Handling data during your research

Storing and sharing of data refers to the dynamic phase of the project. As soon as your research data sets are stable and static you should archive the data for long-term preservation.

All collected research data, including related materials such as protocols, models or questionnaires, must be stored in facilities offered by the UT (LISA), which are ISO 27001- and NEN 7510-certified. See UT research data management policy.

Use the local drive of your laptop or computer only for work copies of your data files as data on these media may be lost in case of malfunctioning or because the device is lost or stolen. The local drive must, if possible, be encrypted to prevent data breach (see the special UT Data Breach webpage).

The decision tree "How to handle with research data" is a tool to find the best solution for storing, sharing, transferring or collaborating on research data, during the research.

Especially when research data are to be considered as confidential, for instance in case of personal or sensitive information, data security is needed.

You can find more information about security measures in research on the UT cyber safety webpage.

Data breach

Data breach in research refers to the loss or theft of, or unauthorized access to personal or confidential data. More specifically it is linked to personal data breach in the framework of GDPR. In case of a personal data breach you must report this within 72 hours (see the special UT Data Breach webpage).

You should pay attention to preventing data breach, regardless the confidentiality of the data, as it may have a negative impact on the research itself, privacy and reputation of involved persons or organizations and the safety of individuals and society.

Encryption

When you use devices for work copies of data, it is wise to encrypt the device, folder or file with sensitive data to prevent data leaks occurring in the event of loss or theft. When encrypting a single file, there is a high probability of errors or that an application leaves (parts of) the file unencrypted on your hard disk. The best way is to encrypt the entire hard disk or USB stick.

You can find more (practical) information on the Encryption-webpage.

When working with personal data (data on identified or identifiable natural living persons) you need to comply with the General Data Protection Regulation (GDPR), in Dutch: the Algemene Verordening Gegevensbescherming (AVG).

Find more about handling of personal data in research at the UT cyber safety webpage.

Pseudonymization and anonymization

When you are processing personal data in your research you need to pseudonymize them. As soon as the purpose of the collection of the data has been fulfilled, mostly by the end of the project, in most cases you must anonymize the data.

In short, pseudonymization is a method to substitute identifiable data with a reversible, consistent value. This value is usually kept in a key file, in which the pseudonymized data is linked to the personal data. Be aware that the key file must be stored on a secure and persistent location, such as an encrypted storage device placed in a safe or on the Project and Organization drive of your research group with controlled access.

The purpose of pseudonymization is to protect the privacy of research participants from the onset, during the collection of data. For more information see this report from the National Coordination Point Research Data Management (LCRDM).

Anonymization is the destruction of the identifiable data or the removal of private or confidential information from raw data. You can find a list of anonymization tools here.