Research Data Management: Data storage and backup

Here during the research project, you need to consider storing and backing up your data. Opening, publishing, and preserving data after your research project will be described in the next section Data sharing and preservation (i.e., opening data and long-term preservation).

The following questions need to be considered during this stage :

• Where will your data be stored and backed up?
• Who will be responsible for backup and recovery?
• If there are other researchers involved, make a plan with your partners and ensure safe data transfer between participants.

Data storage services:

• Use data storage services provided and maintained by Hanken, including the researchers' own account on the Hanken network like H:\, Microsoft Office365 applications (e.g., Onedrive for Business), Webropol, or SPSS.
  • If you do not have a plan for long-term preservation of your data after the research project, this solution is suitable. 
• Unless you have entered into a Data Protection Agreement (DPA) with another system/service provider, you must not use other than Hanken-provided systems, for example, Dropbox, Google Docs, publicly-available Onedrive (for consumers), other survey platforms than Webropol.
• In addition to Hanken's computers and data storage and sharing systems, you can use your own personal computer and hardware (e.g., internal/external hard drives) to store and process data in the short term.
  • However, do NOT use, even on your own computer, such data storage that is connected to or backed-up on Internet clouds (e.g., iCloud, Google Docs, DropBox), but only use local hard drives and data folders that are not backed up in Internet services/clouds.
  • Also, ensure that the data on your personal computer is properly protected, by keeping the computer updated with security patches and ensuring secure configurations as described in the Data security guides for student and staff on the right.
  • When using memory sticks or external hard drives, make sure that you erase securely personal data stored on your memory sticks and on your USB disks immediately after use, according to your data management plan. You can also encrypt the data on memory sticks and external hard drives by using, for example, zip applications or Office365.
• To obtain data from data provider and to share data with a research team member or supervisor, you can use physical memory sticks or external hard drives, in cases where you or the other party do not have access to Hanken's data sharing systems (e.g. OneDrive for Business).
  • Note that you should NOT ever send or share data by an ordinary, non-secured email, or use non-Hanken-provided systems (e.g., DropBox, GoogleDocs, OneDrive for Consumers).

• Other data storage services include:

  • Storage and preservation services provided by CSC: https://research.csc.fi/storage.
  • Research data archive of the Finnish Social Science Data Archive (FSD) and their catalogue Aila. You can contact them directly on their service address asiakaspalvelu.fsd@uta.fi for further assistance.
  • Fairdata IDA Storage Service. You can apply for access to IDA electronically.
  • Zenodo.

If you work with, for example, personal data, politically sensitive information or trade secrets:

• Be sure that your storage is safe enough for the data.
• Do NOT use cloud storage due to its insufficient data protection.
• Protect the data with encryption. If needed, particularly mobile devices, portable and external storage devices should be encrypted for use, e.g., using Cryptomaror.
• Do NOT use external hard drives as the main storing option.
• Please be in contact with the Data Protection Officer of Hanken dpo@hanken.fi if you are unsure about data protection.

Will your data of some part of the data be destroyed? More information, see Data disposal by the Finnish Social Science Data Archive (FSD).

BSc/MSc/eMBA students ought to delete the data no later than 12 months after the thesis is submitted unless you plan to store, reuse or share your data for academic purposes other than completing your thesis/assignment (e.g., for a scientific publication).

• When deleting your data, it is not enough to just delete the files. Save your files to OneDrive and use the delete feature. Remember to empty the trash as well.
• Data in Webropol will be erased by the Computer Centre shortly after the student's user-id is inactivated.

Data security is one way of implementing data protection. It is intended to secure data and systems. Among other things, data security refers to organisational and technical measures to ensure the confidentiality and integrity of data, usability of systems and the rights of data subjects.

Policy for sharing files and collaborating with others at Hanken to ensure data security:

• Our “Instruction for handling and storing data and documents on different information security levels” states that you can’t store documents with a security level in other cloud services than your own OneDrive. This means that you must use OneDrive storage space in your Hanken-provided account when sharing files and collaborating with others. You should demand that other participants in your project collaborate in your OneDrive instead of other cloud providers.

• Care must be taken when enabling sharing of files. The objective of this policy is to help you avoid data leakages and ensure that files are shared with the right persons.

• The recommended way to share files is to use the “Specific people” -option. This requires you to enter the e-mail addresses of the authorized users. They need to be logged in to the OneDrive portal to access the files. Check with the recipients if they already use OneDrive, perhaps using a different mail address than they use with you. In that case it’s recommended to share the files to the address they already use on OneDrive.

• The option “Anyone with the link” is the most flexible option, but also riskier as you lack control over who’s got access. This kind of sharing is always time limited by Hanken policy. The link expires no later than one year after creation, but it is recommended that you set an earlier expiration date if your project is shorter. Note that the links created when sharing files in this way are confidential and should be shared with care. It must be stressed that recipients aren’t allowed to forward the links to others without your explicit permission.

• All sharing options allows you to select if the material shall be editable by the other parties. Consider this and enable the option only if needed.

• Note that it may be hard to tell what’s shared and what’s not. Group similar files together and share the folder rather than individual files. This makes it much easier for you to manage sharing and avoid accidental sharing of files.

• You should check regularly what you share. The easiest way is to log in to OneDrive on the web (through office.com or the OneDrive systray icon menu on your Windows computer). Select “Shared” in the left-side menu, and “Shared by you”. Go through the list and delete shares that are no longer needed. It’s especially important to do this when projects end or after organizational changes.

In addition, it is essential to consider data security issues, especially if your data is sensitive. Consider the following questions about access control of your data:

• There should be a list of users and all rights granted, and a procedure for withdrawing rights.
  • Who is responsible for controlling access to the data?
  • How will the access control be carried out? Is there an IT solution (e.g., password protection, usage logs, or some physical solution (file cabinet) in use?
  • Who in the research group has access to the data? And to which data?
  • What are they authorized to do with the data?
  • Why has each access right (editing, watching, deleting) been awarded?
• How will data usage be monitored during the study?
• Describe how information security and the risks from sensitive data have been taken into account. Will sensitive data be stored in an encrypted form? Access control should always be in line with the level of confidentiality involved.