.
As per the Research Data Management Procedure, all researchers must take all reasonable steps to ensure their research data are not vulnerable to unauthorised access and stored securely.
Data Classification
When deciding on storage and access systems, it’s crucial to consider how sensitive the data is. Unauthorised disclosure of sensitive information can cause serious damage to individuals and organisations, so mitigating that risk is critical to the data management planning process and to the ethical conduct of research.
Digital Data Storage
A data storage strategy outlines where and how you’ll store your data as you work through your project. There are many things that should be considered when planning your data storage approach including access and security requirements, the level of data sensitivity, storage costs and any relevant legislation.
Having a good plan for your data storage will ensure that you can avoid:
• Data loss from human or technical error
• Data breaches, which may be malicious or accidental
• Breaching funder or legislative requirements.
• Collaborator frustration from unforeseen access issues
CDU has developed a storage guide to help students and staff identify the best places to store their research data.
Research Project Data Storage (on SharePoint)
In line with Research Data Management Planning and University research policies and procedures, ITMS offers cloud-based Research Project Data Storage to support your research projects.
Using Microsoft 365 we can offer,
When the research project has been completed, we can also assist with closing off the repository for you and ensuring that corporate records are handled carefully.
Raise a 'New Request' in LogIT to discuss your requirements.
A. HDR Students – Access LogIT from the Student Portal
1a. Access your Student Portal
2a. Go to My apps
3a. Select LogIT
B. Staff – Access LogIT from the CDU Portal
1b. Access the CDU Portal
2b. Select LogIT
4. Select I NEED SERVICES from the Service Catalogue
5. In ‘Information & Data’ select the ‘Research Project Data Storage’ box, and click on ‘New Request’
Physical Data
● Consult your supervisor about discipline and/or research group’s protocols for handling physical data.
● If feasible, digitise your physical data as soon as possible - All physical data should have a digital record linked. For example:
- Using a unique identifier (e.g. https://www.igsn.org/) for physical objects to record samples, locations and storage information digitally.
- Scanning or transcribing hardcopy data onto digital systems.
● Ensure your physical data is kept in a secure, temperature-controlled place away from windows, water pipes and dust.
Data Security
Protect data from unauthorised:
Control access to computers:
Encryption
Encryption is the process of converting data into an unreadable code. Only those with the relevant password or decryption key are able to open the encrypted file.
It is recommended to encrypt sensitive data at all times. This applies regardless of whether data are being held on local storage, on network storage, or in the cloud.
Encryption will help ensure your data cannot be accessed by others should anyone attempt to access your files, for example if your laptop or other storage device were lost or stolen.
Generally, data encrypted with some software using an encryption key or passphrase/password can only be decrypted/converted back to its original form using the same method.
Basic principles
• Applies an algorithm that makes a file unreadable
• Needs a ‘key’ of some kind (passphrase or / and file) to decrypt
Encrypting Windows computers
Microsoft Windows comes in various versions. The most professional of these "enterprises”, supports whole disk encryption.
Earlier versions of Windows (Windows 7 and Windows 8) support encryption for the professional versions but not for "home" editions.
BitLocker drive encryption should be available on CDU ITMS-managed Windows computers. If your desktop or laptop doesn't have this, contact the CDU ITMS through LogIT.
Bitlocker
Bitlocker is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers.
Bitlocker prevents:
• Offline Attack
Bitlocker prevents the type of attack where a malicious user will take the hard drive from your computer and connect it to another computer so they can harvest your data.
• LiveCD Attack
If a malicious user boots from an alternate Operating System, either from hard drive or from a removable device such as a LiveCD the disk contents cannot be read.
• End of Life Leakage
When you re-cycle or dispose of your computer, your data remains encrypted as long as you delete the encryption codes.
Bitlocker does not protect ...
It is a misconception that your password unlocks Bitlocker. Any valid user logging in to the computer decrypts the disk. To protect your computer, you have to make sure that all the users who may log in to it require passwords. Disable all guest login accounts from a BitLocker computer, otherwise hard disk encryption is of no use.
Encrypting macOS devices
CDU ITMS does not provide support and software to macOS devices.
If you conduct your research on macOS, see this Apple support article. You can create and locally store a recovery key, or from OS X 10.10.5 onwards store this key in your iCloud account.
Read more about Protecting your Mac information with encryption on the macOS user guide.
Important!
|
Recovery Mechanism
A forgotten or lost encryption passphrase or recovery key means you will permanently lose the ability to decrypt and access the encrypted data. For CDU ITMS-managed devices, recovery keys for Windows BitLocker can be managed by CDU ITMS.
For non-CDU ITMS managed and personal devices, you should store encryption passphrases and recovery keys in a secure and accessible location or service, such as 1Password. CDU ITMS can provide the licence to 1Password upon request through LogIT, provided it is supported by your line manager or a supervisor.
Passwords
• Strong passwords are crucial
• Avoid using weak or easy-to-guess passwords and reusing passwords
• Consider password managers, complex passwords or stringing words together to create stronger passwords
It is recommended to use:
• But, remember that you need to be able to remember the passwords!
Why does this matter?
No matter how good the encryption is that you used, if you use a weak password, the encryption will offer little protection.
A simple way to pick a resilient password that you can remember is to combine at least three or four random unrelated words of four letters or more. In general, the longer the password, the more secure it is.
Sensitive data
Sensitive data might include clinical or critical data, information about a person’s health or details of their private life, information relating to secret or sacred practices, or ecological data that could potentially put vulnerable species, ecosystems or environments at risk of harm or exploitation.
Sensitive data is commonly subject to legal and ethical obligations that impose restrictions on how it is accessed, used and handled. The data often can’t simply be published and made openly accessible.
But metadata records can help with sharing sensitive information, if the records describe the data without directly reporting any of the confidential information.
Publishing Sensitive Data
This ARDC flowchart asks 8 questions that will help you work out when and how to publish sensitive data as openly and ethically as possible.
The ARDC Guide to Publishing Sensitive Data outlines: