All research data need more protection
All research data need to be protected through systematic information security measures. However, some research data need a higher level of protection due to secrecy, data protection regulations or other special regulations. Such research data contain information that may not be freely disseminated. There may also be other reasons to restrict access to or dissemination of research data, for example to preserve the novelty of results for which you want to apply for a patent.
Documenting your research data management helps you identify the level of protection your research data need:
Documenting your data management
Research data with personal data
Personal data is information that can directly or indirectly be linked to a specific individual. This means that both obvious information, such as name and national identity number, and any other information that can be linked to an individual is personal data, such as voice recordings, UMU ID, email addresses or encoded (pseudonymised) personal data. Even combinations of data can constitute personal data if, through the data, it is possible to link these to an individual. The General Data Protection Regulation (GDPR) requires that personal data be protected.
Consider personal data when planning the project
You need to plan how your research project will be conducted, taking into account:
- what personal data are processed;
- what privacy risks the processing result in;
- whether these risks are in proportion to the purpose; and
- which conditions must be met as per data protection regulations.
Processing personal data in research
Ethical review approval needed for certain personal data
Some personal data are recognised by law as sensitive personal data. If you conduct research on sensitive personal data or personal data concerning violations of the law, you must apply for ethical review approval.
Read more about ethical review
Secrecy
Research data may be classified as secret, which means that you may not release or otherwise disclose information classified as secret. You have a duty of professional secrecy if, in your work, you are given access to information covered by secrecy. As a researcher, you are responsible for being observant of whether the research data you manage is classified as secret.
Read more about secrecy for research data
Classified research data
Research projects that involve research data that can be linked to defence secrecy must be managed in a special way based on the Protective Security Act and Umeå University’s internal procedures.
There are specific requirements for security enhancements, including that persons managing the information have security clearance, information is handled and stored securely and that premises where information is stored or where activities are conducted have appropriate protection.
More information about protective security and strategic products is available on Aktum (UMU ID required)
Managing research data with high protection value
When managing research data with high protection value, it is important to ensure that you have the right level of protection for the research data. Use the information classification and risk and vulnerability analysis to determine what safeguards you can use to protect research data in your project.
Read more about how to protect your information
Sharing data with high protection value
Research data supported with public funding must be made accessible according to the principle, “as open as possible, as closed as necessary”. Research data with high protection value cannot be published openly accessible. Instead, you can share data by archiving them according to Umeå University’s archiving process and publishing a description of the research data (metadata) in a repository. Anyone interested in accessing data can request that Umeå University release the data, upon which the University will conduct a secrecy examination.
Journals that require research data to be published open access make exceptions for data that, for legal or ethical reasons, require high levels of protection.
Share research data
By describing and publishing research data, others can reuse them.
Preserve research data
Archiving research material is required and research data are public documents.
Do you have questions about research data?
The University has a cross-functional team that supports you with research data issues in areas such as archiving, legal affairs, IT support, open data, and information security. You can contact the research data support team using the following form:
Contact the research data support team if you have questions
