Policy to govern the management of research data

Overview

The purpose of this policy is to establish a set of principles to govern the management of data arising from the research activities of the University (“Research Data”) (Research Data are the evidence that underpins the answer to the research question, and can be used to validate findings regardless of its form (e.g. print, digital, or physical). These might be quantitative information or qualitative statements collected by researchers in the course of their work by experimentation, observation, modelling, interview or other methods, or information derived from existing evidence (definition from the Concordat on Open Research Data, July 2016).) This policy is intended to cover active Research Data sets that are of potential current or future interest or value to the field. It will not apply where there are legitimate legal, ethical and/or commercial constraints on data use.

The University recognises that there is an increased requirement from funders to manage, share and provide open access to Research Data, and acknowledges that the wider benefits of this approach can include additional public interest and funding, increased validation of results, efficiencies through data re-use and novel use of existing data.

For the purposes of research assessment, the University recognises the value and impact of research outputs such as datasets and software, and their potential use as indicators of research impact, such as influence on practice.

For clarity, this policy applies to all Research Data, regardless of whether the research is externally funded or subject to funder mandates. This policy applies to all staff that are authorized to use the University’s name and services in the course of their research, including postgraduate students and visiting, honorary and emeritus staff. NHS and clinical trial data may be subject to additional governance as specified by the Director of R&D, Tayside Medical Sciences Centre (TASC), NHS Tayside.

1. Policy Statement Principles

   1. The University advocates the highest standards in the management, re-use and open accessibility of Research Data and subscribes to the Research Councils Common Principles on Data Policy and the Concordat on Open Research Data.
   2. The University has signed the Declaration on Research Assessment and encourages the use of a range of metrics and indicators as evidence of the impact of published research outputs.
   3. The privacy, confidentiality and other legitimate interests of any participants involved in the gathering of Research Data must remain protected at all times.
   4. Where appropriate, and adhering to item 1.2, Research Data should be made openly accessible for access and re-use by others.
   5. Research Data sets that are of a sensitive nature (A research data set that is sensitive is defined as data that can be used to identify an individual, species, object, process, or location that introduces a risk of discrimination, harm, or unwanted attention. The legal definition of sensitive personal data (also referred to as special categories of data) is that which reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.) are not exempt from this policy by default, but may lie outwith this policy where restrictions on data use apply. Prior to commencing research, informed consent (including consent for data sharing) should be gathered, and plans for data anonymisation and access restriction should be made.
   6. Research that is commercially funded, including clinical research sponsored (Under the UK Policy Framework for Health and Social Care Research all health and social care research requires a Sponsor. The Sponsor is the individual, organisation or partnership that takes on overall responsibility for proportionate, effective arrangements being in place to set up, run and report a research project. Sponsors of clinical trials of investigational medicinal products have particular legal duties.) by the University of Dundee, will lie outwith this policy only if restrictions on data use apply. Where research is jointly funded by commercial and non-commercial funders, appropriate collaboration agreements must be put in place to define ownership of the Research Data and ensure compliance with the data sharing requirements of the non-commercial funder(s).
   7. The primary grant holder (Principal Investigator) is responsible for Research Data management and planning throughout their research project or programme. The most senior researcher associated with a project at the University of Dundee holds responsibility for the data stewardship for all Research Data relating to that project. In the absence of the senior researcher, responsibility for the data stewardship will transfer upward to the Dean of School.
   8. New research projects must include research data management plans that cover items such as: data capture, management, integrity, confidentiality, retention, sharing and publication. Any specific funding body, ethical, legal or School level requirements should be taken into account in the development of data management plans.
   9. Where there is a need to establish proprietary rights to protect the intellectual property of the University, Principal Investigators should discuss the intention to place Research Data in the public domain with Research & Innovation Services (RIS) before doing so. Every effort should be made to ensure that the timeframe to establish such rights is kept to a minimum.
   10. All research data gathered by students during the course of their study are the responsibility of the supervising staff member to manage in accordance with the requirements of this policy.
   11. The Library will provide support, guidance and information on appropriate research data management activities, including planning for funding applications, availability of internal and external research data repositories, licensing of datasets and allocation of persistent identifiers for datasets.

2. Storage and Accessibility

   1. All Research Data of potential current or future interest, or that which substantiates published research findings, should be assessed by the Principal Investigator for deposition in an appropriate external or University led research data repository.
   2. The associated costs of data management, analytics, archiving and sharing should be recovered from funders in the grant application, where funder’s policies permit.
   3. Data must be stored securely, with appropriate measures taken to minimize the risk of unauthorised access, loss, destruction or theft.
   4. Where personal data sets are being used in research they shall be used in a manner compliant with the applicable data protection legislation (The General Data Protection Regulation ((EU) 2016/679) and the UK Data Protection Act (2018). Further information can be obtained from the University of Dundee data protection website and the website of the Information Commissioner’s Office.), or any statutory modification or re-enactment thereof. In particular:
      • Only the absolute minimum of personal data necessary shall be processed for any project
      • The basis for lawful use of personal data shall be documented
      • Every research participant shall be given information on the project and the use of each individual participant’s information shall meet transparency requirements.
   5. A central record of known datasets deposited in public access repositories, or curated by Schools, will be maintained by the Library. Any Research Data to be deposited with external services, such as Research Council or international repositories, should therefore be made known to the Library for recording in the University’s research information system ([email protected]). The University will ensure data continues to be discoverable and compliant with funder mandates.
   6. Published research results should always include information on how to access supporting data. The Library will provide a persistent and unique identifier for datasets (DOI) where required.
   7. The University of Dundee will respect the requirements and policies of existing and future partnerships with third parties involved in the storage and safeguarding of Research Data. NHS and clinical trial data may be subject to additional governance as specified by the R&D Director, TASC, NHS Tayside (see TASC Publication Policy).
   8. The length of time data is stored for should be determined as part of the Research Data management planning for the project, and should adhere to any particular funding body’s requirements and any additional conditions or practices within the field. The Concordat on Open Data states “data underlying publications should be retained for 10 years from the date of any publication which fundamentally relies on the data, unless specified otherwise by the funder of the research.”
   9. Data are to be made openly available as soon as possible, and typically on publication of results. Embargo periods are permitted, but should adhere to any particular funding body’s requirements and any additional conditions or practices within the field. It is the responsibility of the Principal Investigator to adhere to funder requirements for data publishing and, where necessary, to negotiate an extension to restrictions on placing data in the public domain.
   10. Where data are published, the Principal Investigator is required to select an appropriate license under which their data will be made available and to ensure that the license permits sharing and re-use in accordance with their funder’s mandate and the terms and conditions of this policy. Guidance is available from University support services (see item 1.10 above). Electronic data published by the University Repository will be catalogued using structured metadata which includes details of licensing and a robust persistent digital object identifier (DOI).
   11. The University of Dundee retains the rights to re-use Research Data or make it openly available for others to re-use. Exclusive rights to re-use or publish Research Data should not therefore be granted to any third party, including commercial publishers, without prior discussion with RIS (paragraph 1.8 refers).
   12. The University of Dundee retains the intellectual property rights of the Research Data. Principal Investigators are entitled to be the first publishers of the data they have generated and have the right to be identified and credited as the creator. Original copies of data must be retained. Duplicate copies of data may be taken with permission of the PI or Dean where the re-use of the data are acceptable, as defined by this policy.
   13. All clinical trials sponsored by the University of Dundee must be registered on an appropriate publicly accessible research register within 6 weeks of first participant recruitment in the UK. Summary results data from clinical trials must be made publicly accessible in an appropriate format within 12 months from trial completion (for further details see the TASC Publication Policy).

3. Further assistance with application of the policy

   Guidance on the central record of Research Data sets, open access, appropriate internal and external research data repositories, and research data management planning is available from the University Librarian and Director, Library Academic and Cultural Services ([email protected]). Guidance on IPR and collaboration agreements is available from RIS ([email protected]). Guidance on clinical or health data is available from TASC ([email protected]) and HIC ([email protected]).

   If there is uncertainty around the applicability or interpretation of this policy, the matter must be referred to the Convener of the University’s Research Governance & Policy Sub-Committee (contact the University Librarian and Director, Library Academic and Cultural Services, in the first instance: [email protected]). Also see Appendix one, Formal Policy Guidance Notes for the Management of Research Data and Appendix two, Formal Policy Guidance Notes for the Management of Undergraduate Research Data that follow this document.

Appendix 1: Formal Policy Guidance Notes for the Management of Research Data

1. Scope

This document clarifies policy requirements outlined in the University of Dundee Policy to Govern the Management of Research Data (hereafter PGMRD). It is a set of procedures for the practical management of research data.

2. Responsibilities

The Principal Investigator (PI) has responsibility to budget for the costs associated with the storage, maintenance and preservation of research data and to maintain a record of activity in the Data Management Plan (PGMRD 1.7 and 2.2); in addition to create a record in the data catalogue housed in the Institutional Repository, Discovery (PGMRD 2.5). The Library provides support for data management planning activities.

The PI has overall responsibility for the appraisal and archiving of data following the completion of a project – or at an appropriate stage of an ongoing long term project. (PGMRD 2.1). The appraisal process should be rigorous, accountable and transparent with decisions recorded in the Data Management Plan. In addition the data catalogue record in Discovery should document the anticipated date of destruction for the data where appropriate.

3. Storage

During the life of a research project, research records should be stored and indexed so that they can be identified and retrieved quickly and easily in line with good research practice. The PI can select storage from one of the following approved University storage facilities.

Approved University storage facilities

4. Procedures

   1. File Naming

      Electronic records should be organised for optimised accessibility and record keeping. Files should contain the following descriptive metadata within the filename:

      ResearcherSurname_Initial Project (name or grant number) Instrument Location Date Time Version

      At a minimum, the file name should observe the following format, using fields as appropriate; ResearcherSurname_Initial_project_instrument_location_date_time_version.ext (Avoid using special characters, underscores replaces spaces or full stops, naming should be descriptive and brief, dates expressed as YYYYMMDD the PI.(PGMRD 2.12)) 

   2. Backing up data

      Electronic data held on laptops, PCs, instruments and within electronic lab books should be backed up onto approved University storage daily to prevent loss of records through accidental or intentional damage or destruction (PGMRD 2.3). The file naming convention described previously must be applied to all files.

      For all confidential research data hosted outside University networks – on University licensed systems such as Microsoft Stream, OneDrive, SharePoint - electronic records should be protected with passwords and encrypted as outlined in UoD IT security and storage guidance. Further information is available at UoDIT guides.

   3. Archiving data

      The requirement to archive data is triggered when research records become (relatively) inactive after the completion of a project, or phase of a project, or when a PI or PhD student leaves the University. At this stage the PI should arrange transfer to approved University storage facilities for longer term storage. It is essential that data are well described in order that they are easily identifiable and retrievable (PGMRD 2.1, 2.3). Data should be converted to open file formats where possible.

      1. Appraisal of data

         Data must be appraised in accordance with the Data Management Plan. The PI determines what data is to be retained and where it is to be stored – either publicly in an external subject specific repository or the University institutional repository, Discovery or internally on University approved storage. All files must be named according to the conventions described in section 4.1 of this document and a descriptive title for the dataset created.

         Research data should be preserved for as long as it is of continuing value to the researcher, the wider research team/community and in line with known legal and regulatory obligations. As stated in the PGMRD 2.7, research sponsors may specify requirements for retention of specific categories of records.

         For an overview of funders policies see Digital Curation Centre (DCC) website. Clarification of funder policy and support with compliance is provided by Library Research Services, contact [email protected].

         The University of Dundee retention policy for research data is outlined in the Policy to Govern the Management of Research Data. Staff/students are permitted to take a copy of their research data where data are not sensitive and where permission has been obtained from the PI. (PGMRD 2.12).(This definition of sensitive includes ongoing research and research that has commercial and/or personal sensitivity.)

          

      2. Data that is to be destroyed

         Research data should be destroyed when judged to be of no further value or when retention periods described in the Data Management Plan expire. Destruction should be authorised by staff with appropriate authority, such as the PI or their designated administrator and should be carried out in accordance with the University’s Guidance on the proper disposal of information.

         PIs who are leaving the institution and are transferring an ongoing project must notify the Library and provide authorisation for destruction of the data at Dundee following completion of the transfer.

      3. Data catalogue – creating a record

         At the point of archiving a record must be created in Discovery (instructions on creating a data record in Discovery) and the data given a descriptive title (PGRMD 2.5). Persistent identifiers (e.g. a digital object identifier - DOI) assigned to published data should be recorded in the data catalogue entry in Discovery. This record can either be made visible in the Discovery portal or set to confidential.

         Data made publicly available from Discovery or the Image Data Repository, Omero, will have been assigned a DOI by the University. If a DOI is required contact [email protected].

         The minimum metadata collected in the Discovery data catalogue record are Title, Creator, Publisher, Year, Resource Type and Rights (i.e. licencing restrictions on data reuse). Additional recommended elements include ORCiD, Description, Time period, Geo location, Associated publications, Associated datasets.

         For a DOI to be minted the minimum metadata required are Title, Creator, Publisher, Year, DOI and Resource type (e. g. image data) – additional metadata such as File type and size, Subject, Version, Rights, ORCiD, PMID, Funder, Associated publications, can also be captured. Further detail and guidance on the metadata that can be captured when registering a DOI can be found on DataCite Metadata Schema website.

5. Definitions

   • Research data are the evidence that underpins the answer to the research question, and can be used to validate findings regardless of its form (e.g. print, digital, or physical). These might be quantitative information or qualitative statements collected by researchers in the course of their work by experimentation, observation, modelling, interview or other methods, or information derived from existing evidence. As defined by RCUK Concordat on Open Research Data.
   • Research and experimental development (R&D) comprise creative work undertaken on a systematic basis in order to increase the stock of knowledge, including knowledge of man, culture and society, and the use of this stock of knowledge to devise new applications. As defined in The Frascati Manual definition of research.

6. Useful contacts

   Further guidance on data destruction methods can be obtained from the University Records Management webpages.

   Guidance on the central record of Research Data sets, creation of DOIs, open access, appropriate internal and external research data repositories, and research data management planning is available from the Library Open Research and Publishing Team ([email protected]).

   Hannah Whaley, University Librarian and Director, Library Academic and Cultural Services, extension 84277

7. Change control

Appendix 2: Formal Policy Guidance Notes for the Management of Undergraduate Research Data

1. Scope

This document clarifies policy requirements outlined in the University of Dundee Policy to Govern the Management of Research Data (hereafter PGMRD). It is a set of procedures for the practical management of undergraduate research data.

2. Responsibilities

   1. In accordance with the PGMRD (1.9) the supervising staff member is responsible for student research data, this includes responsibility for the integrity and security of all research data produced during a research project by students.
   2. Where the supervisor delegates administrative activity for managing research data to other members of academic or administrative staff, s/he should define and document these arrangements within the School.
   3. During a research project, research data should be stored and indexed so that they can be identified and retrieved quickly and easily by supervisory (and if necessary) technical and administrative staff – this is for the purposes of research integrity, access continuity, to reduce the risk of data loss and to ensure the security of confidential data.
   4. Schools should maintain a record of:
      • the file name, format and location of research data;
      • research data which have been transferred to another organisation (e.g. deposited in a third-party data archive);
      • research data which have been published by the University for reuse by third parties; (See PGMRD 2.5 for guidance)
      • the destruction of research data, including the authority for destruction and the date of destruction.

3. Storage

Research data should be stored on approved University storage facilities.

Approved University storage facilities

4. Procedures

   1. Storage of Sensitive or Confidential data

For all confidential research data hosted outside University networks – on University licensed systems such as Microsoft Stream, OneDrive, SharePoint - electronic records should be protected with passwords and encrypted as outlined in UoD IT security and storage guidance. Further information is available at UoDIT guides.

If students use a personal laptop or home PC to access University data, they are required to either encrypt their device, or ensure they do not hold data that is private or confidential on it. Access to research data should be controlled to prevent unauthorised use, removal or destruction of the data themselves and unauthorised disclosure of information they contain.

Research data containing personal data must be handled with particular care to ensure compliance with the provisions of the applicable data protection legislation, UK Data Protection Act (2018) or any statutory modification or re-enactment thereof and The General Data Protection Regulation ((EU) 2016/679).

5. Procedures

   1. File Naming

      Research data should be organised for optimised accessibility and record keeping. Files should contain the following descriptive metadata within the filename:

      SupervisorSurname_Initial ResearcherSurname_Initial Project (name or grant number) Instrument Location Date Time Version

      At a minimum the file name should observe the following format, using fields as appropriate;

      SupervisorSurname_Initial_ResearcherSurname_Initial_project_instrument_location_date_time_version.ext (Avoid using special characters, underscores replaces spaces or full stops, naming should be descriptive and brief, dates expressed as YYYYMMDD.)

   2. Backing up data

      Research data held on laptops, PCs, instruments and within electronic lab books should be backed up onto approved University storage daily – or as soon as the student is able - to prevent loss of data through accidental or intentional damage or destruction (PGMRD 2.3). The file naming convention described previously must be applied to all research data files.

   3. Completion of studies

      1. Appraisal of data

         When the student completes their undergraduate studies research data must be appraised in accordance with the Data Management Plan and retained for a period of 12 months on University approved storage.

      2. Maintaining Access

         The supervisor must ensure that editor access to data has been transferred to the School. Research data will be retained on approved University storage facilities for a period of 12 months. Data should be converted to open file formats where possible and practical.

      3. Retention of data

         The University of Dundee retention policy for research data is outlined in the Policy to Govern the Management of Research Data. Students are permitted to take a copy of their research data where data are not sensitive and where permission has been obtained from the supervisor. (PGMRD 2.12). (This definition of sensitive includes ongoing research and research that has commercial and/or personal sensitivity.)

      4. Reuse of data

         It may be useful to keep research data beyond a year – where they are of continuing value to the supervisor. If a supervisor decides to retain the data beyond a year then it is considered Research Data (rather than student data) and is governed as such by PGMRD and the Formal Policy Guidance Notes for the Management of Research Data.

      5. Publication and sharing

         Where undergraduate research substantiates published research findings or is associated with an external grant, supervisors should be aware of the research funder’s requirements for publication of specific categories of data. (PGMRD 2.1 and 2.8). As stated in the PGMRD 2.7 and 2.8 research sponsors may specify requirements for retention of specific categories of data. Research data which have been published by the University for reuse by third parties should be made known to the Library and recorded in Pure; (See PGMRD 2.5 for guidance).

         For an overview of funders policies see the Digital Curation Centre website.

         Clarification of funder policy and support with compliance is provided by Library Open Research and Publishing, contact [email protected].

   4. Data that is to be destroyed

      When judged to be of no further value or when the 12 month retention period described expires research data should be destroyed. Destruction should be authorised by staff with appropriate authority, such as the supervisor or their designated administrator and should be carried out in accordance with the University’s Guidance on the proper disposal of information.

      Supervisors who are leaving the institution and are transferring an ongoing project must notify the School and provide authorisation for destruction of undergraduate student research data at Dundee following completion of the transfer.

6. Useful Contacts

   Further guidance on data destruction methods can be obtained from the University Records Management webpages.

   Guidance on the central record of Research Data sets, creation of DOIs, open access, appropriate internal and external research data repositories, and research data management planning is available from the Research Services Team, Library Open Research and Publishing Team ([email protected]).

   • Hannah Whaley, University Librarian and Director, Library Academic and Cultural Services, extension 84277

7. Change control