Guide

Guidance for researchers on data storage and security

Updated on 18 March 2024

The University provides researchers with various options for data storage, sharing and archiving.

On this page

During the life of a project you are likely to devote considerable resource to the generation of data.  There is potentially great value in the data and as such it will need to be securely stored to avoid any loss.  The University provides you with various options for data storage, sharing and archiving.

Things to consider when deciding where to store data

  • How much storage do you need?
  • How will you access it?
  • How will you share with collaborators?
  • Is it reliable - will it be backed up?
  • Is it secure?
  • Can you control which individuals have access?

Where data can be stored

All research data must be stored using secure University of Dundee IT (UoD IT) facilities. Where practical and appropriate, personal work related data can be stored on OneDrive where there is a storage limit of 100GB.  Access to the University network is also provided free of charge but storage is not limitless. Costs for storage of large volumes of data (multiple Terabytes) on University servers are available on request from UoD IT.

Contact UoD IT using Help4U 

Collection of data

  • Portable devices must have full disk encryption.
  • Unencrypted removable media (e.g. USB sticks) must not be used.
  • For confidential and highly confidential material, a University managed device is required and OneDrive or University networks can be used.

For highly confidential material (such as personally identifiable health data) - a double encryption methodology within OneDrive is recommended.  A second level of encryption then ensures that only those with the password can access the secure zipped package.

The University IT service provides advice on security advise within their guides section, you can also access instructions on encryption within Microsoft's Help section. Mandatory Information Security Awareness Training is available on My Dundee.

OneDrive should also be used to store and exchange highly confidential information such as:

  • Personally identifiable health information
  • Personally identifiable charge or conviction data
  • National Security information or
  • Equivalent highly confidential material

Providing that this information is secured using a second level of encryption and password protection. Further guidance on the security of University data, including research data, is available through the IT Service Desk at Help4U. They will forward your query to the Information Governance Office or the LLC Research & Resources Division.

Transporting and transferring files using OneDrive

OneDrive may be used for sharing confidential information, provided that the following conditions are met:

  1. University managed devices are used.
  2. Files should be labelled "Confidential".
  3. Folders in OneDrive are configured appropriately.  That means:
    • It is appropriate for anyone with access to a folder to see the information it contains
    • That the level of that access is set correctly (i.e. use Viewer role to enable access to view information rather than Editor or Owner).
    • That the people with access to the folder have been cross checked (i.e. that you have given access to the correct 'Joan Smith' by examining the unique email address). For guidance on the use of OneDrive with specific data types please contact Dr Richard Parsons, Acting Data Protection Officer

For advice on using OneDrive, please see Digital and Technology Services or contact UoD IT.

Accessing material from OneDrive

  • Whenever possible, information must be viewed in originating systems and not downloaded.  Where information is downloaded it should be accessed, stored and/or transmitted in a secure manner.
  • Data should not be accessed in public places where information can be viewed by others.
  • Data must not be accessed from or sent to non-University systems or services (personal email accounts, cloud storage products etc.).
  • Duplicate copies of confidential information must be avoided as far as possible.

Data security in the cloud

The OneDrive file storage system provided by the University of Dundee is ISO 27001 is compliant - should it be required (in a grant application) you may request the registration certificate number from discovery@dundee.ac.uk

Security-sensitive research

Processes are currently being developed for approval of security-sensitive research. If your research falls within this category please contact the Convener of UREC for advice.

Guidance on processes and facilities for storage of security-sensitive data can be obtained from the LLC by emailing discovery@dundee.ac.uk

How to share your data

The University uses Discovery (Pure) as a data catalogue/repository and so you can deposit your data with us if need to when you are ready to publish or archive your data.