Safe storage of your working data and regular backups are essential during your research project.
- Backup refers to creating additional copies of your ‘live’ or ‘working’ data. Backing up your data is essential to avoid the risk of losing data through accidental deletion, hard-drive failure, or theft or damage of equipment. Files stored on your desktop are not automatically backed up.
- For Oxford researchers, one of the best options is to make use of the University’s HFS, which will create multiple backup copies – see below for more information.
- Data storage refers to where and how you keep your data. It involves both:
- Selecting appropriate file formats (for example, deciding between options such as plain text, rich text, or proprietary formats such as Microsoft Excel)
- Selecting appropriate media for physical storage of data (for example, hard-drives, CD-Roms, networked storage and servers, etc.)
- Security refers to keeping your data safe. This means both:
- Ensuring that data are not lost, and that they are kept free from corruption.
- Controlling access to your data as appropriate – ensuring that no one who shouldn’t be able to see your data can. This may be achieved in a variety of ways, including physical security (e.g. storing data in a locked room), password protection of files, and encryption.
Below are some questions you may wish to consider – and resources and tools which may help.
Questions to consider
What backup and storage options are available to me at the University?
Data storage in Oxford is usually provided at the departmental level. Ask your departmental IT Officer if they have any server space that you or your research group could use. Failing that, the Infrastructure Chargeable Services team at IT Services offer managed server space for a fee.
Some of the tools and services provided by the University for researchers include space for data and document storage. The Nexus SharePoint service, for instance, provides 25 GB, and OneDrive for Business, provided as part of the Nexus365 suite of tools, gives University members 5TB of storage space.
IT Services provides a University-wide, centrally-funded, backup and long-term file storage service for staff and postgraduate students – known as the HFS (Hierarchical File Server). It provides an automated backup service for personal computers and servers alike. Find out more on the HFS website.
The University is furthermore undertaking a project to scope and provide dedicated storage for research data. Further details will appear on this site in due course.
What encryption options are available to me at the University?
Where possible it is recommended researchers protect the whole hard drive of a device – especially if it is portable. Some operating systems offer built-in whole disc encryption solutions: for example, BitLocker for Windows 10 (unfortunately not available in the Home edition) and FileVault for MacOS. The safe retention and handling of passwords is of course essential and backup is provided by both companies as part of their online account management.
Where single or small groups of files need to be protected free tools such as 7-Zip (Windows) and Keka (MacOS) can be used to compress and password-protect files and folders. This is especially useful for movement of data via email. Extensive advice on the secure use of email is available on the University of Oxford InfoSec site.
How do I register with the HFS backup service? How much data can I back up?
For further details about HFS, see the FAQs.
What storage media and file formats should I choose?
The answer to this will vary depending on the type and quantity of data. If departmental storage is available to you, this is often a good option, as backup and maintenance may be taken care of automatically (though it’s always worth checking the details of what’s being offered). In general, it is good practice to avoid relying heavily on storage media that can easily be lost or damaged, such as USB sticks.
In some cases, file formats will be dictated by the software you use to store and analyse your data. But if you’re using proprietary software, it’s worth considering whether you can also store a copy of your data in a more open format (that is, one that can be read by a wider range of software packages – common examples are plain text files and .csv (comma separated value) files). Software companies sometimes go bankrupt, or stop making a particular package, and you don’t want to find that your data is locked into a format that’s no longer easily readable. Additionally, if you’re planning to share your data later on, it makes sense to have it in a format that’s as useful to as many people as possible.
What do I need to bear in mind if I’m working with sensitive or confidential data?
- Academic research often results in the creation of sensitive data. At the very least you may wish to control who has access to your research data, prior to peer review or publication, for example, and be able to determine, and keep track of, what others are authorised to do with your data.
- Research data may also be of a type where you are legally or contractually obliged to keep it safe and confidential. For example, raw data may contain information about persons, with concomitant responsibilities under the Data Protection Act. Certain types of data may be commercially sensitive or be protected by intellectual property agreements.
- Depending on the nature of the responsibilities associated with your data there are a range of solutions you may consider in order to mitigate the risks of inadvertently losing, exposing or compromising your research data.
- The University’s Information Security Policy provides an overall policy for ensuring the security of information and data. Within a devolved University responsibility for implementing parts of the policy lies with individual researchers. In general, maintaining data security usually includes consideration of:
- the available skills and expertise required to ensure an adequate level of data security;
- a risk assessment to determine the value of data, the level of confidentiality required, applicable statutory requirements, the impact of unauthorised access to, or loss of, the data, and the steps required to provide appropriate data protection.
- the prevention of unauthorised and malicious access to buildings and rooms where computers and other devices holding data may be housed.
- how access to data is managed, authorised and logged.
- how data is protected from loss or damage, for example by regular backups, implementing version control and installing anti-malware software.
- the means to access data from both within Oxford and from outside the Oxford network; and the transmission of data from one computer to another (e.g. via email, ftp, Web server).
- the storage and encryption of data taken offsite (whether, for example, on an external drive, laptop, mobile device).
- the process to verify the deletion of confidential data (for example, when equipment is re-deployed or in line with a project’s exit strategy)
The University’s Information Security website provides general advice about keeping data secure.
What’s the best way to keep track of different versions of my data?
There are various ways of doing this, and the important thing is to select a method that’s appropriate for the type of data you’re working with.
If your data is fairly straightforward, it may be sufficient simply to add a version number to the file name when a new version of the dataset is created. For more complex projects – especially those with multiple collaborators – you may wish to explore a system such as Nexus Sharepoint, or specialist file management software.
If you’re working with non-sensitive data, a file syncing service (such as Dropbox, or one of the many other similar services) can help ensure you always have the most recent version of a file. Some syncing services also have a built-in versioning feature, which will keep copies of recent versions of a file. For sensitive data (and particularly personal data), however, cloud-hosted services such as these may be unsuitable, both because of general security concerns, and because stricter legal requirements apply for data stored outside the European Economic Area.