Presentation on theme: "Protect Your Data: How to Store and Back up your Data Securely Open Access and Data Curation Team With thanks to the UKDA for allowing us to reuse and."— Presentation transcript:
Protect Your Data: How to Store and Back up your Data Securely Open Access and Data Curation Team With thanks to the UKDA for allowing us to reuse and adapt their training materials
Introductions Who are we? Who are you and why have you come here today?
Today’s Session Storing your data Backing up your data Digital and analogue (hard copy) data Ethical and legal issues
Storing your Data To consider: –How much data do I have now? –How much data am I likely to create in total? –Does the data need to be shared? –Is the data sensitive or confidential?
Group Discussion One – where do you store your data? In groups discuss where you store your data. Consider: –Why do you store your data where you do? –Could it be better stored somewhere else?
6 Data Storage 1 Where will you be working: at home; in the office; both? Will you be working collaboratively? Is the data covered by the Data Protection Act or ethics approval? U: Drive – up to 20GBs allowance. Cloud storage (but not for sensitive or confidential data). Computer hard drive. External hard drives & USB sticks. DVDs/CDs. Hard copy of documents. 6
7 Data Storage 2 File formats and physical storage media become obsolete: All digital media are fallible: optical (CD, DVD) and magnetic media (hard drive, tapes) degrade. Never assume the format will be around for ever. Storage strategy best practice At least two storage formats. Prefer open or standard formats – e.g. OpenDocument Format (ODF), comma-separated values. Some proprietary data formats such as MS Excel are likely to be accessible for a reasonable, but not unlimited, time. Maintain original copy, external local copy and external remote copy. Copy data files to new media two to five years after first created. Check data integrity of stored data files regularly (checksum e.g. FastSum). FastSum 7
8 Encryption Encrypt anything you would not send on a postcard for moving files e.g. transcripts for storing files e.g. shared areas, mobile devices Free softwares that are easy to use: Safehouse Truecrypt - http://as.exeter.ac.uk/it/regulations/infosec/encryptionforla ptops/usingtruecrypt/Truecrypt http://as.exeter.ac.uk/it/regulations/infosec/encryptionforla ptops/usingtruecrypt/ Axcrypt These softwares: encrypt hard drives, partitions, files and folders encrypt portable storage devices e.g. USB flash drives 8
9 Non-Digital Storage Confidential items, e.g. signed consent forms, interview notes Store securely, behind lock. Separate from data files. Printed materials, photographs Degradation from sunlight and acid (sweat on skin, in paper). Use high quality media for long-term storage/preservation. –e.g. using acid-free paper & boxes, non-rust paperclips (no staples). 9
Group Discussion Two – where is your data backed up? In groups discuss where and how your data is backed up. Consider: –How often do you back up? –Is your data backed up automatically? –Do you have a procedure/regular routine in place to back up your data?
12 Why Back-Up? Back-ups are additional copies that can be used to restore originals. Protect against: software failure, hardware failure, malicious attack, natural disasters e.g. University of Southampton fire It’s not backed-up unless it’s backed-up with a strategy Backing-up need not be expensive 1Tb external drive = around £50 12
13 Back-Up Strategy Know your institutional and personal back-up strategy: What’s backed-up? - all, some data? Where? - original copy, external local and remote copies What media? - CD, DVD, external hard drive, tape, etc. Use a different media to where you data is stored How often? – assess frequency and automate the process For how long is it kept? Verify and recover - never assume, regularly test a restore Make sure you know which version is the most up to date 13
Group Discussion Three – cloud storage Thinking of your research data. Could you use cloud storage to store and back up your work? If so, what are the advantages and disadvantages of using the cloud?
Ethical and Legal Issues Data Protection Act, 1998 Personal data: –Relate to living individual –Individual can be identified from those data or from those data and other information –Include any expression of opinion about the individual Processed fairly: –Justified and reasonable; not kept longer than necessary and destroyed properly –Processed in accordance with the rights of data subjects, e.g. right to be informed about how data will be used, stored, processed, transferred, destroyed, right to access info and data held Security: –Protect against unauthorised access, data loss, damage to data –Not transferred abroad without adequate protection
Data Security Protect sensitive data from: Unauthorised access, use, change, disclosure and destruction Keep personal data separate Control access to computers: passwords anti-virus and firewall protection networked vs non-networked PCs all devices: desktops, laptops, memory sticks, mobile devices all locations: work, home, travel Control physical access to buildings, rooms, cabinets 16
Long-term Storage for Personal Data Never disclose personal data - unless consent for disclosure Strategies: - Consent for the disclosure of personal data - Anonymise personal data - Access control (when anonymisation ineffective or damaging to quality) Gradation of access controls in a repository/archive: –Open Access –Metadata only – contact details for requesting data reuse, End User Licence –Dark Archive –Embargo for given time period Multiple access controls can apply to different data types within one study
New UoE Policy for PGRs on Open Access and Research Data Management Policy available herehere Implementation dates: RCUK funded PGR students: 1 st April 2013 (papers) All PGR students: 1st October 2013 (data and papers)
Useful Links Contact us: Open Access and Data Curation Team firstname.lastname@example.org UoE Code of Good Practice in the Conduct of Research Truecrypt encryption Data back-up Storage Ethical approval Data security and destruction guidance from Information SecurityInformation Security DPA Advice: email@example.com@exeter.ac.uk Information Security for Research Data - ELE moduleInformation Security for Research Data External Back-up advice from UK Data ArchiveUK Data Archive UKDA checksum exercise