Working with data: Data storage

Your research data are valuable assets to you, and potentially to the wider research community, and you have probably invested considerable time, effort and money in creating them.

To protect your data you need to consider how they are stored, backed-up and secured whilst still working on them. You should consider the following: 

• is the storage reliable or is there a risk that the data may be lost?
• how much storage will I need and will this vary during the project? 
• can I access my data storage from the different places that I need to work? 
• are my data secure and how do I ensure that they can only be accessed by authorised people? 

The University currently does not recommend storing research data in the cloud and provides guidance on whether you should store your data in the cloud but personal data must not be stored in the cloud. 

Managed research storage is provided by the Digital, Data and Technology Group for academic staff and postgraduate students. 100GB is available at no charge for every permanent member of academic staff. This can be expanded to up to 1TB if required. An additional 1TB is available for second and subsequent funded projects. Please note that the policy on how this storage is allocated is reviewed periodically, so always check the latest guidance (PDF) on the allocation and deallocation of storage to see if you are eligible. 

Principal Investigators and doctoral student supervisors can request data storage via the Digital, Data and Technology Group help page. Larger requirements for storage (above 1TB) must be costed into research grant budgets and should be discussed with the Research & Innovation Service Pre-Award team at the earliest opportunity. 

The University's research storage service is resilient, with multiple copies stored in more than one physical location and measures to protect against corruption. Backups are taken regularly and kept for three months. If you accidentally delete a file, the 'Previous Versions' feature of the storage enables you to recover files. 

You can access the University research storage service (H: and X: drives) whilst working remotely using two options for access: 

• the files.bath service allows you to access your University storage via a web browser without the need for a Virtual Private Network (VPN). Instructions on how to use files.bath are available from the Digital, Data and Technology Group. 
• The Digital, Data and Technology Group provides guidance on remote working, including information on how connect to the University via a VPN and using UniApps to access University software. Once you are connected to the VPN you can map the X:Drive using Windows 10 or map drives using Mac (OS X) (University of Bath logins required).
• Note: if your data are stored in an encrypted folder on the H: or X: Drive you will need to access the drive via VPN with the drive mapped to your local PC or laptop and have VeraCrypt installed onto your local PC or laptop. Encrypted folders cannot be accessed through files.bath or UniApps. 

Our guidance on working with collaborators has information on how you can securely share your data with collaborators using files.bath. If you are working with sensitive data you should ensure that they are secured whilst you are working remotely. For more information, see our guide to working with sensitive data.  

There may be situations where you are collecting data, or working on data, away from campus where you are not able to upload your data to the University managed servers via a secure network connection (https or stfp). Under these circumstances we recommend that you take the following steps to secure your data:

• If you are collecting sensitive data (personal data, commercially, politically or socially sensitive data that would be classified as 'restricted' or 'highly restricted' under the University's Information Classification Framework) you should ensure that your laptop and back-up device are both encrypted. The Digital, Data and Technology Group can help with encryption of devices.
• You can use synchronisation software to upload your data over secure network connections (https or sftp) providing that you use VPN to connect to the University servers.
• Ensure that you store your laptop and back-up device, such as an external hard drive, separately
• When you are travelling ensure that you pack your laptop and back-up device in different luggage to protect against data loss due to lost luggage. 

Data security involves ensuring that only authorised people have access to read, edit or use your data.  The University research storage service provides a certain degree of security as standard, provided that you follow the Digital, Data and Technology Group guidance on:

• choosing a strong password
• keeping your computer account secure
• the principles of information security explained by the University's Information Security online course

You should keep all data in accordance with the University's Electronic Information Systems Security Policy and the Information Classification Framework.  

Personal and confidential data

There are additional steps that you should take when working with data that are legally classified as personal, sensitive or confidential. 

• 'personal data', under the terms of the Data Protection Act, means data that relate to a living individual who could be identified by that data, even if only in conjunction with other information held (locally or online). Under GDPR the definition of personal data has been extended to include identifiers such as IP addresses, cookie identifiers, and location data. 
• 'sensitive personal data', under the terms of the Data Protection Act, means personal data that relate to racial or ethnic origin (this would include images and video footage), religious or political beliefs, sexuality, physical or mental health, membership of a trade union, or information about criminal convictions or allegations of criminal activity. 
• 'confidential data' means data, not in the public domain, that are passed between two parties on the understanding that they will not be disclosed to a third party. 

If you are working with personal data you should store all identifiable data in an encrypted folder, or on an encrypted device, separately from anonymised or pseudoanonymised (for example, containing a participant identifier that links back to the name of the participant) data. It is not sufficiently secure to store the identifiable data in a separate folder on the X: drive. There is detailed guidance on working with sensitive data on the 'Sensitive Data' page. You will need to follow this guidance to comply with ESRC and NHS requirements.

The University research storage service only provides storage for active projects (those currently being undertaken or those that ended fewer than three years ago). Once you no longer need regular access to your data, you should evaluate whether you need to retain the data for the long-term. Data that underpins a publication, or that may be of future benefit to you or other members of the research community, should be archived in an appropriate research data archive or repository. Any dataset that is deposited in a research data archive should be structured and documented appropriately, with adequate metadata attached to it. Any retained datasets should be registered via Pure. For more information, see our guide to archiving and sharing data.