Whatever research data you have, whether or not it is legally defined as sensitive or confidential (with associated legal requirements over its management), you need to keep it secure, to control access to it and keep it safe from corruption.

Issues you need to think about include:

  • Both electronic and physical security.
  • Security of both electronic and physical resources (it is wasted effort to enforce appropriate electronic security but leave physical copies of data open for others to access).
  • Prevention of accidental or malicious damage or modification to data.
  • Theft of data.
  • Who needs to access, what.
  • Appropriate access control to data resources – establishing boundaries around your data, defining who can and can’t access, what they can do with it.
  • Compliance with confidentiality, privacy and consent agreement and legislation.
  • Release of data before assurance of accuracy and authenticity, and the potential to void intellectual property claims.
  • What devices are used to store data in the short, medium and long-term.
  • How data is transferred between devices e.g. interviews captured on digital recorders in the field being transferred to University research data storage.
  • The use and security of storage devices, particularly mobile devices e.g. external hard drives and laptops, and use of appropriate encryption.

On information security issues, please refer to Information Assurance Services.

Visit the IT Help website for information on IT systems security.

Information Security
The University Information Security Policy aims to 'ensure that all information and information systems, on which the University depends, are adequately protected.'
Information Security FAQs for Research Funding
Information security awareness online training

IT Services guidance on encryption and explanation of how this relates to IT equipment. 
University Encryption policy