4. Data storage, backup and sharing during a research project

Information security is the systematic safeguarding of information in a manner that keeps the information available while preventing it from falling into the wrong hands. Another key concept in managing research data is data protection, which refers to the protection of personal data. Data security can be seen as one mean of implementing data protection, as stated on the data protection commissioner’s (ombudsman) website. 

In addition to protecting personal and sensitive data, taking care of data security protects the intellectual property rights of research data (e.g. copyright and patent rights), prevents their misuse and minimises the risks of data loss or damage. Every researcher should be aware of their own organisation’s guidelines for data storage and data security. The instructions of the University of Eastern Finland can be found on the internal Heimo website (requires UEF login): 

• Research data management during the research (instructions maintained by UEF’s research IT services) 
• Information protection and processing instructions (the website also links to UEF’s data protection instructions) 

The appropriate storage solution depends on the characteristics of the data: size, type, and the sensitivity or confidentiality of the data. Sensitive and confidential data require more secure storage solutions than data containing public information. At UEF, data is classified by three protection levels (high protection level, base protection level, and public information) which define where the material can be stored and how it must be protected.  

The required amount of storage space increases with the amount of data produced. When choosing storage space, it is also important to consider who needs access to the data and what they may do with it.   

Backing up files protects against the loss of data and thus forms an essential part of research data management.  Although the university’s systems regularly create automatic backups, the researcher themself is responsible for the materials, not the IT department or organization. It is therefore important to plan backups in advance, in particular when making significant edits to the data. 

Storing research data can be difficult if the data have to be moved between different locations, collaborators or within research groups. If several researchers are involved, create a plan with your collaborators to ensure you have a safe method for transferring data between the parties. If personal data or otherwise sensitive data is transferred, it is particularly important to ensure that the transfer is secure and confidential. 

Transferring large files can also be problematic. It is advisable to contact your organisation’s IT services in these situations. The UEF instructions mentioned in the previous section (storage and backup) contain information about the organisation’s storage services, which may also be used with external partners. 

Here are some practical tips for transferring sensitive data: 

• If you use e-mail for transfer, use secure e-mail or send the data as an encrypted attachment 
• Make sure that only the designated recipients gain access to the data 
• Personal data may be transferred to EU and EEA member countries with the same principles as within Finland, but with international partners, the specific regulations of each country concerning the processing of personal data, sensitive personal data or other sensitive data must be ensured. 

File formats and software (Data Management Guidelines, Finnish Social  Science Data Archive)