Safety Loss or unauthorised use of your data is minimised and you can securely share data with others.
Organisation Clear file structures and metadata standards provide a better overview and searchability of your data, in particular when working in a team.
Impact Publication, reuse and citation of your data contribute to the impact and verifiability of your research.
Storage & Security instructions for research data
According to the Humanities Research Data Management Protocol (see: FGw RDM Protocol), researchers are responsible to comply with the statutory requirements when storing and sharing research data. The following provides information on UvA storage facilities and security measures to protect research data.
-
Cloud storage for research data
The UvA provides access via the UvA account to the personal and group storage options listed here.
For who?
Individuals
Groups
Individuals
Research groups
Size
1TB
unlimited
500GB
on demand
Company
Microsoft (MS)
Microsoft (MS)
SURF
SURF
Server location
Europe
Europe
Netherlands
Netherlands
* Request via ICT Servicedesk. More info about Research Drive: UvA and SURF.
Further information on UvA storage facilities
For secure sending and receiving of files use SURFfilesender (also with externals).
Advantages of UvA cloud storage
-
Data cannot be lost due to hardware damage / loss / theft
-
Data can be accessed from any computer worldwide via web browser (with UvA account and two-factor authentication)
-
Can be synchronised with one or more local devices
-
Multiple sharing options with users within or outside of the UvA
-
Version history which allows to restore previous versions of a file
-
Recycle bin which stores deleted files up to a certain amount of days
Third-party cloud services & external storage devices
You are not advised to store research data on third-party cloud services, such as Dropbox or GoogleDrive. The reason is that there will be no control over who can access the data. For personal data, you cannot ensure that they are handled according to the privacy law.
It’s not recommended to store data (only) on internal or external hard drives, nor on USB devices, because they can get easily lost, stolen or damaged.
-
-
Security measures
General
-
Never leave your device unattended.
-
Lock your device (Windows key + L), even when leaving for a brief period of time.
-
Outside the UvA use UvAVPN. Click here for more information.
-
As soon as you notice any UvA (storage) device is stolen or missing, immediately contact the IT department at servicedesk-ict@uva.nl or cert@uva.nl outside of office hours.
-
More information about general security measures can be found here.
UvA-managed devices
If you are using an UvA-managed computer or laptop, basic security measures are already in place.
Self-managed devices
Self-managed devices refer here to private devices which are used for research data and also devices purchased, but not managed, by the UvA, such as Mac or Linux devices for example.
- Encrypt your computer’s internal hard disk
Windows: Bitlocker (for staff members: upgrade to Windows 10 Education)
Mac: Filevault - Make sure your computer is set up with basic security: anti-malware software, a firewall, and the most recent software updates.
- Use a unique and strong password
Minimum 12 characters with 1 digit, 1 upper case letter, 1 lower case letter, and 1 special character. Click here for the complete password requirements. - Information on protecting smartphones and tablets can be found here.
Extra measures for personal data
- Use extra encryption, such as VeraCrypt.
- Pseudonymise personal data as soon as possible. Store the pseudonymisation key securely and at a location different from the personal data. Ensure that only the principal investigator has access to the key.
- With commissioning parties, only share anonymised data. If this proves impossible, sign a data processing agreement with the third party. Contact your faculties’ privacy officer to assistance.
- A data protection impact assessment (DPIA) may be necessary. The DPIA tool is used to identify privacy risks for data subjects in advance and to take mitigating measures to reduce these risks. The UvA is not required to carry out a DPIA for all processing activities. However, a DPIA is compulsory if it is likely that a processing activity will expose data subjects to a significant privacy risk – for example, if special personal data are being processed on a large scale. Contact your faculties’ privacy officer to assistance.
- Apply for Ethics Review. More information about the Humanities Ethics Committee and their procedure: https://aihr.uva.nl/about-aihr/ethics-committee/ethics-committee.html
-
-
Support
Faculty Security Officer
Silvain Smit s.k.p.smit@uva.nl
Faculty Privacy Officer
Kasper de Bruijn privacy-fgw@uva.nl
Faculty Data Steward
Hanna Fricke datasteward-fgw@uva.nl
Secretary of the Ethics Committee
Gea Lindeboom commissie-ethiek-fgw@uva.nl