Research data can be vulnerable to unauthorized access, file corruption, or data loss if not treated appropriately when using, saving, or sharing files. Identifying technical solutions and processes that will be used to secure your data files is an important component of planning for data management.
Back up data
Important data should never only exist on a single disk or a single computer at any one time. Computer hard drives can and do fail, and mobile devices can be lost or stolen.
Make sure to have adequate back ups, with three copies stored in two different locations.
- one local working copy (e.g. your laptop or workstation)
- one external copy local to SFU (e.g. SFU OneDrive or other local storage)
- one extra copy elsewhere (e.g. external disk drive)
Be cautious when using cloud services. While being able to easily share files with collaborators and having the contents of a single folder automatically replicated are very useful features and researchers frequently use them, ethical standards and current privacy legislation will not allow data involving human subjects to be stored in most cloud services such as Dropbox or Google Drive. Doing so may expose you or your research to other liabilities.
Levels of risk and implications for security
If your research involves human participants, there are four levels of risk for your data: low, medium, high, and extreme risk. These are described in Part 2: Human Participant Research Data Risk Matrix of the Sensitive Data Toolkit developed by the Digital Research Alliance of Canada. The level of risk involved will determine what safeguards you should put in place to secure your data.
Low risk: All storage devices, file sharing, and cloud services are allowed, including both public and institutional cloud services.
Medium risk: Identifiable data should be stored on password-protected devices, in appropriate secure locations. If data need to be accessible through the internet, they should be encrypted. Public cloud services should not be used, unless no other options exist. If they are used, files and access should be password-protected and encrypted. Private cloud services, as supported by the research institution and/or assessed as being secure, may be used.
High risk: All data should be stored on password-protected encrypted devices, in appropriate secure locations. If data need to be accessible through the internet, they should be encrypted. Public cloud services are strictly prohibited. Private cloud services, as supported by the research institution and/or assessed as being secure may be used, if approved by the REB.
Extreme risk: All data shall be stored on a centralized, stand-alone computer or site that is both password protected and encrypted, in appropriate secure locations.
In each case, back up your data in a way that is consistent with the associated risk level.
Encrypt data
Encryption strategies can provide extra security for confidential or sensitive data. In general, encryption means that files are saved in a "scrambled" state and are only readable to users with the correct password or credentials. It is important to maintain any credentials or encryption keys separately from the data itself. If the encryption key is lost, the data will be inaccessible.
Local encryption can protect unauthorized access to data if the physical copy is lost or stolen. Some options are:
- BitLocker for Windows computers, which can be enabled in the Settings menu. This can encrypt disk volumes and USB devices.
- FileVault for Mac OS, which is usually enabled by default.
Most forms of data transfer (such as email) do not include encryption at all points. This means that it is possible to intercept the transmission and access the data being transferred. Even messaging apps that advertise end-to-end encryption may still collect metadata or require that both parties enable encryption.
For more information, see the UK Data Services recommendations for encryption.
Additional resources
File formats for your research data
Help ensure long-term accessibility to your research data by making informed file format decisions.
Safeguard your data
Developed by a joint Government of Canada-Universities Working Group, this portal provides a number of resources for assisting in assessing and securing your research data