Data security may be needed to protect intellectual property rights, commercial interests, or to keep personal or sensitive information safe. Data security involves security of data files, computer system security and physical data security. All three need to be considered to ensure the security of your data files and to prevent unauthorised access, changes, disclosure or even destruction. Data security arrangements need to be proportionate to the nature of the data and the risks involved. Attention to security is also needed when data are to be destroyed. If data destruction is in order, you need to make sure that the destruction process is irreversible.
Learn about different measures depending on the kind of security you need.
Security of Data Files
The information in data files can be protected by:
- Controlling access to restricted materials with encryption. By coding your data, your files will become unreadable to anyone who does not have the correct encryption key. You may code an individual file, but also (part of) a hard disk or USB stick
- Procedural arrangements like imposing non-disclosure agreements for managers or users of confidential data
- Not sending personal or confidential data via email or through File Transfer Protocol (FTP), but rather by transmitting it as encrypted data e.g. FileSender or SFTP (SSH File Transfer Protocol)
- Destroying data in a consistent and reliable manner when needed
- Authorisation and authentication: for personal data you have to give very selective access rights to specified individuals.
Computer Security Systems
The computer you use to consult, process and store your data, must be secured:
- Use a firewall
- Install anti-virus software
- Install updates for your operating system and software
- Only use secured wireless networks
- Use passwords and do not share them with anyone. If necessary, secure individual files with a password.
- Encrypt your devices (laptop, smartphone, USB stick/disk).
Physical Data Security
With a number of simple measures, you can ensure the physical security of your research data:
- Lock your computer when leaving it for just a moment (Windows key + L)
- Lock your door if you are not in your room
- Keep an eye on your laptop
- Transport your USB stick or external hard disk in such a way that you cannot lose it
- Keep non-digital material which should not be seen by others in a locked cupboard or drawer.
Data That Contain Personal Information
These data should be treated with higher levels of security than data which do not. You will learn more about privacy-sensitive data later in this module.