure that this is done securely and that they comply with the University’sElectronic Data Encryption Policy. DTS publish Data Encryption Guidance (staff only).

Transferring

Transferring any personal, confidential and sensitive information also requires encryption. When sending these data via email, the email needs to be encrypted. When sending data via a USB stick, an encrypted USB stick should be used — FIPS 140-2 compliant USB sticks (conforming to normal encryption requirements) are available through the DTS self-service portal. Data can also be sent and received securely using the SHU ZendTo service.

SHU policies and guidance