Data Management and Sharing

To avoid data loss, and to retain information held in earlier versions you should: 

Create and document a data backup policy

A backup policy provides specific guidance on data backup decisions and restore processes. This policy promotes consistency and ensures a successful recovery of data from a backup copy if data loss does occur.

Use a reliable device when making backups

Consider managed cloud-based services to backup your data. OneDrive/Sharepoint can be configured to sync data from a local system to the cloud. This allows for easy backup of data as this can be done in the background during normal system use. Avoid use of light-weight devices, like floppy disks and USB stick-drives. Additionally, you should avoid backups on optical media, like CDs and DVDs, as they have been shown to degrade over time. 

Create, at a minimum, 2 copies of your data

These copies should be in geographically dispersed areas. Place one copy at an "off-site" and trusted location such as a commercial storage facility, campus server, or cloud-based server. Depending on the amount of data, acceptable solutions may be keeping one copy on the local system and one copy backed up to OneDrive/Sharepoint.

Backup your data at regular frequencies

Sporadic backups may result in inadvertent data loss if a disaster were to occur. Be sure your files are backed up regularly to avoid major data loss. Make sure to backup your data when you complete your data collection activity and when you make any edits to your data. Using sync with OneDrive/Sharepoint can be configured to copy once an update is done to a file.

If you have any questions about data storage and security, please contact IITS.

There are a variety of data storage options available to you depending on your needs and resources.  

Local Storage:

Local storage options allow for personalized control and everyday access. However, management and backups are the research team's responsibility. 

• Computer hard drive 
• External media (hard drive, USB)
• Department server​

Cloud-based Storage Options:

These storage options are stored and managed on remote servers and are regularly backed-up. There are a variety of options with different prices and storage capacities depending on your needs. 

IITS provides faculty, staff, and students with access to Microsoft Office 365, including Sharepoint and OneDrive. If you have additional data storage needs, please contact IITS for additional options.

• Subject-repository (ex. Dryad)
• Commercial (ex. Amazon Web Services, Microsoft Azure)​

Source: Adapted from UCLA Libraries

Academic research can often involve handling of sensitive data, which may include information about human subjects, endangered species, or protected areas. In order to ensure security, your research team should follow physical security, computer files and systems security, and network security. 

Physical Security: 

• Always secure your computer and peripherals (i.e. USB, external drives). 
• Restrict access to buildings and rooms where sensitive data or research specimen are stored. 
• Only allow trusted individuals access to computers and peripherals. 
• Keep physical paper files in locked file cabinets. 

Digital Security: 

• Ensure that the computers used in research and/or data storage have up-to-date virus protection, have an EDR solution installed, have the latest operating system and software patches applied, and are secured from threats on the internet.
• Use long passwords to secure files and computers. Experts now recommend passphrases over short and complex passwords. A passphrase should consist of 15 or more characters. Uppercase, lowercase, and special characters are not required.
• Enable encryption on local systems and external media. Enable Bitlocker for Windows or Filevault for Macs. Both are easy to use solutions, just make sure you do not forget the decryption key or you will be locked out of your data.

Network Security: 

• Do not store or transfer confidential data on the Internet. 
• Do not store sensitive materials on computers connected to the Internet. 
• Only use CSUSM approved cloud storage solutions (OneDrive/Sharepoint) to store confidential or sensitive materials.

It is absolutely vital that PIs respect the privacy and confidentiality for all research participants. Risky data security is unethical. It is absolutely crucial that all researchers are knowledgeable and follow all CSU policies and guidelines for working with research subjects, both human and animal. You also must:

• Comply with all health research regulations: Federal legislation contains very strict guidelines; consult HIPPA Privacy Rule Information for Researchers.
• Only collect the minimum amount of data that you need to complete the research. Do not collect any personal information unless it is absolutely required for the work.
• Evaluate the data’s sensitivity: Consider whether the data contains direct or indirect identifiers that could be utilized with other public information to identify research participants.
• Obtain informed consent: Recommended informed consent language for data sharing.
• You may decide to restrict use of the data by control access through embargoes or access/licensing terms and conditions.

To ensure the safety of your data, it is recommended that you reach out to the Information Security team. They can assist you with any questions or concerns you may have about how your data is being stored.