Skip to main content
It looks like you're using Internet Explorer 11 or older. This website works best with modern browsers such as the latest versions of Chrome, Firefox, Safari, and Edge. If you continue with this browser, you may see unexpected results.

Research Data Management

Data storage and backup

During the research project, you need to consider issues concerning secure data storage, backup, and transferal. Opening, publishing, and preserving data after your research project is described in Data sharing and preservation

Data security is one way of implementing data protection. Among other things, data security refers to organisational and technical measures to ensure the confidentiality and integrity of data, usability of systems and the rights of data subjects.

It is essential to consider data security issues, especially if your data are sensitive and confidential. 

The following questions need to be considered during this stage:

To store and backup data safely: 

  • Use data storage services provided and maintained by Hanken, including the researchers' own account on the Hanken network like H:\, Microsoft Office365 applications (e.g., Onedrive for Business), Webropol, or SPSS.
    • If you do not have a plan for data archival after the research project, this solution is suitable. 
  • Or store your research data in IDA, a Fairdata service for both data storage and data archival. The Fairdata services are offered by the Finnish Ministry of Education and Culture and produced by CSC – IT Centre for Science.
  • Unless you have entered into a Data Processing Agreement (DPA) with another system/service provider, you must not use other than Hanken-provided systems, for example, Dropbox, Google Docs, publicly-available Onedrive (for consumers), or other survey platforms than Webropol.
  • In addition to Hanken's computers and data storage and sharing systems, you can use your own personal computer and hardware (e.g., internal/external hard drives) to store and process data in the short term.
    • However, do NOT use, even on your own computer, such data storage that is connected to or backed-up on Internet clouds (e.g., iCloud, Google Docs, DropBox), but only use local hard drives and data folders that are not backed up in Internet services/clouds.
    • Ensure that the data on your personal computer is properly protected, by keeping the computer updated with security patches and ensuring secure configurations.
    • When using memory sticks or external hard drives, make sure that you erase securely personal data stored on your memory sticks and on your USB disks immediately after use, according to your data management plan. You can also encrypt the data on memory sticks and external hard drives by using, for example, zip applications or Office365.

To transfer and obtain data from data provider or to share data with a research team member or supervisor

  • Use OneDrive storage space in your Hanken-provided account for sharing files and collaborating with others. Use the “Specific people”-option to ensure data access control. See the following section on Instructions on sharing files and collaborating with others at Hanken to ensure data security.
  • If you save and store your data in IDA by CSC, use the safe data transfer and sharing measures offered by IDA. See 1.8 I want to share my research data, what should I do? in FAQ of the Fairdata services by CSC. 
  • You can use physical memory sticks or external hard drives, in cases where you or the other party do not have access to Hanken's data sharing systems (e.g., OneDrive for Business).
  • Note that you should NOT ever send or share data by an ordinary, non-secured email, or use non-Hanken-provided systems (e.g., DropBox, GoogleDocs, OneDrive for Consumers).

If you work with sensitive personal data or confidential data (e,g., politically sensitive information or trade secrets):

  • Be sure that your storage is safe enough for the data.
  • You can use SD Connect or ePouta IaaS Cloud, CSC-maintained infrastructure for the storage of sensitive research data.
  • Do NOT use cloud storage due to its insufficient data protection.
  • Do NOT use external hard drives as the main storing option.
  • Protect the data with encryption. If needed, particularly mobile devices, portable and external storage devices should be encrypted for use, e.g., by using Cryptomaror.
  • Data with direct identifiers, contact information, sensitive personal data, and confidential data should not be sent between research team members by email – not even Hanken’s email system.
  • Please be in contact with the Data Protection Officer of Hanken (dpo@hanken.fi) if you are unsure about data protection.

Instructions on sharing files and collaborating with others at Hanken to ensure data security

Hanken's Instructions on sharing files and collaborating with others to ensure data security:

  • Our “Instructions for handling and storing data and documents on different information security levels” on the page of Information Management at Hanken state that you can’t store documents with a security level in other cloud services than your own OneDrive. This means that you must use OneDrive storage space in your Hanken-provided account when sharing files and collaborating with others. You should demand that other participants in your project collaborate in your OneDrive instead of other cloud providers.

  • Care must be taken when enabling sharing of files. The objective of these instructions is to help you avoid data leakages and ensure that files are shared with the right persons.
  • The recommended way to share files is to use the “Specific people” -option. This requires you to enter the e-mail addresses of the authorized users. They need to log into to the OneDrive portal to access the files. Check with the recipients if they already use OneDrive, perhaps using a different mail address than they use with you. In that case it’s recommended to share the files to the address they already use on OneDrive.
  • The option “Anyone with the link” is the most flexible option, but also riskier as you lack control over who’s got access. This kind of sharing is always time-limited by Hanken's policy. The link expires no later than one year after creation, but it is recommended that you set an earlier expiration date if your project is shorter. Note that the links created when sharing files in this way are confidential and should be shared with care. It must be stressed that recipients aren’t allowed to forward the links to others without your explicit permission.
  • All sharing options allows you to select if the material shall be editable by the other parties. Consider this and enable the option only if needed.
  • Note that it may be hard to tell what’s shared and what’s not. Group similar files together and share the folder rather than individual files. This makes it much easier for you to manage sharing and avoid accidental sharing of files.
  • You should check regularly what you share. The easiest way is to log in to OneDrive on the web (through office.com or the OneDrive systray icon menu on your Windows computer). Select Shared > Shared by you in the left-side menu. Go through the list and delete shares that are no longer needed. It’s especially important to do this when projects end or after organizational changes.

Access control

Consider the following questions about access control of your data:

  • There should be a list of users and all rights granted, and a procedure for withdrawing rights.
    • Who is responsible for controlling access to the data?
    • How will the access control be carried out? Is there an IT solution e.g., password protection, usage logs, or some physical solution (file cabinet) in use?
    • Who in the research group has access to the data? And to which data?
    • What are they authorized to do with the data?
    • Why has each access right (editing, watching, deleting) been awarded?
  • How will data usage be monitored during the study?
  • Describe how information security and the risks for sensitive data have been taken into account. Will sensitive data be stored in an encrypted form? Access control should always be in line with the level of confidentiality involved. 

Data erasure

Will your data of some part of the data be destroyed? Personal data that are no longer needed to conduct the research should be disposed as soon as possible. Storage limitation reduces risks related to personal data processing. It is important to permanently destroy any data that includes personal, sensitive or confidential data after their storage is no longer necessary. 

See Data disposal by the Finnish Social Science Data Archive (FSD).

BSc/MSc/eMBA students ought to delete the data no later than 12 months after the thesis is submitted unless you plan to store, reuse or share your data for academic purposes other than completing your thesis/assignment (e.g., for a scientific publication).

  • When deleting your data, it is not enough to just delete the files. Save your files to OneDrive and use the delete feature. Remember to empty the trash as well.
  • Data in Webropol will be erased by the Computer Centre shortly after the student's user-id is inactivated.