We all want to keep our data safe and secure, but there are several aspects to this which you should consider to have confidence that your data is as safe as it can be.
Quick links within this section:
- Where to store data and how to share data with collaborators
- What to do with non-digital data and practice-based research data
- What to do with personal data and commercially sensitive data
- How to organise your data files
- How to describe your data (creating metadata)
- How to choose secure online tools for surveys, interviews, and websites
To mitigate against file loss and corruption, you should store your data in the University’s managed cloud environment. You may need to take additional security precautions if you are working with personally or commercially sensitive data. To ensure the short-term and long-term usability of your data, you should also organise your data and document and describe your data as you go along.
Before you begin to create or collect data, you must also take account of any agreements you have with study participants, project partners, and collaborators. You may be under legal and/or contractual obligations to protect the data.
On this page, you’ll find guidance on working with third-party data, data security questionnaires, collaboration agreements, and gaining informed consent for research.
Finding and using third party data
It is always a good idea when starting out on a project to check whether any existing data are relevant to your research questions.
If you find third party data you would like to use, you will need to understand and abide by the licence terms under which the data are made available, and you must acknowledge the authors of the data. You can find information on understanding licences on our Libguides licenses page, and you can find template examples of data citations on our data access statements page.
Read more about finding third party datasets on the Research and Knowledge Exchange blog.
Data security questionnaires and DSAs
A number of funding bodies and organisations, such as the Office for National Statistics, require that data security questionnaires and Data Sharing Agreements (DSAa) are completed for the projects that they fund.
The Information Compliance Team (E: [email protected]) can advise on technical aspects of data security for these questionnaires.
To get a Data Sharing Agreement or research contract signed off, email [email protected]
You can also read our guidance on working with special licence and secure lab data at home on the Research & Knowledge Exchange Office blog.
Obtaining valid consent
Under the terms of the Data Protection Act 2018, which incorporates the General Data Protection Regulation (GDPR 2018), individuals have rights over the data that relate to them: what the data are used for, with whom they are shared, and for how long they are retained. It is vital, therefore, that before working with human participants in a study, you obtain valid consent from them for what you intend to do with the data. Valid consent is needed even if the study participant is not disclosing personally-identifiable information. If you are collecting or using research data about individuals, you should also read the University’s guidance on personal data protection and consult the section on ‘valid consent’ in the University’s Code of Practice Governing the Ethical Conduct of Research.
It is best practice to ask for consent to retain and share openly an anonymised version of the dataset at the end of your research project, with an indication of how the data will be anonymised. You can further guidance on anonymisation on our webpage restricting access to data.
For more information, see the UK Data Service's guidance on obtaining consent.
Collaboration agreements
When more than one organisation collaborates on a project, the shared understanding of how the project will be conducted is set down in a collaboration agreement. If you are an investigator on the project, you should ensure that the collaboration agreement addresses the basis on which research data will be stored, accessed, retained, and published. The following are typical of the issues you should address:
1) Intellectual property
- Who holds the rights to data collected by the project?
- If the data will have multiple rights holders, how will those rights be administered during and after the project?
- Will published data be released under a common licence (which one?), or will licensing be decided case-by-case (and by whom)?
- On what terms will data owned by one partner be shared with other partners?
2) Information classification
- What classes of data will be considered commercially sensitive or otherwise confidential?
- Under what terms might third parties be granted access to those data? Could the archived data be shared with other researchers subject to a non-disclosure agreement? Would access be restricted on the basis of purpose; for example, granting access only for the purposes of peer review or validation?
Every effort should be made to ensure that publicly funded research involving third parties is planned and executed in such a way that published findings can be scrutinised and, if necessary, validated by others. You can find further guidance and solutions on our webpage restricting access to data.
For more information about setting up collaboration agreements and other research-related agreements and contracts, please get in touch with the Contracts Partner at [email protected].
More information
Research at Westminster is managed and conducted within a framework of policy, regulation and good practice. You should familiarise yourself with the relevant guidance on our research governance and research ethics pages, where you will also find the University’s Code of practice governing the ethical conduct of research.
You can find more guidance on backing-up your data and setting secure passwords on our working safely online pages.
Contact Us
For further guidance and support, contact the Research Data Management Officer at [email protected]