Improper research data management practices can lead to significant security risks. The types of risk encompass various areas of seriousness, including breaches of confidentiality, integrity, privacy, legality, and human risk.
It's imperative for researchers to:
Know your research data: what it is, and where it's located
Maintain an inventory of your data (and keep it up-to-date)
Record details of who owns the data created by the research
Be aware of the location in which the research data is held (eg repository, personal device etc)
Record the back-up details: the parties responsible for data back-up; the location where backed-up data is held; the back-up frequency
Be vigilant about matters of confidentiality
Be alert to ethical requirements regarding the collection, storage and disclosure of personal and confidential information
When in doubt, seek expert advice to ensure that proper procedures for protecting personal identifying information and confidentiality are met
Understand the expectations placed on researchers
Various parties (including your own institution) will have input and expectations surrounding your research processes.
Pay attention to their expectations, and be prepared. Avoid uncertainty by seeking advice when in doubt
Research data security: whose job is it?
Roles and responsibilities for research data management can be held across an institution
Take steps to identify "who does what" in the RDM space
You will find people capable of offering help and advice on a range of RDM matters
You may find Research Office staff; Institutional Repository and Library staff; and ICT people all playing unique roles in RDM processes
Source: Educause, 2017, "Top information security concerns for researchers", https://www.educause.edu/focus-areas-and-initiatives/policy-and-security/cybersecurity-program/resources/information-security-guide/toolkits/top-information-security-concerns-for-researchers
Managing confidential and other sensitive information: The researcher's role is ...
Which categories of research data carry obligations of confidentiality, or other sensitivities?
To which aspects of research data management do these obligations relate?
Source: These statements are derived directly from the NHMRC publication "Management of Data and Information in Research: A guide supporting the Australian Code for the Responsible Conduct of Research. 2019, National Health and Medical Research Council, Australian Research Council and Universities Australia. Commonwealth of Australia, Canberra"
All material presented in this NHMRC publication is provided under a Creative Commons Attribution 4.0 International licence (www.creativecommons.org.au)
Investigate and implement adequate steps to secure your data against loss
Source: ACU RDM Toolkits
Consider appropriate locations for storing original data and backups.
Source: Sewell, C 2020, The No-Nonsense Guide to Research Support and Scholarly Communication, Facet Publishing, UK
Considerations for storing non-digital data
Ensure that the conditions under which the material is stored will not impact its durability
Check that your proposed storage area is climate-stable, structurally sound, and physically appropriate ie free of damp, fire risk, insect pests etc
Devise, document and communicate a system for securing and accessing the material by those who are authorised: include matters of security (eg keys, passwords); rules surrounding removal of materials; and check-out/check-in procedures
Decide who is responsible for authorising access to the non-digital data by others. Work out the process, and communicate it.
Decide who is responsible for documenting, organising, labelling, storing, maintaining, and checking the non-digital data.