Store and share

Storing and sharing non-sensitive data

As the research process proceeds, there is a need to transfer datasets for storage. At the same time, it is often also necessary to share parts of data and related access rights with other researchers over a data network. It is therefore essential to take care of data protection and data security issues. Sensitive data must not be transferred online without adequate safety measures. Bear in mind that storing datasets on the hard discs of workstations, memory sticks, and USB drives is in principle a risk in terms of data protection and data security!

JYU storage services are being developed to cover all phases of data processing, from collection up to storing and sharing between project partners and collaborators.

For non-sensitive data, the University offers

Nextcloud and Researchvideo.jyu.fi are suitable for sharing data also with partners outside the University. 

Storing and sharing sensitive data (special categories of personal information, otherwise secret data)

For sensitive and highly confidential data, e.g. special category personal data, options include:

CollabRoom and the CSC Sensitive Data services are suitable for sharing data also with partners outside the University.

Specific instructions

Check the JYU dynamic table of available storage and sharing tools and safeguard measures for your type of data ) in Intranet Uno).

If your data contains special categories of personal data or it is highly confidential or secret for another reason, store it in the original storage device whenever possible. For maximum data protection, personal data should not be transferred outside the original storage location such if it can be avoided, e.g., to a separate analysis excel workbook. When kept and processed in the original location, it is easier to keep automated log to monitor who has had access to the data.

When transferring personal data, make sure that you know exactly who receives it at the other end. Ensure your legal right to transfer personal data by informing your study subjects about who handles their personal information, why, and how, at the beginning of your project using the data privacy notice. If you cannot use the University's Nextcloud, CollabRoom, or Researchvideo.jyu.fi for sharing and have to use email, safe email or encryption of attached files are necessary.

Sometimes data must be transferred outside the EU and the European Economic Area. This can be the case if e.g. appropriate analysis equipment only exists in some particular location. Special legal obligations must be taken into account for personal information transferred outside the EU-EEA area. If this is topical to your study, consult the University's Data Protection Officer.

MS Teams and data storage

O365 Teams works well for communication during research. However, it is not a recommended storage location for the materials themselves. Proceed as follows: Save the materials to Nextcloud, CollabRoom, Research multimedia, or if none of these are suitable for your material, to the project's S: drive in the university's network disk space. When you collaborate in Teams, share material from storage services using the links they provide. You can also share links with partners outside JYU. Take care of the data protection of the materials and that you share the materials only with those persons who have the rights to see them due to their role.

Backup   

All JYU storage systems automatically take regular automatic backups, so no backup copies are needed when using them.  Preserve the original files, i.e., the so-called master files separately from the analysis files and make all edits to the analysis files. This way, the data will not be lost if an error occurs in the data processing. NB! CSC's SD Connect for sensitive data does not offer automated backup for data. 

Access control 

  • Name and document the person in charge who oversees access control to the files.
  • Maintain information about who has accessed the data and who has access to any part of the data.
  • Define who has the rights to view, edit, and delete the data.
  • If you process personal information or other confidential or sensitive information, please specify who has access to it.
  • On what basis has each access (edit, view, delete) been granted?
  • How are controls implemented in practice (eg password-protected access, change log monitoring, encryption, physical space monitoring, locked lockers)?
  • If you process specific categories of personal data, make sure you follow the description you provide to the subjects.

Describe your planned measures in your data management plan.