LibGuides: Research Data Management: High-Risk Data

Data Management Plans (DMPs) - High-risk data

High-risk data should be documented in the Data Management Plan before the start of the project along with the safeguards that will be in place to mitigate any risks.

These should be documented in the following sections/questions of the BU Data Management Plan (DMP) template:

Ethical and legal compliance

Will you be handling any other data which could be considered high-risk? > High-risk data
Specify what other data you will be handling that could be considered high-risk.
Will any of the data be received from partners outside of the UK? > International data transfers
Briefly list the countries/partners where data will be received from.
Will any of the data be sent to partners outside of the UK? > International data transfers
Briefly list the countries/partners where data will be sent to.
Provide brief details of anyone else who will have access to any of the data. > Restricting access to authorised persons and organisations

Storage, back-up, and security

Where will your non-digital research data or project documentation be stored, short or long-term? > Physical storage
Where will your digital research data or project documentation be stored, short or long-term? > Electronic storage
How and when will personal or other sensitive data be deleted/destroyed? > Data destruction > Storage limitation and retention periods
What security measures will be put in place to prevent unauthorised disclosure of data, both during and after the study?

High-risk data

In addition to special category personal data, BU's Information asset classification page lists the types of information considered high-risk. It includes things like:

Commercially sensitive information
Legally privileged information
Intellectual property that is under development and subject to patent/intended for commercialisation
Any information subject to a confidentiality agreement

This isn't an exhaustive list. It is anything whereby inappropriate disclosure could:

Cause significant damage to the University's reputation or operations
Cause great distress to individuals
Pose a danger to personal safety, to life, national security, cybersecurity etc.
Impede the investigation or facilitate the commission of serious crime
Substantial financial or legal penalties

High-risk data should be documented in the Data Management Plan before the start of the project along with the safeguards that will be in place to mitigate any risks.