Please see the University's Research Data Management Policy and Information Security Framework which has an online training module Information Security Essentials.

Data must be stored safely, in a way that permits a complete retrospective audit if necessary.

Retention of accurately recorded and retrievable results is essential for the research. This is necessary not only as a means of demonstrating good research practice, but also in situations where questions are subsequently asked about either the conduct of the researcher or the results obtained. Lab-based data must be retained in indexed lab books and where appropriate, supervisors should regularly review and sign off said notebooks to signify records are complete and accurate.

Data must be retained intact in paper or electronic format as appropriate, normally for a period of at least 10 years from the date of any publication which is based upon it. Where funders or professional bodies have specific regulations with regard to the period of data retention or with regards to where you should place/publish data (eg specific archives), these regulations should prevail (for example ESRC/MRC/AMRC).

Researchers must ensure their team is aware of any confidentiality provisions applying to specific projects and whether there are any obligations with respect to these provisions.

Researchers who are leaving the University who wish to retain data/copies of data for personal use must obtain written permission prior to leaving from their Head of Department to do so. Regulation 28 of the University Calendar should be consulted where personal data is processed in connection with the research involved, the request must be refused unless it is clear that future use will be consistent with the terms of the participant’s original consent.

In April 2011 RCUK released an overarching framework of seven statements see RCUK Common Principles on Data Policy relating to research data.

This has been agreed - following considerable negotiation - by all of the Research Councils and is intended to support a raised profile for and more robust approach to data policy.

At a recent data management forum Research Council representatives cited a number of drivers for this, including:

• ‘Traditional’ benefits such as integrity, transparency and robustness of the research record, potential for reuse and wider exploitation, etc.
• Supporting impact and the potential for inclusion in future research assessments
• Need for UK institutions to manage all aspects of their Intellectual Property
• The legal and governance environment including Data Protection, Freedom of Information (particularly following Climategate) and information security/audit.

The RCUK framework reflects increased attention internationally (e.g., the US National Science Foundation 2011 mandate) and in the UK on management, preservation and sharing of research data. It is similar in ethos to the RCUK 2006 statement on access to research outputs, adopting the position that publicly funded research data should be made openly available with as few restrictions as possible.

The framework places requirements on researchers in all disciplines and at institutional level, including:

• Making data and appropriate metadata available and maintaining its accessibility over time tosupport understanding and reuse
• Including information in publications on how to access supporting data
• The need for best practice data management policies and plans at project and institution level
• Protection of data as required: legal, ethical and commercial constraints on release should be considered at all stages in the research process.

It also states that public funds can be used to support the management and sharing of research data (though individual Research Council policies do not necessarily indicate this).

Research Councils also have separate data policies and requirements.

Personal data must not normally be transferred outside the European Economic Area. A transfer can only be made where there is adequate protection for the rights and freedoms of individuals in relation to the procession of information about them. For further advice in this area researchers and Heads of Departments should contact the University’s Data Protection Officer.

Please also see Research Involving Personal Data.