How to securely store and manage data

• Encrypt the data and the folders: Encryption involves encoding digital information so that only authorized individuals can view it. This is particularly valuable when transmitting personal or sensitive data. Encrypting a file converts its contents into a jumble of meaningless code. To revert this code into understandable information, a decryption key is necessary. Therefore, it is crucial not to misplace the decryption key for your files.
• Use passwords to protect individual files or folders: Typically, strong passwords should be lengthy, ideally 15 characters or more. One effective method is to construct them from four randomly selected and modified words, such as “C.rr3ctHorseBatteryStaple”. The University of Edinburgh has compiled some guidance on how to choose a strong password.
• Store data securely: Store data on servers that have up-to-date firewall protection, security-related upgrades and patches to operating systems to avoid viruses, trojans and malicious codes. Store personal data on computers that are not connected to another external network, particularly servers that host internet services. Store non-digital data in lockable cabinets and dispose of them in designated containers.
• Control and limit access: Only grant access to the data (e.g. with “read only” or with passwords) to those members of the research team who do need access. Make sure to keep access regulations up-to-date in case someone leaves the team. For non-digital objects, make sure to control access to the (lockable) cabinets, e.g. with keys or key cards.
• Dispose securely of data you no longer need: Part of managing your data involves considering secure methods to dispose of information you no longer need. Simply pressing the “delete” button on your computer or mobile device is not sufficient. In reality, even actions like formatting the hard drive or performing a factory reset may leave fragments of information behind. To ensure secure disposal of your data, you can either physically destroy the storage medium or utilize software designed for secure erasure.
• Put guidelines and policies in place: Create policies for the research team to ensure measures for strong password protection, encryption, secure data transmission, transport and disposal are in place. Also, create awareness and communicate policies and regulations at regular intervals ensuring that everyone is aware of potential risks at all times. If members of the team have access to personal or sensitive data, use non-disclosure agreements.

Other measures to protect sensitive and personal data

• Do not send personal or sensitive data via email. This should be encrypted and sent via a secure medium, such as SWITCHfilesender.
• Do not use Google Drive, OneDrive or Dropbox to share sensitive or personal data.

Trusted research environments (such as BioMedIT) allow researchers to access, process and store sensitive data securely within an encrypted and encapsulated data space. They fulfill the technical requirements that data protection laws prescribe. This topic was discussed by two experts on data security in a CLARIN-CH webinar - the recording and the slides can be accessed here:

Resources

• CESSDA Data Management Expert Guide: Chapter 4
  
• UK Data Service: Encryption and Security
  The UK Data Service (2017c) has compiled information on encryption and offers short video tutorials demonstrating the use of different software tools to encrypt data.