• Why manage your data?
• Data Management Planning
• Data Backup and Security
  • Data Backup
  • Data Security
• Data Sharing and Archive
• Training, Advice & Support

Data Security

Academic research often results in the creation of sensitive data. At the very least you may wish to control who has access to your research data, prior to peer review or publication, for example, and be able to determine, and keep track of, what others are authorised to do with your data.

Research data may also be of a type where you are legally or contractually obliged to keep it safe and confidential. For example, raw data may contain information about persons, with concomitant responsibilities under the Data Protection Act. Certain types of data may be commercially sensitive or be protected by intellectual property agreements.

Depending on the nature of the responsibilities associated with your data there are a range of solutions you may consider in order to mitigate the risks of inadvertently losing, exposing or compromising your research data.

The University's Policy on the Security of Information provides an overall policy for ensuring the security of information and data. Within a devolved University responsibility for implementing parts of the policy is devolved to individuals, including individual researchers.

In general, maintaining data security usually includes consideration of:

• the available skills and expertise required to ensure an adequate level of data security;
• a risk assessment to determine the value of data, the level of confidentiality required, applicable statutory requirements, the impact of unauthorised access to, or loss of, the data, and the steps required to provide appropriate data protection.
• the prevention of unauthorised and malicious access to buildings and rooms where computers and other devices holding data may be housed.
• how access to data is managed, authorised and logged.
• how data is protected from loss or damage, for example by regular backups, implementing version control and installing anti-malware software.
• the means to access data from both within Oxford and from outside the Oxford network; and the transmission of data from one computer to another (e.g. via email, ftp, Web server).
• the storage and encryption of data taken offsite (whether, for example, on an external drive, laptop, mobile device).
• the process to verify the deletion of confidential data (for example, when equipment is re-deployed or in line with a project's exit strategy)

• Back to top
• Recommend this page