Skip to Main Content

Research Data Management: Storage

Research Data Management (RDM) Library guide

Data Management Plans (DMPs) - Storage

It is necessary to document in a Data Management Plan where data will be stored.

  • This is to prevent data being stored in places that would breach ethical or legal requirements. For example, it is not permitted to store any personal data in any 3rd party cloud storage solutions that haven't been approved by IT Services (e.g. Google Drive, Dropbox). 
  • Consideration must be given not just to where you store data, but also to where anyone else associated with the project will store it. For example, if you use a data collection tool like JISC Online Surveys, or a transcription service provider (etc.), then you will need to document where those third parties are hosting the data.

These should be documented in the following sections/questions of the BU Data Management Plan (DMP) template:

Ethical and legal compliance

Storage, back-up, and security

Online storage

BU’s Information Classification webpage specifies how data should be handled and stored depending on the classification assigned to it.

BU recommends storing your research data and documentation in a project specific BU SharePoint site which has been approved as compliant with the required standards. If this is not appropriate for your data, contact IT Services for advice.

Note that BORDaR is not a storage solution for live data that is being worked on during the course of a project. It is BU's research data repository for the long-term storage and access of completed datasets. Choosing a data repository after project completion.

Portable electronic storage

BU’s Information Classification webpage specifies how data should be handled and stored depending on the classification assigned to it.

Contact IT Services to discuss your portable storage needs and to estimate costs.

Portable storage devices such as laptops, hard drives, memory sticks, tablets and recorders are more vulnerable to being lost or subject to security threats. Appropriate measures need to be in place to keep data secure:

Online and electronic storage options

This table summarises how different electronic storage solutions compare against requirements for safe data storage. Any storage needs requiring services/solutions not covered in this table should be raised with IT Services. For most research projects, SharePoint is recommended.

Storage solutions for live research data

  OneDrive (BU) SharePoint / Teams (BU) Non-BU cloud-based services (Dropbox, Google Drive etc.) Network storage (H and I-Drives) Local drives (BU or personally owned devices BU owned portable device (e.g., USB drive) Personally owned portable device

Storage capacity

  • How much storage and how large can individual files be?
  • 1TB
  • 1TB
Variable   Variable Variable Variable
Security measures  
  • How secure is the storage solution? What standards does it meet?
  • Assessed and managed by IT. 
  • Assurances in place regarding the functionality and security of the system.
  • Assessed and managed by IT. 
  • Assurances in place regarding the functionality and security of the system.
IT services can assess the service and confirm is there are appropriate assurances in place regarding the functionality and security of the service.
  • Assessed and managed by IT. 
  • Assurances in place regarding the functionality and security of the system.
Variable Variable Variable
Access and control measures
  • Is it deemed secure by BU?
  • What measures can be implemented to protect personal or sensitive data?
  • Choose whether folders of files are kept private or shared.
  • If shared, options to limit who can access the files/folders.
  • Options to restrict documents to ‘view only’ and ‘block downloads’
  • Options to change permissions.
  • Choose whether folders of files are kept private or shared.
  • If shared, options to limit who can access the files/folders.
  • Options to restrict documents to ‘view only’ and ‘block downloads’
  • Options to change permissions.
Variable
  • H: Drive is generally private and only accessible by the owner. In justified circumstances IT-Services can access the drive.
  • I:drive files/folders can be restricted to authorised users only.
Generally, only accessible by the owner. Remote access to the device by IT-Services might be possible., but unlikely on personal devices. Generally, only accessible by the owner.  Generally, only accessible by the owner. 
Data protection
  • Is it appropriate for storing personal data in line with GDPR and BU policy? 
Yes - with appropriate access and control measures in place. Yes - with appropriate access and control measures in place. No storage permitted. Only centrally procured storage solutions should be used which have contracts in place and have been verified by BU as compliant with data protection legislation. Yes - with appropriate access and control measures in place. No storage or creation permitted.
  • No permanent storage (USBs, external hard drives).
  • No storage on mobile phones or tablets. 
No storage or creation permitted
Collaboration
  • Does it support collaboration?
Yes Yes Unknown. Depends on the service. Limited. Not really. No No No
Back-ups
  • Are backups managed by BU IT-Services?

Not backed up by either Microsoft or BU.

Contact IT Services for any specific backup requirements.

Not backed up by either Microsoft or BU.

Contact IT Services for any specific backup requirements.

Unknown. Depends on the service. Yes No No No
Version control
  • Is there automatic versioning control?
Yes Yes Unknown. Depends on the service. No No No No
Data deletion
  • Is data securely destroyed when deleted?
Yes – retained in Office365 for further 93 days from deletion.

Yes – retained in Office365 for further 93 days from deletion.

(Teams messages)
Yes – retained in Office365 for further 17- days from deletion

Unknown Yes – retained in backs up for further up to 8 weeks after deletion. No No No

What happens when I leave BU?

  • What happens to the data if no action is taken?
  • What should happen to the data before leaving BU?
  • Data and documentation deleted 30 days after the account owner leaves BU.
  • Files should be transferred to BU SharePoint to meet data access and retention requirements.
  • A project site on SharePoint will remain after you leave BU, satisfying data access and retention requirements.
  • A copy of your Data Management Plan, detailing data retention periods should be saved on the site.  
  • Data and documentation are not accessible if the account owner is ill or leaves BU.
  • Files should be transferred to BU SharePoint to meet data access and retention requirements, and then deleted from the non-BU cloud-based service.
  • Data and documentation stored in your H-drive are deleted 30 days after the account owner leaves BU.
  • Data and documentation stored on the I: Drive will remain.
  • Files should be transferred to BU SharePoint to meet data access and retention requirements.
  • Data and documentation are not accessible if the account owner leaves BU. Device will be wiped and deployed.
  • Files should be transferred to BU SharePoint to meet data access and retention requirements, and then deleted from the local drive.
  • Data and documentation are not accessible if the account owner leaves BU. Device will be wiped and deployed.
  • Files should be transferred to BU SharePoint to meet data access and retention requirements, and then deleted from the portable device.
  • Data and documentation are not accessible if the account owner leaves BU.
  • Files should be transferred to SharePoint to meet data access and retention requirements and then deleted from the portable device.

Physical storage

BU’s Information Classification webpage specifies how data should be handled and stored depending on the classification assigned to it.

Please contact the relevant team within your Faculty if additional physical storage is required.

Physical data such as paper based consent forms, interview transcripts etc are vulnerable to being lost or subject to security threats. Appropriate measures need to be in place to keep data secure:

Additional guidance

UK Data Service Guide - Store your data