Managing Research Data @MQ

Data capture or collection practices differ across disciplines and must be detailed in the Data Management Plan. Researchers must use platforms endorsed by the University for the collection, capture, or collation of data of sensitive or highly sensitive data.

The platforms include those listed in the following Platforms Table

Researchers document a storage and access plan for ‘active’ or ‘operational’ data (data in current use) which considers:

• sensitivity of the data,
• appropriate security measures, particularly for access to data
• data backups
• retrieval requirements
• endorsed platforms

This is to help safeguard against:

• data loss from human or system error
• malicious or accidental data breaches
• non-compliance with publisher, funder, legal, or regulatory requirements

The following section provide researchers with a list of appropriate security measures and storage options for active data according to its sensitivity classification.

Data Storage Options

The Platforms Table (MQ login required) outlines the storage options endorsed by the University. . The systems endorsed by the University have been carefully chosen and provide controlled access as well as regular snapshots to safeguard against data loss and disaster management. By choosing an endorsed platform, some of the risks associated with research data storage are managed for you by the University.

Security and Safety Controls

Security practices must be applied to all data to prevent unauthorized access. The sensitivity level of the data determines the security practices that must be applied during data management.

The following Security Table (MQ login required) outlines the recommended security measures endorsed by the University

Bespoke platforms for data collection or storage

A system or platform that has not been endorsed can be proposed if the platforms or tools endorsed by the University do not meet your specific requirements. If, however, the system will be used for sensitive data the following must apply:

• The service provider must be approved by a data steward and, if an ethics review is required, the Human Research Ethics Committee (HREC). Clearance should be requested as part a data management plan submitted along with an application or amendment to HREC.
• The product’s contract or Terms of Service must include adequate safeguards for data security and for notification of any security breaches, including a reasonable expectation that Terms of Service will not unfavourably change while the data is stored on the provider’s infrastructure. Approval may require review by MQ Legal or IT Security.
• The service provider and the researchers must ensure that:
  • Australian data residency requirements are met (for any human subject data).
  • Data resilience (backup, recovery) and retrieval requirements are met.
  • System configuration complies with Macquarie’s information-security policy.
  • System security is appropriate to the level of data sensitivity.
  • A mechanism exists for Macquarie University to retain access to the data should a researcher leave the institution, without requiring the permission of or any action by that researcher.
  • Macquarie has other administrative privileges on the platform sufficient to ensure that any other institutional duties can be performed regarding the management and governance of the data.

The researcher is responsible for providing all necessary information to assess the suitability of the proposed platform or tool. For some systems, the researcher will need to take additional steps to meet requirements, such as automatically exporting data to an endorsed system.

Data Analysis and File Formats 

The software being used for analyses and the formats you use will influence the management of these files over time and influence the future interoperability of the data.

Using non-standard or proprietary formats may limit the long-term use and preservation of the data as these formats are not widely readable by many programs.

Proprietary software is owned by a company that restricts distribution of the software and prevents examination of its source code (e.g. MS Excel and Adobe Acrobat). Open-source software, by contrast, is licensed in ways that facilitate wider distribution and allow access to the software’s source code.

This distinction extends to file types. A proprietary file format is closed; its definition may be confidential. If the company that owns the file format and the software that can read it goes out of business or changes the format, users may lose the ability to read the files, with little recourse. Open file formats have publicly available definitions. Since the definitions of these formats can be examined, anyone can write a program to open, read, or convert the files, regardless of any actions taken by the company or organisation that maintains the software.

Note that in many cases, open-source software can open proprietary file formats and vice versa (for example, LibreOffice Write, a popular open-source alternative to Microsoft Word, can read and write Word files, although complex Word files may not import or render correctly).

In many domains, a particular file format, usually an open one, has come into wide use as an archival format. Examples include PDF/A for documents, comma-separated values (CSV) for tabular data, Digital Negative (DNG) for raw images, or GeoJSON for geospatial data.

Five Safes

• Managing the Risk of Disclosure: the Five Safes Framework [ABS]

Password management

• A password management system can help e.g. LastPass can help or Contact IT for assistance with establishing strong passwords.

File Formats Guide

• This basic File Formats Guide from ANDS will help you consider how to choose which file formats to gather, transfer and store research data.