Safeguarding Research Data

Restricted vs. Unrestricted Data

Unrestricted / Open Data:

These are data that may be made freely available to anyone, anywhere and/or at any time.  E.g., thoroughly anonymized data and/or data which have been assessed as posing no risk of harm if made openly available. 
 

• Ensure these data files are clearly labelled and documented, e.g., in a ReadMe file that includes the rationale for making the data openly available.
  
   
  • At the outset of your project identify the project member(s) who will be responsible for determining that the data are eligible to be made openly available and how they will make this determination - e.g., the specific assessment process that will be followed.  
     
  • Also include this information in your DMP (data management plan), e.g., in the sections on roles and responsibilities and ethics & compliance. 

Restricted Data:
 

These are data that cannot be shared in their present form, at the present time, or possibly ever at all - such as unredacted personal information, data under a publishing embargo, proprietary research and/or data covered by a non-disclosure agreement.
 

• You'll need to ensure that all your restricted data are clearly labelled, encrypted, and that you have the means to prevent unauthorized users from accessing them.  For more information see below.
   
• Make sure to document the rationale for your data access restrictions in your project planning documents and DMP.

Access Restriction Strategies

Strategies include:
 

• Determining who on the research team is permitted to access your data, e.g., can your RAs have access?  Make sure your rationale for this is clearly articulated and that everyone on the team is familiar with any restrictions.
   
  • Only sharing files with to need-to-know team-members.
     
  • If you need to share files with external research partners it's best to create a Teams group for your project, which will allow all authorized group members to share files seamlessly within Teams.  For more information see the Managing Data with Colleagues page in this guide.
    
     
• Limiting cloud-storage to institutional/enterprise options only, e.g., the Douglas College version of Teams, OneDrive or Sharepoint rather than personal accounts.
  
   
• Securing hard copies/hardware in a locked room and/or locked, fire-proof cabinet that only authorized key holders may access. 
  
   
• Ensuring that restricted data files are not saved on a device that is shared with unauthorized users.
  
   
• Encrypting external storage devices and storing them in locations that unauthorized users cannot access.
  
   
• Using only the most secure file-transferring options available - e.g., that guarantee end-to-end encryption.  Email is not a secure file-transferring medium.
  
   
  • The most secure way to transfer digital files off of mobile devices such as phones, cameras, recorders is to use the device cable (rather than Wifi) and save them directly to your preferred workspace on the College OneDrive, Teams or Sharepoint platform.
    
    
  • If you need to transfer your files to an external data repository, Globus is the platform utilized by Canada's Federated Research Data Repository (FRDR).  Globus offers a free, basic account to researchers at post-secondary institutions. 

Data Encryption Options

If you are using a College laptop or desktop your files are automatically encrypted.  The same is true if you save your files to our enterprise accounts for SharePoint, OneDrive and/or Teams.  Ensure that any external research partners are committed to storing/safeguarding your shared data in accordance with the legal and institutional requirements that apply to you as a Douglas College employee.
 

If you are using your personal device to save your files: you can encrypt your entire device or specific files, whichever makes the most sense for your project. Once encrypted, the only way to access your device or files is by entering the correct password. 
 

• If you lose or forget your password you'll permanently lose access to your data, so consider how and where you might securely store a copy of your password for emergency purposes.

Alternatively you can map OneDrive to your local device and save your files in OneDrive instead.
 

• How to set up One Drive so that it’s mapped to your local computer:
   
  1. Instructions: https://www.businessinsider.com/guides/tech/how-to-add-onedrive-to-file-explorer
  2. YouTube Video: https://www.youtube.com/watch?v=QaUwIkOhdaE

Encryption Software options:
 

• You can encrypt files, folders and external storage drives/devices using the data protection features built into your operating system - e.g.,  BitLocker for Windows or FileVault for Mac OS.
   
• There are also many commercial encryption software services on the market.  Tech magazines like PC Mag or Tech Radar have annual "Best of" lists where you can compare the costs and features of their recommendations.

Note, College-issued laptops and desktop computers automatically encrypt your files and password protect access so it’s preferable to use them rather than personal devices.  However, sometimes it’s more convenient or practical to use a personal device – particularly mobile devices such as smart phones, tablets or digital cameras/recorders.
 

Security Protocols

When using personal mobile devices, users are required to adhere to the same security protocols that apply to using College-issued mobile devices, which include but are not limited to:
 

• setting your device to timeout after a maximum of 5 minutes of inactivity
• fully encrypting the device
• setting a password of 4 or more characters and
• programming it to wipe itself automatically after 10 failed password attempts.
   

For the full list of requirements, see the Mobile Device Security Standard on the Information Security page in DC Connect.