Data storage and security while my research project is taking place

While your project is taking place, you’ll need to store your research data securely and protected from loss, unlawful or unethical access.

If you are collecting personal data then please read the previous section first.

If you are interested in archiving your data after your project has completed, then please see  Openly sharing and preservation of research data after my research project has finished.

Digital storage

You have a number of options for storing your ‘live’ research data during your project. The aim is to find a flexible solution, which best fits your requirements.

To help with this, and to keep your Service Delivery Manager informed of new project data storage requirements, please access and complete a Research Data Enquiry form.

(Please note, in the rare instances where research involves the handling and storage of illegal material, you must read the Handling Illegal Material advisory (Information Security Advisories, under section 1: Governance) before proceeding and contact servicedesk@port.ac.uk in the first instance.)

Staff and students have several options:

1. Google Team Drive:

Google Team Drive is easy to access off-campus and is useful when working with external collaborators. (Please note - you must only use the a Google Team Drive associated with your official UoP account.)

Capacity: 20GB. If you are expecting to use/need more than 20GB please contact your Faculty Service Delivery Manager for more information.

Where appropriate the University recommends the use of Google Team Drives for research data storage. External options, such as Dropbox, should only be considered in exceptional circumstances - if you think this is the case please contact IS Service Desk; a Privacy Impact Assessment may be required if personal data is involved.

However, before choosing the Google Team Drive, there are three things that you need to be aware of:-

So although Google Team Drive is an extremely useful tool, there may be some specific circumstances where it not may not be practical and you will need to contact your Service Delivery Manager (below) for an alternative.

The steps below explain how to set up and configure a Google Team Drive. If you have any questions, please contact servicedesk@port.ac.uk.

Step 1: Create your Team Drive

To set up a Google Team Drive, please follow these instructions.

Step 2: Set up access permissions

You must restrict access to just the project team and monitor who has access. Please follow these instructions.

We are conscious that if the members of a project team leave the university there will no longer be an active data steward, with the possibility of a Project Team Drive being difficult to access. We recommend that all Research Google Team Drives have ownership shared with researchdata@port.ac.uk. This purely to ensure that a monitored University account is always connected to the project data. The content will not be viewed unless specifically requested. For example when a Principal Investigator or Project Lead leaves the University.

Step 3 (optional, but recommended): Set up Google Drive File Stream

It is recommended that you also use the ‘add-on’, Google Drive File Stream. Using Google Drive File Stream allows you to stream files from your Google Team Drive, as opposed to manually downloading/uploading files each time you need to work on them. Or in other words, this allows your Google Team Drive to appear as another drive on your computer, much like the K drive.

It also allows you to choose to have a file or folder offline, so you can have access even when not connected to the network (for example when travelling, etc). This downloads a copy to your computer, so you do need to be mindful of the space that this will take up.

To set up Google Drive File Stream, please follow these instructions. Alternatively you can contact IS Service Desk (servicedesk@port.ac.uk) and request it to be installed on your PC.

Step 4: Storage of personal data on Google Drive

If your project involves personal data (or any other data deemed to be sensitive or confidential), it is a legal requirement that you must store the data in a manner that meets the requirements of the General Data Protection Regulation (GDPR).

In order to do this, it is the PI’s responsibility (or supervisor in the case of student projects) to ensure that the Google Team Drive is configured in the following way. Please contact servicedesk@port.ac.uk if you have any queries:

BitLocker: Start-> Control Panel->BitLocker Drive Encryption->...follow instructions.

BitLocker To Go (for encrypting portable devices) on the same page.

FileVault: instructions (Gizmodo blog)

 

 2. Folder on your department K drive (staff only):

Capacity: 1GB

Advantage:

If you are storing files that contain personal data, then you may find the K drive slightly easier work with than a Google Team Drive. This is because the access and sharing permissions are set up for you by IS and centrally controlled. However, IS are also available to help you set up your Google Team Drive, so this isn't a major issue.

Disadvantages:

If your project involves personal data (or any other data deemed to be sensitive or confidential), you must put further precautions in place when using the K drive:

3. Folder on your department N drive (students only):

Capacity: 20GB

Advantage:

If you are storing files that contain personal data, then you may find the N drive slightly easier work with than a Google Drive. This is because the access and sharing permissions are set up for you by IS and centrally controlled. However, IS are also available to help you set up your Google Drive, so this isn't a major issue.

Disadvantage:

It’s harder (but still possible) to access off campus (instructions).

(Staff should not use their N drive to store research data as it creates issues for sharing data with other team members and issues when members of staff leave.)

Please contact your Service Delivery Manager (SDM) if the storage options listed above do not meet your needs. They will be able to advise you on the most suitable storage solution for your research project. Please ensure that your Head of Department (or supervisor if you’re a PhD student) has agreed that your project can take place before contacting your SDM. Also, please be aware that there maybe a cost involved if you require a very large amount of storage.

As noted at the top of this section please access and complete a Research Data Enquiry form. 

Contact details for the Service Delivery Managers:

Faculty of Science - stuart.graves@port.ac.uk

Faculty of Humanities and Social Science - nancy.jefferies@port.ac.uk

Faculty of Technology - barrie.miles@port.ac.uk

Faculty of Business and Law - robert.cox@port.ac.uk

Faculty of Creative and Cultural Industries - les.black@port.ac.uk

USB sticks, external hard drives and similar

The use of unencrypted portable devices (e.g. laptops, memory sticks, portable hard drives, DVDs) to store any data (including personal data), even for temporary storage, is not permitted for staff or students. Although staff and students can purchased encrypted devices, if an encrypted device fails then the data will be irretrievably lost. Therefore, the use of encrypted portable devices (e.g. external hard drives, USB sticks) should only be used for temporary storage when absolutely necessary (e.g. during fieldwork) and the data must be transferred to network storage/Google Team Drive at the earliest opportunity. 

Transferring personal data via email

If you follow the instructions above for storing personal (and personal sensitive) data, then you shouldn't need to send personal (or personal sensitive data) via email. However, if you must send personal data by email, then you MUST send the data as an encrypted attachment (i.e. not in the email text itself). Please review the Information Security advisory on 'Transferring Restricted Data by Email' (Section 4, Information). Seek advice from Information Services if you are not fully confident with the process and obtain the approval of management, beforehand. Encryption utilities are built into the Microsoft Office products or the Axcrypt encryption software is available on the University network. The UK Data Service has further information on encryption in general.

Paper records

All paper records which contain personal data, including consent forms, must also be stored securely. In reality, this means storing the paper records in a lockable filing cabinet. When dealing with sensitive personal data, the filing cabinet must not be unlocked until the data is required, and the data returned as soon as it is not needed. Sensitive personal data must not be left unattended on a desk. Only those members of the project team who have permission and need to access the sensitive personal data should be given physical access to the filing cabinet.