Data storage and security

When planning a project you should consider where you will store the data generated.  Safe storage of your working / active data and regular backups are essential during your research project.  When planning your project you should take into account:

  • the amount and kind of storage you will need over the lifetime of the project
  • access to the data for you and your collaborators
  • who is responsible for the storage and back-up
  • data security
  • any funder or partner requirements

Where to store your research data:  the R: drive

The University has provided a managed network drive for research, the R: drive, which will provide data security (users are authenticated against HW active directory), replication in separate data centres (on and off campus), automated backup and file recovery.  This networked storage offers “filesystem snapshots” as the main back-up approach. Snapshots preserve a view of the filesystem and all data in it at a given point in time. Data can be recovered from the snapshots through different mechanisms. On Windows, for example, by using “volume shadow copy” along with the “previous versions” option.

Space on the research drive can be allocated to research groups or to individuals. Please contact IShelp to discuss your data storage requirements as soon possible in the project planning process.  Ideally this will be when you are creating or updating your research data management plan.

Researchers also have access to Heriot-Watt-managed secure, shared file stores which can also be used for short-term storage of working research data.

Many funders now require that primary research data and research evidence generated as part of a project should be accessible to others for reasonable periods after the completion of the research, or must be published/shared as part of the research paper publication process.   If you wish to or are required by your funder to share the research data generated during your project,  there are a number of options available to you.  Please see the Sharing your data page.

Insecure storage

Research data must be securely stored and backed-up. The University is liable for breaches of data security, which may result in fines, legal action or loss of grant and contract funding.   The following should not be used to store the only copy of research data:

PCs  and laptops (eg the C: drive) and external or portable storage devices

It is strongly recommended not to use personal devices and drives to store HWU work or research files. They can be lost or stolen, and are not routinely backed up.

Advice on backing up your data and data security is available from ISHelp or from Heritage and Govenance

Consider encrypting sensitive or confidential data.   Confidential, sensitive or critical data should not be stored on private third party cloud services like YouSendit, personal (i.e. not the University) OneDrive, ICloud, Google Drive.

Advice on backing up your data and data security is available from ISHelp or from Heritage and Govenance

Collaborative and remote working

All HWU staff with an Office 365 account have access to HWU OneDrive. Your OneDrive gives you 100 GB of storage space in the cloud.

OneDrive is useful for current pieces of work – particularly files where you are collaborating with individuals or groups both within and out with the University.  It should not be regarded as the sole place to securely store research data. This solution is strongly advised, in preference to third-party services, such as Dropbox since data stored on your HWU OneDrive is held in Europe to comply with privacy laws while data stored in private cloud accounts may be held anywhere in the world - with no accountability if the company loses your data. Therefore confidential, sensitive or critical data must not be stored on private third party cloud services. 

The University Virtual Private Network (VPN) provides secure remote access to shared and home drives. The VPN is the recommended secure method to access and use data when working away from the University.

Data security

The University uses the HIGH (red), MEDIUM (amber) and LOW (green) rating to identify confidential information based on the level of harm that would result if this information was lost, stolen or accidently disclosed to others. Unique research data that cannot easily be replicated, sensitive personal data and data received and received or created under conditions of confidentiality are examples of HIGH (red) risk information.

Information Security Guidance is available on the Information Governance Hub (staff only) and website.

Advice on backing up your data and data security is available from ISHelp