\n\t\tAll participants of a research group have to be clear about which data storage methods are acceptable.\n\t<\/p>\n<\/blockquote>\n
\n\tThe objective of these activities is to ensure:\n<\/p>\n
- \n
- \n\t\tAvailability<\/strong> \u2013 data must be available and accessible\n\t<\/li>\n
- \n\t\tIntegrity<\/strong> \u2013 data must be accurate, complete and up-to-date\n\t<\/li>\n
- \n\t\tConfidentiality<\/strong> \u2013 data must be available only for authorised persons or systems\n\t<\/li>\n<\/ul>\n
\n\tThe most secure option is, certainly, to use the central servers of the university, which are provided with IT services, including the making of backups.\n<\/p>\n
\n\tUsing of cloud services is also secure, but it can have shortcomings, especially in the cases where personal data are processed. Providers of cloud services (e.g. Dropbox, OneDrive) may not be located in the European Union and it cannot be guaranteed that the data would always be processed according to the General Data Protection Regulation. That means, these services are not acceptable in storing research data.\u00a0\n<\/p>\n
\n
\n\t\tUnencrypted personal data must not\u00a0 be stored in remote servers (\u2018in the cloud\u2019).\n\t<\/p>\n<\/blockquote>\n
\n\tCloud solutions are well suitable for the cooperation of researches in different locations.\n<\/p>\n
\n\tData are often stored in the computers which are used by the research group or in personal computers of the work group members. In such cases, the making of backups may become a problem.\n<\/p>\n
\n\tMaking of a backup <\/strong>is the creation of a copy of the state of the data or the programmes at a given moment, which would allow to restore them up to that given moment after a security incident.\n<\/p>\n
\n\tThe incident<\/strong> is some unfortunate event, due to which data are lost, such as the physical destruction due a fire, unintentional deleting, a crash of the hard drive or the operating system, etc.\n<\/p>\n
\n
\n\t\tMaking of backups should follow the 3-2-1 rule, meaning that three copies of the backup should be stored on two different storage media, one of which is located far away at a different location.\n\t<\/p>\n<\/blockquote>\n
\n\tEach researcher is responsible for using the most secure data storage environment or device. It is quite difficult to follow this rule when using external hard drives or mobile devices. Therefore, when the gathering of data requires the using of some mobile device (tablet, camcorder, audio recorder), it is advisable to save the data at the earliest possible moment on some secure media. Mobile devices are also prone to malfunctioning, destruction, loss or theft, making them less secure.\n<\/p>\n
\n\tThis example gives an idea about how and where master\u2019s students store their data. We can conclude that even with data-intensive research, if 81% of the data are on personal computers or external hard drives, it is not stored in the most practical and safest way\u00a0\n<\/p>\n
\n\t
![\"datastorage\"](\"https:\/\/sisu.ut.ee\/wp-content\/uploads\/sites\/301\/datastorage.png\")
\n<\/p>\n\n\tMeera B.M.,\u00a0 Hiremath V. Data-intensive research in physics: challenges and perspectives.\u00a0Ann Lib Inf Stud<\/em>\u00a065 (2018) 43-49.\n<\/p>\n
\n\tCompared to postgraduate practices in 2018, the data storage locations used by researchers were somewhat more secure in 2022, but there was still too much use of local and personal devices:\n<\/p>\n
\n\t
![\"Locations\"](\"https:\/\/sisu.ut.ee\/wp-content\/uploads\/sites\/301\/locations.png\" "\\"locations.png\\"")
\n<\/p>\n\n\tResource:\u00a0European Commission, Directorate-General for Research and Innovation,\u00a0European Research Data Landscape \u2013 Final report, Publications Office of the European Union, 2022,\u00a0https:\/\/data.europa.eu\/doi\/10.2777\/3648<\/a>\n<\/p>\n
\n
\n\t\tData management plans should specify where the data are stored, who should make backups and how often the backups should be made, and for how long a period these backup copies should be stored.\n\t<\/p>\n<\/blockquote>\n
\n\tAnother important factor includes organisational and physical security, such as the training of new staff members, possible problems with staff members who leave the group, internal rules of the workplace, fire safety, locking of doors, etc.\n<\/p>\n
\n\t\u00a0\n<\/p>\n
\n\tIn case of data-intensive research, it would be advisable to carry out a risk analysis in the work group and to answer the questions, what should be done if \u2026<\/span><\/span>\n<\/p>\n
- \n
- \n\t\tthe IT systems malfunction<\/span><\/span>\n\t<\/li>\n
- \n\t\tthere are blackouts, deluges, fires<\/span><\/span>\n\t<\/li>\n
- \n\t\tsomeone\u2019s computer or mobile device is lost or stolen<\/span><\/span>\n\t<\/li>\n
- \n\t\tmalware is discovered in some devices<\/span><\/span>\n\t<\/li>\n
- \n\t\ta member of the work group leaves or dies<\/span><\/span>\n\t<\/li>\n
- \n\t\tetc.<\/span><\/span>\n\t<\/li>\n<\/ul>\n
\n\tRisks should be assessed (the probability of their occurrence and possible damage) and it should be decided which risks can be prevented, and when it is necessary to manage the consequences.<\/span><\/span>\n<\/p>\n
- \n\t\tthere are blackouts, deluges, fires<\/span><\/span>\n\t<\/li>\n
- \n\t\tIntegrity<\/strong> \u2013 data must be accurate, complete and up-to-date\n\t<\/li>\n