Invited talk as part of Westminster Insight Research Data Management Forum, https://www.westminsterinsight.co.uk/event/3416/Research_Data_Management_Forum

1. SECURING, STORING AND ENABLING
SAFE ACCESS TO DATA
ROBIN RICE
Research Data Management Forum:
London, 10 Dec. 2019
Westminster Insight

2. EDINBURGH UNIVERSITY’S RESEARCH DATA SERVICE
• Support for researchers across the data lifecycle
• Help with data management planning, data protection
impact assessment (risk assessment & data flows)
• Advising on safeguards for storing sensitive data
• Providing secure, cost-effective data facilities
• Assistance with information governance – applications
to data holders such as NHS; data use agreements
• Infrastructure for secure data storage: Data Safe Haven
• Infrastructure and policies for long-term data retention:
DataVault

3. TWO ACRONYMS, TWO PARADIGMS: FAIR AND GDPR
• FINDABLE
• ACCESSIBLE
• INTEROPERABLE
• REUSABLE
• GENERAL
• DATA
• PROTECTION
• REGULATION
by SangyaPundir [CC BY-SA 4.0
(https://creativecommons.org/licenses/by-sa/4.0)], from
Wikimedia Commons

4. FAIR PARADIGM: OPEN BY DEFAULT
”
FINDABLE: “Metadata and data should be easy to find for both humans
and computers. Machine-readable metadata are essential for automatic
discovery of datasets and services.”
ACCESSIBLE: “Once the user finds the required data, she/he needs to
know how can they be accessed, possibly including authentication and
authorisation.”
INTEROPERABLE: “The data usually need to be integrated with other
data. In addition, the data need to interoperate with applications or
workflows for analysis, storage, and processing.”
REUSABLE: “The ultimate goal of FAIR is to optimise the reuse of data. To
achieve this, metadata and data should be well-described so that they can
be replicated and/or combined in different settings.”

5. 5
Why share data?
From: Journal of Open Archaeology Data, CC-BY 3.0

6. GDPR PARADIGM: PRIVACY BY DEFAULT
Six principles of the GDPR:
a) Lawfulness, fairness and transparency
b) Purpose limitation
c) Data minimisation
d) Accuracy
e) Storage limitation
f) Integrity and confidentiality (security)

7. 7
GDPR Principles Pictured
From: https://byglearning.co.uk/mrcrsc-
lms/course/index.php?categoryid=1

8. 8
GDPR Principles and Research
From: https://byglearning.co.uk/mrcrsc-
lms/course/index.php?categoryid=1

9. DATA PROTECTION CHALLENGES FOR HUMAN SUBJECT
RESEARCHERS
• Understanding legal definitions (personal data, special categories,
data controllers and processors)
• Selecting secure data systems designed for privacy
• How to collect sufficient data for research question but not more
• Transparently communicating data processing actions to human
subjects (information sheets & consent forms)
• Understanding and documenting risks for a DPIA (data protection
impact assessment)
• How to anonymise/pseudonymise data; disclosure control
techniques
• Authorising access; creating legally binding data use agreements
• Dealing with breaches

10. UOE RESEARCH DATA SERVICE = TOOLS AND SUPPORT FOR WORKING
ACROSS THE DATA LIFECYCLE
https://www.ed.ac.uk/is/research-data-service

11. ADDITIONAL SAFEGUARDS NEEDED? UNIVERSITY DATA SAFE HAVEN
FOR MANAGING DATA IN ACTIVE RESEARCH PROJECTS
• For projects requiring advanced security, the
Data Safe Haven (DSH) provides a controlled
and secured service environment for
undertaking research using sensitive data.
• The service provides robust controls and
safeguards to enable the secure transfer of
sensitive data into a highly secure
environment where it can be stored,
manipulated and analysed by approved
members of a research team.
1
1

12. UOE DSH ENVIRONMENT: AN ANALYTIC PLATFORM
Secure virtual
environments
for different
projects
A number of virtual
desktops statically
assigned & linked
to each project and
its user group.
 A Virtual Desktop
Environment
 Restricted access
 Clear segregation
of duties
 Gatekeepers
 2-factor
authentication
 End to end
encryption
 Up to 5 TB of
storage
 1 CPU 4Gb RAM
 Key data analysis
tools & packages
(SPSS, MatLab etc)

13. LIFECYCLE OF A DSH RESEARCH PROJECT
DSH processes are governed by DSH Standard
Operating Procedures (SOPs).

14. ARCHIVING, SHARING & RETENTION OF RESEARCH DATA AFTER
THE PROJECT IS FINISHED: DATASHARE AND DATAVAULT

16. VOX POP VIDEO:
RESEARCH DATA SHARING
https://youtu.be/yhVqImna7cU (from 3:27)
16

17. WHAT IS DATAVAULT FOR?
The DataVault allows data creators at the University of Edinburgh to:
• Store their data safely with the University for long-term retention
• Link this data to projects, outputs in Pure without having to re-enter
any metadata;
• Receive a DOI for the data which allows easy citation in
publications and other outputs;
• Comply with funder and University requirements to preserve
research data for the long-term;
• Be confident that their data will exist without corruption or decay to
reuse in the future as and when required;
• Personal and confidential data are protected through encryption.
1
7

18. WHAT IS DATAVAULT *NOT* FOR?
• Where it is intended that data will ultimately be made public, they
should instead be deposited either in a suitable disciplinary
repository or in DataShare, our open access data repository.
• DataShare deposits may be placed under embargo up to 5
years, so that files will remain inaccessible temporarily.
• Data needing to be retained only for a short period.
• Data in which a student owns the copyright.

19. WHAT IS INNOVATIVE ABOUT DATAVAULT?
• Fills a gap for a complete data lifecycle institutional service, helping to fulfil
the 2011 RDM policy
• Facilitates a collection of institutional data assets to be managed by the
University
• Incentivises open sharing by pairing with DataShare
• Open metadata records even though nominally ‘closed’
• Buys time for appraising data worthy of further curation
• Combines paradigms of data centres and digital preservation

20. ANY QUESTIONS?
R.RICE@ED.AC.UK
WWW.ED.AC.UK/IS/
RESEARCH-DATA-SERVICE
HTTP://DATABLOG.IS.ED.AC
.UK
@RESEARCHDATAUOE