Access

Authorised access 

Whether you research alone or collaborate in a project group, it is important that you can access and work with the research data. You want to be able to gain access as easily as possible. At the same time, you want to make sure that the data and your work isn't at risk of being lost, and that the data are protected from unauthorised access.

Questions concerning data security are central to all projects that involve large or sensitive data materials. It's important to be aware of which guidelines and technical solutions that your HEI employs. For example: How do you collaborate on data in a project with participants from several HEIs? Are there technical solutions that offer capabilities for accessing a shared storage area with data files? Are they accessible to all project members? (See also the section on agreements with other stakeholders.)

It is also vital that you have routines for utilising the solutions you choose for the project. If routines and workflows are too complicated or too time-consuming, chances are that they will be ignored by the project members, at the risk of data loss and faulty analyses. (See also Data errors and Well-organised data.) A data management plan can be of assistance, but it cannot prevent that steps are skipped or postponed if a workflow is too complicated.

Protection from unauthorised access

While it is important to make sure that the right people have access to the data, it is equally important to protect the data from unauthorised access. An access method that is convenient for everyone who needs access to the data material may not be secure enough to protect the material from unauthorised persons. You need to know which information classification level that the data have and the guidelines in your HEI for how to manage information of that classification level. Data which contain sensitive information (e.g. personal data, military secrets, or information about biologically sensitive locations) require higher protection than less sensitive data. Regardless of the sensitivity of the contents, you are responsible for making sure that the data are sufficiently protected to prevent unintentional or unauthorised access. (You can read more about data security in Protect the data.)

Be extra careful when you use cloud services that are operated by a commercial actor. A service like Dropbox or Google Drive may be convenient and cheap, but you have no control over who has access to the data, and often no guarantee that the data are backed-up or can be restored or returned to you if the corporation decides to close the service, or if it goes bankrupt. Before you decide to trust a commercial cloud service, you need to investigate whether it complies with the guidelines in your HEI and carefully read the user agreement, to make sure that you don’t put the data material at risk. (Note: This also applies to software that stores data on the software corporation's servers.)

E-mail and USB drives may also be non-secure ways of granting access to data, depending on what they contain. There is always a risk that the material goes astray and that versions of the data fall into the wrong hands.

Choosing an accessibility solution

It’s possible that IT Services in your HEI may not have a solution that suits your data material. In some cases, the best solution may exist in another organisation, but sometimes your HEI needs to set up a separate system for your project, or procure necessary software. If you consult with IT Services when you are writing the application for research funding, you can make sure to budget for any costs involved.

A secure solution may not be the most simple solution. If sufficient security requires a very complex workflow, a consequence may be that project members don’t do what they are supposed to do (such is human nature). So when you plan for how to achieve the best combination of accessibility and security, you should consult with colleagues in your HEI or your network to hear about which solutions have worked for them. For many data types there are no standardised solutions and best practices to protect the material, while still keeping it accessible to all relevant parties in a project. If that is the case for you, you need to find a reasonable compromise in dialogue with IT Services and legal support.