Keeping working data safe

We all know it's important to make sure that data is stored safely. In practical terms, this means selecting a suitable storage location, with an appropriate level of security, and robust back up.

If you are working as part of a team, you'll also need to think about how to provide each person with the data access they need. Certain types of data may also have additional requirements: for example, personal data will need to be handled in accordance with the relevant legislation (see the Ethical and legal issues section for more on this topic).

This section offers some guidance about storing your live data, how to manage data when working collaboratively, and how to keep your data secure and backed up.

It's also important to think about what will happen to your data after the end of your project. This is covered in the separate Post-project data preservation section.

Expand All

All your research data needs to be appropriately stored during each phase of your project. This section lists some of the main storage options available at Oxford.

Local data storage provision

Data storage in Oxford is frequently provided at the departmental level. Many departments have storage on their own servers available for use by individual researchers or research groups. For information about what's available within your unit, consult your local IT support staff.

In some cases, provision is at the divisional level. For example, the Medical Sciences Division offers a range of document and file storage and data services for their members.

If local storage which meets your needs is available, it's generally a good choice: security, backup, and sharing data with collaborators will often be taken care of for you, and local IT staff have a wealth of experience and expertise in working with researchers in their area.

Centrally provided services

Centrally provided services are designed to comply with the University's security requirements.

OneDrive for Business

OneDrive for Business is a file storage service offered as part of the University's Nexus365 service. It allows you to store, share and synchronise data. Each user is allocated 100GB of space. It is a useful data storage solution to consider because it offers free, secure storage that can be easily accessed from anywhere. Data can be shared with anyone (internal or external to the University): guidelines are provided for doing this safely. The solution is approved by the University for use with all types of data, including confidential data. However, in a few cases, funders may have specific requirements (such as mandating that data is stored on servers located on University premises) which make Nexus365 services such as OneDrive for Business unsuitable.

OneDrive for Business is different from personal OneDrive accounts. Personal accounts are not covered by the specific terms and conditions that the University has negotiated with Microsoft, and thus are generally not recommended for storing research data.

It's important to be aware that a OneDrive for Business account is associated with a specific set of SSO credentials. Anything stored in that account will be deleted shortly after the account holder leaves the University, so some advance planning is needed to avoid data loss when this happens. The data could be transferred to another user's OneDrive for Business account, or be copied and stored elsewhere.

Microsoft Teams

Microsoft Teams is also part of the University Nexus365 service. Teams is primarily used for communication (including text chat and video conferencing) and collaboration within a team, department or project, but can also be used to store material, and to share it within or beyond the University.

SharePoint Online

SharePoint Online is a further Nexus365 service. It allows groups of users to edit and manage documents securely. Divisions, colleges and departments should have their own site collection from which individual sites are created and managed. SharePoint can be particularly useful for sharing material that is being worked on collaboratively during a project.

Research File Service

The Research File Service (RFS) provides a reliable, resilient, secure, and scalable University-approved central storage facility for active research data. Storage is offered via SMB (network drive), across the University network or through VPN from outside the University. As of spring 2024, access via a web interface is also available. Up to 20TB of storage space per project can be requested.

RFS can be used to share data with Oxford colleagues and (via the web interface) external collaborators. The service is suitable for public and internal (non-confidential) files.

LabArchives electronic lab notebook service

LabArchives offers an electronic alternative to paper lab notebooks. The service can also be used to store research data alongside experimental records and other research materials. LabArchives is a secure, flexible, web-based system, and is available free of charge to all Oxford researchers, including graduate students. Notebooks can be shared with colleagues within the University and beyond.

Sustainable Digital Scholarship service

The Sustainable Digital Scholarship service (SDS) provides a Figshare-based platform for storing, working with, and publishing research data. While it is chiefly intended for material which will ultimately be made public, the platform can also be used for creating, collecting, and editing data during the active phase of a research project. The service launched in the Humanities Division, but is available to researchers across the University. Charges may apply for some categories of project.

Infrastructure Chargeable Services

For larger projects, the Infrastructure Chargeable Services team at IT Services offers managed server space for a fee.

Private devices

If you opt to use private storage (e.g. personally owned devices, or equipment bought using a research project's budget), it will be your responsibility to ensure that data is stored in an appropriate manner and complies with all relevant security requirements.

In general, it is not good practice to rely heavily on storage media such as USB sticks and portable hard drives. This type of device can be useful for very short-term storage or for transferring files which don't need to be kept particularly secure, but they are not a robust long-term solution, as they can easily be lost or damaged.

If you do need to use portable storage, you should put in place working practices which transfer data from the portable device to a secure location as quickly as possible. If the material stored includes personal data, or information that is confidential or otherwise sensitive, you should always use encryption. You can encrypt individual files or folders or the hardware (e.g. laptop, hard drive, USB key, or mobile phone) on which the data is kept: see the section on data security below for more details.

Commercial cloud storage

Commercial cloud storage can often seem like a tempting prospect: it can be convenient and cost effective. However, there are reasons to be wary. This type of storage frequently fails to meet the University's security requirements, and may not be fully GDPR compliant, making it unsuitable for use with personal data.

As a general rule, if you are contemplating using an external service to store any data which you wouldn't be happy to make publicly available on the web, you should seek further advice. The University's Information Security team has a Third Party Security Assessment process which can help establish whether a particular service is suitable for storing research data.

Need help deciding?

If you're uncertain which storage solution is best for your project, you can contact Research Data Oxford to discuss your needs.

For information about what to do with your data after your project ends, please see the Post-project data preservation section.

When data is worked on collaboratively by a project team, it should be stored in a central location that can be accessed by everyone for example, a shared drive, departmental server, or a SharePoint Online site. Ad hoc solutions such as emailing files to colleagues can lead to problems: it's all too easy for people to end up working on the wrong version of the data, or to make incompatible changes. Additionally, unless encryption is used (see below for more details), email is not regarded as a secure communication method.

Many of the University-provided storage solutions described above are good options for collaboration.

IT Services provides further information about these and other collaborative tools.

The level of security needed will depend on the type of data involved. Security measures may be applied in a number of different ways:

  • To specific files - e.g. by password protection
  • To whole devices - e.g. by encryption
  • To areas where data is stored - e.g. by physical security such as locked door

Our colleagues at InfoSec have some useful advice on how to secure your research informationyour computer, and your mobile device.

Some types of data require special protection. In particular, there are legal requirements covering the storage and processing of personal data (that is, data about identifiable living human beings). There may be additional ethical requirements - ensuring that any promises made to research participants are kept, for example. See the Ethical and legal issues section for more on this topic.

Encryption of portable devices used to store research data (such as laptops and tablets) is good practice and essential when working with personal or otherwise sensitive data. Recent versions of Windows and Mac OS both come with built-in encryption software (BitLocker and FileVault respectively). You should ask your local IT support for help in setting this up and backing up the encryption key. If your device offers a remote wipe feature, you may also wish to set this up, so that you can erase sensitive data if the device is lost or stolen.

Single or small collections of files can be protected using free tools such as 7-Zip (Windows) and Keka (MacOS). This is especially useful if it is necessary to transfer data via email.

It's worth remembering that the weakest point of a security system is often its users. However strong your security protocols, they won't be effective if they aren't applied consistently, and even the strongest password can be rendered useless if it is carelessly stored or shared.

For further advice, see the Information Security website, and the Data Protection and Research pages on the Research Support website.

It is vital to have a system in place for regularly backing up data, to avoid the risk of loss through accidental deletion, hardware failure, or theft or damage of equipment.

  • Backup copies of data should be kept in different locations. Making a second copy of your files is of limited value if it's then stored alongside the primary copy, where the same thief or fire might easily deprive you of both.
  • If at all possible, the backup process should be automated. This removes the risk of forgetting, or simply not getting round to it because you're busy with other things.

If you're working with personal data, or material that's otherwise confidential or sensitive, it's important to ensure that your backup copies have adequate security. Many of the same considerations apply here as to storage of the primary copy of your data.

HFS is Oxford's central backup service, and is available free of charge to all University staff and postgraduate students. It uses the Code42 cloud-based service, which can be set to make automatic backups of desktop and laptop machines.

A separate HFS backup service also exists for servers and other multi-user systems. If your data is stored on a departmental server, it may be automatically backed up to HFS without you needing to do anything. You can check this by asking local IT support staff.

Centrally provided data storage solutions such as the Nexus365 services, LabArchives, and the Sustainable Digital Scholarship service also offer automatic backup, and their web-based nature means that if your laptop hard drive fails, or your device is stolen, your files will nevertheless be preserved and remain accessible. However, this does not guard against accidental deletion or other human error (and if you are using a service like OneDrive to synchronise your own machine with the cloud, any changes made in one place will also affect the other copies). It is thus wise to familiarise yourself with the version history functionality of your chosen solution, so you know how feasible it is to revert back to an earlier revision, or to restore a deleted file. Some systems, such as LabArchives, are designed to keep a robust record of all changes; others may only allow you to access one or two previous versions, and there may be a time limit for retrieving deleted material before it is lost forever. If being able to roll back your data to a previous point is important, you may wish to consider taking a snapshot of it at intervals, and retaining this until you are certain that version is no longer needed.