Storing Data Safely and Securely
By j.houghton, on 14 February 2020
At UCL there are a range of options to support managing research data safely and securely. Here’s an overview of resources and services available.
General Purpose Data Storage
You should always make sure all your data is stored with services managed by UCL IT services, as this will ensure material is automatically backed up and will be recoverable in the event of an IT failure. Never be tempted to rely on personal cloud storage accounts for keeping research data safe!
- All staff and students have access to an N drive, up to 100GB storage and fully backed up. Accidently deleted files can be retrieved for up to 90 days.
- The shared S (“shared”) drive is used for enabling staff to share, save and modify files and is backed up like the N Drive.
- RDSS – Research Data Storage service – is a shared space designed specifically for very large data volumes, in the terabyte range. It’s free for the first 5TB and costed for each 5TB beyond that.
Where to store sensitive data?
Using encryption or user access control can be used to store sensitive data on the S drive or RDSS. But if you are working with identifiable data which is restricted by GDPR or the Data Protection Act (2018) then then you should apply for an account on the UCL Data Safe Haven. This highly secure service conforms to the ISO 27001, which in practical terms means it is an appropriate environment for handling health and social care data. But you will need to register a project with Information Governance before applying for an account. This service offers integration with software like REDCap for securely harvesting information.
If you want to work with highly sensitive information, such as criminal records data, then you could consider the Jill Dando Institute Research Laboratory, but be prepared to undergo stringent vetting and training processes first.
But I need a less severe option!
If dedicated highly secure services seem excessive for your purposes, there are ways of sending, receiving and managing data that is somewhat sensitive requiring a level of security, while avoiding lengthy approval processes for the more secure services. The UCL dropbox service (not be confused with commercial dropbox!) allows for sending and receiving files, although sensitive data should be encrypted when using this service. Files remain online for 10 days before being automatically removed, so they are not left lying around to be vulnerable to hacking.
Travelling with data
If you need to travel and take data with you on a device for a conference, field work or visiting collaborators consider some practical precautions first. Always make sure there is a backup of anything on the device, obviously. If you need to transport sensitive data then be sure to use encryption and read our advice on this before you travel.
Archiving and sharing data securely?
If you produce data and want to share it with other researchers at the end of the project but want to restrict the access to avoid misuse, consider the UK Data Archive. They are able to offer a range of options such as different levels of controlled access for different files. You can also access the service with a UCL login, so no need to create a new account.
If you ever have any questions about data management contact the Research Data Support Team for advice and guidance:
Telephone: +44 (0) 20 7679 2095 (internal 32095); +44(0) 20 7679 2614 (internal 32614)