Research Guides: Data Management for Health and Human Sciences: Data Storage and Security

Storing Your Data

Data storage in research refers to the process of saving and accessing research data during the active collection and analysis phases of a research project, where the focus is on storing data securely and accessibly while actively working on it, as opposed to long-term preservation or archiving once the project is complete; it involves choosing a suitable storage location, considering factors like data sensitivity, access control, and backup strategies to prevent data loss.

Purdue has many data storage options to choose from to fit your projects needs. Here are some resources to get you started:

Data Storage at Purdue
This guide details the variety of data storage options available to faculty and graduate students at Purdue University.
Rosen Center for Advanced Computing
Purdue IT maintains several different storage resources to accompany computational systems. This gives a brief introduction to research storage resources.
Data Storage Solutions Finder
This tool will offer recommendations of Purdue solutions appropriate to your usage needs and the data security constraints.
REED+ Ecosystem
REED+ Secured Research is Purdue’s ecosystem for sensitive research data, giving Purdue researchers the ability to meet compliance for their research data.

Guidelines for Data Backup

Data storage refers to holding your data files in a secure location that you can readily and easily access. Data backup, in contrast, refers to saving additional copies of your data in a separate physical or virtual locations from data files in storage. Keeping reliable backups is an important part of data management. Regular backups protect against the risk of damage or loss due to hardware failure, software or media faults, viruses or hacking, power failure, or even human errors.

Remember to use the Backup 3-2-1 Rule:

3 copies of your data - 2 copies are not enough
2 different formats - i.e. hard drive+tape backup or DVD (short term)+flash drive
1 off-site backup - have 2 physical backups and one in the cloud

Backup options:

Hard drives - personal or work computer
Departmental or institution server
External hard drives
Tape backups
Disciplinary archives (repositories)
Cloud storage

Guidelines for Data Security

Data security refers to the protection of data from unauthorized access, use, change, disclosure and destruction and includes network security, physical security, and file security. Security needs to be considered for all copies of your data, including your working data set, backup copies, and archived copies.

Network security

Keep confidential data off the Internet
Put sensitive materials on computers not connected to the internet

Physical Security

Restrict access to buildings and rooms where computers or media are kept
Only let trusted individuals troubleshoot computer problems

Computer Systems & Files

Keep virus protection up to date
Don’t sent confidential data via e-mail or FTP - use encryption, if you must send data
Use passwords on files and computers

The following infographic depicts the four levels of data security and examples of the types of research falling into each category mentioned below:

Level one: Fundamental Research (published and shared broadly)

Level two: Sensitive Research (non-personal data / de-identified data)

Level three: Restricted Research (health data / HIPAA, student data / FERPA)

Level four: Export Control Research (government regulated technology, defense non-classified related)

Click on the image to see RCAC's Quick Guide to the four levels of data security.

DCC Security Standards and Digital Curation
The Digital Curation Centre provides a briefing paper on information security management identifying any formal standards for compliance purposes.
UK Data Service: Security
UK Data Service offers guidance on data storage and security with best practices to prevent unauthorised access, disclosure, or destruction of data.

Secure Data Resources

REDCap
REDCap is a secure web application for building and managing online surveys and databases. While REDCap can be used to collect virtually any type of data in any environment (including compliance with 21 CFR Part 11, FISMA, HIPAA, and GDPR), it is specifically geared to support online and offline data capture for research studies and operations.
Open Tools for Data De-identification
Detailed resources on Data De-identification from the National Library of Medicine including definitions, libguides, scholarly articles, and de-identification tools.
Secure Purdue: Data Handling
Data classification and handling procedures according to stewards of Purdue IT security and policy.
11 ways to avert a data-storage disaster
A Nature article on 11 tips that could make potential data-loss disasters a little less painful.
Ten Simple Rules for Digital Data Storage
This article describes ten simple rules for digital data storage that grew out of a long discussion among instructors for the Software and Data Carpentry initiatives.