When processing data, remember to ensure the confidentiality, accuracy, and information security of the process throughout the research project. In a research group, it is always a good idea to define the roles, rights, responsibilities, and obligations of the data processors. If any third parties are involved in the processing of the data, clearly define the roles and responsibilities. If necessary, remember to draw up a non-disclosure agreement if the data being processed is classified or confidential. If you receive data for processing from third parties, always comply with the potential conditions set for analysis and processing (e.g. processing environment).
The data can be processed manually or by utilising various software and tools designed for data processing. The rule of thumb is that services and tools supported by the Tampere University community should be the ones primarily used in analysing data. Discretion should be exercised when using commercial or AI-based tools. Their use is at one's own risk, and the University does not have the means, for example, to recover lost data or guarantee that the information security solutions of the selected tool or service are appropriate. The Information security guidelines in the University's intranet contain more information on the University's policies regarding artificial intelligence.
In the services provided centrally by the University community, information security has been taken into account through e.g. access rights management, verification policy, maintenance rules and agreements, audits, and special security solutions. Regular information security and data management trainings also play an important role in ensuring that data are handled responsibly.
To assess the suitability of the storage and processing environments available in the University community’s IT service list, several issues must often be considered: the sensitivity of the data, the technical preconditions set for the data, the legal framework, user management, and the costs. The selection should always be based on a risk assessment.
If you need IT services for processing data, please contact the University community’s IT for research. In many respects, general data management services are suitable as tools for researchers, but there are also services and capacity acquired specifically to support research work. Through IT for research, it is also possible to get help in using services provided by partners. IT for research provides advice on choosing suitable services and, if necessary, acts as a connection to for example CSC.
If you cannot find the service or tool you need for processing and analysing data among the tools already available or provided by the Tampere University community, you can ask about obtaining it from the IT contact persons (intranet) or at it-helpdesk@tuni.fi. Please note however, acquiring new software requires not only potential financial resources, but also careful familiarisation with the terms and conditions of use and contracts, as well as verifying information security and data protection policies. The University community’s IT for research has compiled a list of software (intra) that cannot be used on Tampere University community computers. These include among others all Chinese and Russian software, as well as all new free grammar checking or proofreading software, and AI-powered translation and transcription software.
Information security for data means protecting data from external and internal threats, such as accidents, errors, and unauthorised use. The level of information security should be considered in relation to the nature of the data and potential risks. When it comes to confidential data and data containing personal information, special attention should be paid to information security.
When planning the life cycle of your research, and your research data at different stages of that life cycle, consider information security from at least two perspectives: how to protect the data from loss and, on the other hand, how to ensure that it is not possible to access it without permission.
Measures to improve information security:
See Tampere University community's Information Security Policy and, if necessary, ask for more information at tietoturva@tuni.fi.
Store the data in a safe place provided and maintained by your organisation.
When choosing a repository for your research data, you should consider the following:
By considering the answers to the above questions, you will be able to choose the most suitable storage location more easily for your research data. The storage services provided by the Tampere University community can be tailored to different needs.
Read more about the storage services at the Tampere University community. Contact us if you need more information: it-helpdesk@tuni.fi.
With backups we refer to the creation of additional copies of data. These copies can be used if the original version is damaged or destroyed. It's a good to have at least three copies of your data, and to store them in different locations.
Many storage solutions create backups automatically, and some also have version control features. Do not rely solely on automated solutions. Make sure you also have other copies of your research data.
Automatic backups for computers maintained by the University's IT services are always carried out over an encrypted connection.
The purpose of version control is to make copies of files as they are processed. This allows you to revert to previous file versions if necessary. With systematic version management, you can control different versions of files consistently. At its simplest, version control can be based on saving multiple versions of a file as you make changes to it, and naming the file descriptively enough to know which version it is. This can be workable method if only you handle the file. If several people work with the same file, it is a good idea to agree on common rules for implementing version control so that everyone works in the same way.
Some storage services offer additional version control features such as snapshots and backup versioning, while others automatically create a new version of the file each time it is edited. Some storage services offer version branching and merging. The purpose of version control tools is to make your work easier, and usually help in situations where, for one reason or another, the user's own version control does not work. These automatic and technical version control tools do not replace the researcher's own version control, but are intended to help in situations where, for example, data needs to be restored from old backups.
Practical tips:
If the data has not been designated for digital preservation, and the research does not involve e.g. a funding body that has requirements regarding the storage period of the data, the researcher can determine the necessary retention period for the data. If, for example, a doctoral dissertation or other thesis has already been approved and published, and there is no longer a need to store the data, it can be disposed of in a secure manner. If the material contains personal data, it should be destroyed as soon as the need and purpose of use have ended.
If data must be destroyed at the end of the research, simply deleting files with the delete option and emptying the computer’s Recycle Bin is not a sufficient way to destroy research data. You will need to use separate software that allows you to overwrite the data or magnetise the hard drive. It is also possible that a physical storage location (such as an external hard drive) is destroyed by mechanical shredding.
University community’s guidance on the disposal of confidential material (intra).
FSD's guidelines on data disposal.
