Privacy & Security Essentials in Research

Write a research data management plan to manage data in your research project.

Effective research data management is an essential component of scientific research. Creating a research data management plan (RDMP) safeguards against data loss, preserves valuable scientific knowledge, and ensures that personal and sensitive information is handled responsibly. Additionally, a well-crafted RDMP can save you time and resources by preventing errors, enabling others to validate and replicate your findings, and facilitating future research with your data.

Learn how to write an RDMP. Still not convinced? Dive into these cautionary data horror stories for some eye-opening inspiration!

Use UG tools for collecting, storing, publishing, archiving, and sharing research data

While commercial and/or publicly available solutions can be tempting, they often prioritize their own interests over those of researchers and potential participants. Moreover, it is difficult to ensure data integrity, availability and protection.  

Some IT solutions are essential for research conducted at the UG. For that reason, the UG has contract agreements with several companies. These can be used by researchers under the terms and conditions that have been agreed upon in the licensing contracts, and ensure security measures such as a good back-up policy and data recovery protocol are in place.

Check out the different solutions the UG offers for working with your data in different stages of research, and use the UG software finder to have an overview of the software available to all UG researchers. If the software you need is not listed, follow the official software request process.

Make formal agreements when collaborating or sharing research data with external parties. 

Research often requires collaboration or sharing data with external parties. To safeguard intellectual property and to protect research data, it’s essential to create data-sharing or collaboration agreements. These agreements outline the terms for data access, usage, and confidentiality, ensuring everyone understands their responsibilities. 

Contact your faculty P&S coordinator to help you determine which agreements are required for your research with personal data and provide more information on how to set up the agreements. 

Protect your participants and their personal data by complying with the requirements of the GDPR

Personal data is more than just your participant’s name and contact details. Personal data is any information that can be used to identify a specific person, and could therefore also include variables such as age, profession, and marital status. 

Are you doing research involving human subjects? Make sure to educate yourself about the basic principles of the GDPR. Inform yourself about essential concepts of the GDPR and follow the ‘Introduction to privacy in research’ webinar periodically offered by the DCC.   

Ask consent and be transparent with your participants 

To foster a trustworthy relationship with your participants, it is crucial to ensure that participants are fully aware of the nature of your research, its potential risks and benefits, and their rights before they decide to participate. 

You do not have to reinvent the wheel! Review faculty-specific information on informed consent procedures and templates to adhere to both ethical and legal considerations, or visit the DCC website for general guidance on obtaining informed consent.

Plan for the reuse of your research data

When data is shared and reused, it contributes to a continuous data lifecycle, fostering a cycle of knowledge that extends far beyond your original research. It’s important to establish a clear plan for the re-use of your data at an early stage in your research and include it in your RDMP. Define when, how, and for what purposes your data can be reused, agree upon these terms of use with your data providers and obtain consent for reuse from your participants. 

In addition, you can increase both the security and the findability of your data by publishing (meta)data via trusted repositories such as DataverseNL. Using trusted repositories can help you maintain the confidentiality, long-term accessibility and integrity of your data.

Do not collect more data than strictly necessary. Destroy unnecessary data as soon as possible

By carefully designing your research project, you can significantly reduce the impact of potential data breaches. Practice data minimization in your research by collecting only the essential data, avoiding unnecessary details, and being mindful of data that might be unintentionally collected through your research methods.

Take measures to protect your participants and their data, such as pseudonymization and anonymization techniques.

To safeguard the interests of your participants, consider techniques like masking, manipulating, or removing personal data. This process, known as de-identification, makes it harder to identify individuals. 

• Pseudonymization: While removing direct identifiers, pseudonymized datasets can still be linked to individuals, for instance by using a keyfile. This means that there's a risk of re-identification, even if it's more difficult.

• Anonymization: Altering data to the point where direct or indirect identification is impossible. This involves irreversible changes that make it impossible to link the data back to specific individuals.

By implementing de-identification strategies in your research, you can significantly reduce the impact of data breaches and ensure the well-being of your participants.

Strictly manage and monitor access to your research data

Access management enables controlled sharing of data and responsible collaboration among researchers and students. By implementing appropriate access controls, researchers can collaborate more effectively while still protecting the confidentiality and integrity of the data. 

Create an overview of all team members who have access to your research data and what rights they have. Make sure to schedule regular reviews of this overview to ensure access rights remain up to date.

Archive your research data in the RDMS or the Y-Drive

Research data archiving ensures long-term storage and accessibility, enabling verification and reuse while maintaining data integrity and security. The UG facilitates responsible research data archiving through the research data management system (RDMS) and the Y-Drive. 

Check out your faculty data policy and make sure you archive your data accordingly.

Provide research data as open as possible, but as closed as necessary to your publishers

Publishers can sometimes pressure researchers to share their data openly, but it's important to recognize that restricted access is sometimes necessary. While many datasets can be shared openly, certain situations call for limited access, allowing data to be shared only with interested parties under clearly defined conditions. Adhering to the FAIR principles, the goal is to make data "as open as possible and as closed as necessary," striking a balance between transparency and the protection of sensitive information.

Be critical when using AI during your research

AI can revolutionize your research, saving time and money while boosting outcomes. However, remember that AI comes with ethical, scientific, and data protection challenges. 

Researchers must avoid simply feeding data into AI systems without careful oversight. In addition to protecting personal data, it's important to protect the intellectual property generated throughout your research. Safeguarding this information helps prevent valuable insights and innovations from falling into the wrong hands, where they could be misused or lead to unintended consequences.

Familiarize yourself with the fundamentals of generative AI and enroll in the "Critical AI Literacy" e-learning to gain a deeper understanding. By mastering AI responsibly, you can unlock its full potential while ensuring ethical and sound research.