How do I keep my research data safe and secure?
The InfoSec Decision Making Tool [PPT] created by IMT is a set of multiple-choice questions. Use it to get an idea of what protections you need to apply and who can help you apply them.
IMT also produce guidance documents to help manage collaborative research, security, protection, complying with relevant legislation or user agreements, and large scale file storage.
Cloud and external storage
Data Management Plans often ask for information on how data and documentation will be backed-up to prevent loss. IMT employs a back-up strategy for files stored on institutional servers and OneDrive that you can use in your plan. If you need alternative storage arrangements, contact IMT.
When organising research, define what needs to be backed-up: data and files (original files, master files, data files, etc.) or the entire data collection.
Periodically verify files are being backed-up. Attempt to recover previous versions by creating a small text test file to save, back-up, delete, and restore from a back-up copy Backup copies can also be checked for unauthorised or unexpected change using checksum values, file size, and data fields.
Research Data Management responsibilities do not end when a project ends. Erasing digital files is not as simple as pressing the “Delete” key as digital storage devices need overwriting to ensure files cannot be recovered. Examples of free overwriting programs for erasing files are Freeraser, Securely File Shredder, or Eraser for Windows, the “Secure erase data” feature for Mac users, and “Wipe” facility on Linux platforms.
IMT is responsible for disposing LSE owned IT-related equipment. This includes desktop computers, monitors, laptops, printers, telephones, fax machines, servers and teaching room audio-visual equipment. For personal equipment, if a hard drive requires erasing then programmes like DBAN are suitable, although please note this will erase all the hard drive so only use it if looking to reformat or dispose of a machine. The ultimate secure way to dispose of sensitive digital files is physical destruction of the storage medium,
Sensitive and personal data need not only be in digital form. Physical security refers to the status of devices on which data are stored and accessed or if they are stored on paper or as physical objects.
Ensure access to rooms, cupboards, and a drawer where data is stored is controlled.
Anyone with access to disclosive data should sign a non-disclosure agreement outlining the nature of confidentiality, storage conditions, and data retention policies. This will provide formal assurance of secure data handling.
Non-digital material may require secure disposal. The minimum accepted standard for secure destruction of paper or CDs is DIN3 meaning objects are cut to two millimetre strips or 4x40mm particles. Collection and disposal of confidential waste can be arranged by contacting the LSE porters firstname.lastname@example.org.