Skip to Main Content

Research Data Management

Data security and data storage, backup, and transfers

During the research project, you need to consider issues concerning secure data storage, backup, and transfers. Opening, publishing, archiving and preserving data after your research project is described in Data publishing and preservation

Data security is one way of implementing data protection. Among other things, data security refers to organisational and technical measures to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and to protect the rights and freedoms of the data subjects. It is essential to consider data security issues, especially if you work with personal data, special categories of personal data, or confidential data. 

The following questions need to be considered during this stage:

  • Where will your data be stored and backed up?
  • Who will be responsible for backup and recovery?
  • If there are other researchers involved, make a plan with your partners and ensure safe data transfers between research partners. 

More detailed information on where and how to store, backup, and transfer data during research, see 5. Ensure secure data storage, backup, and transfers in the Guidelines and procedures of personal data processing in research and studies at Hanken.

Instructions on sharing files and collaborating with others to ensure data security

Hanken's Instructions on sharing files and collaborating with others to ensure data security:

  • The “Instructions for handling and storing data and documents on different information security levels” on the page of Information Management at Hanken state that you cannot store documents with a security level in other cloud services than your own OneDrive. This means that you shall use OneDrive storage space in your Hanken-provided account when sharing files and collaborating with others. You should demand that your research partners in your project collaborate with you in your OneDrive instead of other cloud providers.

  • Care must be taken when enabling sharing of files. The objective of these instructions is to help you avoid data leakages and ensure that files are shared with the right persons.
  • The recommended way to share files is to use the “Specific people” -option. This requires you to enter the e-mail addresses of the authorized users. They need to log into to the OneDrive portal to access the files. Check with the recipients if they already use OneDrive, perhaps using a different mail address than the one with which they communicate with you. In that case, it’s recommended to share the files to the email address they already use on OneDrive.
  • The option “Anyone with the link” is the most flexible option, but also riskier as you lack control over who has got access. This kind of sharing should always be time-limited according to Hanken's data security policy. The link expires no later than one year after creation, but it is recommended that you set an earlier expiration date if your project is shorter. Note that the links created when sharing files in this way are confidential and should be shared with care. It must be stressed that recipients are not allowed to forward the links to others without your explicit permission.
  • All sharing options allows you to select if the material can be editable by the other parties. Consider this and enable the option only if needed.
  • Note that it may be hard to tell what is shared and what is not. Group similar files together in a folder and share the folder rather than individual files. This makes it much easier for you to manage sharing and avoid accidental sharing of files.
  • You should check regularly what you share. The easiest way is to log in to OneDrive on the web (through office.com or the OneDrive systray icon menu on your Windows computer). Select Shared > Shared by you in the left-side menu. Go through the list and delete shares that are no longer needed. It is especially important to do this when the project ends or after organizational changes.

Access control

Consider the following questions about access control of your data:

  • There should be a list of users and all rights granted, and a procedure for withdrawing rights.
    • Who is responsible for controlling access to the data?
    • How will the access control be carried out? Is there an IT solution e.g., password protection, usage logs, or some physical solution (file cabinet) in use?
    • Who in the research group has access to the data? And to which data?
    • What are they authorized to do with the data?
    • Why has each access right (editing, watching, deleting) been granted?
  • How will data usage be monitored during the study?
  • Describe how information security and the risks for (sensitive) personal data or confidential data have been taken into account. Will sensitive personal data or confidential data be stored in an encrypted form? Access control should always be in line with the level of confidentiality involved.