Research Data Management Policy

Positioning Statement

York St John University (YSJU) supports the principle of Open Access (OA) for both research data and research outputs, recognising the benefits to the public and wider academic community. This policy aims to ensure that YSJU research data applies the principles set out in the Concordat on Open Research Data, the UKRI Common Principles on Data Policy and, where possible, the FAIR data principles.

YSJU requires all researchers to deposit research data that supports research outputs into the University data repository, RaYDaR, unless specified otherwise in their data management plan (DMP). It is recognised that some data may be subject to restriction for legal, ethical or commercial reasons.

Scope

This policy applies to all research conducted at YSJU by staff and students. This policy also applies to anyone conducting research on behalf of YSJU, including honorary staff, contractors, volunteers, Visiting Fellows, Cultural Fellows, Professors and Emeritus Professors.

This policy only applies to undergraduate and taught postgraduate students whose research data is included in published research outputs, although YSJU expect all students to uphold the principles of research data management.

This policy identifies roles and responsibilities to ensure that research data will be stored, retained, discoverable, accessible and disposed of securely in accordance with all legal, statutory, ethical, contractual and funding requirements.

Roles and Responsibilities

All researchers have a responsibility to:

• Take responsible ownership of all research data that they generate.
• Follow legal, regulatory, funding and compliance needs.
• Ensure the maximum possible security and confidentiality of research data and that personal, confidential or sensitive data is not disclosed to unauthorised recipients.
• Ensure the integrity of research data.
• Ensure the appropriate availability of data.

Specific roles and responsibilities include:

• Heads of School and School Research Leads are responsible for the promotion and implementation of this policy.
• Researcher is any member of staff or student undertaking research or involved in the collection, generation or analysis of research data and has personal responsibility for that data.
• Research and Undergraduate Degree Supervisors are responsible for making their students aware of any relevant research ethics and integrity requirements and informing them of ethical procedures and ethical review and making them aware of YSJU’s policy on research data, including storage, backup and encryption.
• Principle Investigator (PI) ‘takes responsibility for the intellectual leadership of the research project, for the overall management of the research and for the management and development of researchers.’
• Repository Librarian is responsible for supporting the University research community in depositing data and outputs into the University repository RaYDaR and advising on Metadata.
• University Secretary is YSJU’s Data Protection Officer and is responsible for ensuring YSJU complies with data protection laws.

Ownership and Intellectual Property rights

The ownership of research data generated by researchers will be subject to the University’s Intellectual Property Policy, unless the terms of research grants or contracts determine otherwise.

Managing and safeguarding research data

Research data should be managed throughout the research data lifecycle as part of YSJU’s commitment to research excellence and in compliance with funder requirements. The PI, Research Degree Supervisor or Lead Researcher is responsible for the creation of a DMP. All research proposals should include a DMP that addresses data capture, management, integrity, confidentiality, security, retention, sharing and publication. All researchers involved in the project should know about the DMP and are responsible for monitoring its implementation.

It is University policy that research data will be safeguarded by all researchers, by being:

• Collected fairly and lawfully and stored/transferred in accordance with the Data Protection Act; held securely, be accurate and only held for as long as necessary.
• Processed within the research participant’s rights, under the terms it was collected and be relevant, adequate and not excessive.
• Stored securely in a format appropriate for the type of research data in question.
• Make use of university-provided storage that is within any legal jurisdiction specified in the research proposal or grant awarding boarding regulations, for example stored within the European Union.
• Limited to access by only those that are authorised as part of the research project.
• Where possible, all electronically stored data on YSJU’s network relating to research participants, should be anonymised or pseudonymised in respect of personal details or identifiers.
• Where portable electronic storage devices or laptops are being used (for example, external hard disks or USB devices), the device should be encrypted and the expectation for anonymised or pseudonymised data still applies. The data should be backed up to an area provided by YSJU.
• Encrypted during transmission, for example if stored on a USB stick, laptop, or sent over the internet.

If researchers are dealing with security sensitive research, for example, terror related materials, Ministry of Defence commissioned work, animal rights extremism, or IT encryption design; they must declare this research. The University Ethics Committee will provide guidance on what is considered security sensitive and how the data should be stored.

All published outputs resulting from the research data should include a reference to where the data can be accessed.

Storage and management of the final research data set

The data that is stored and made publicly available is data that supports a research output and is likely to be a subset of the research data. Once complete, the final dataset must be ‘cleaned’ to ensure it complies with YSJU’s Data Protection Policy and then deposited in YSJU’s Research Data Repository, RaYDaR.

If the final data set is to be stored in a national or international repository it must only do so if conditions for access have been considered and agreed by the Pro Vice Chancellor (Research & Knowledge Transfer) (PVC). Even if the data set is stored elsewhere (with permission of the PVC), entry must be made into the University Data Repository.

When depositing research data into external data repositories, the data repositories should support ORCID.

A statement should be provided in any research output describing how and on what terms any supporting research data may be accessed. Supporting data should be accessible online no later than the first online publication of the research output.

Research data that is deposited should follow YSJU guidelines for:

• Secure storage in a durable format appropriate for the type of research data in question.
• Metadata and/or other documentation that is adequate to enable discovery.

YSJU expects that the majority of research data will be digitised, however in instances where analogue research data is unsuitable for digitisation, it should be:

• Stored securely
• Labelled, indexed or categorised appropriately.
• Described in an entry in YSJU’s Data Repository, RaYDaR.

Unless otherwise required all research data sets should be held for a minimum period of 10 years from the later date of either the last access, or of the last publication based wholly or in part on the data set.

Research data sets shall be retained for longer where:

• An increased retention period is required to meet the YSJU's statutory obligations, contractual obligations or the guidelines of the body funding the relevant research project.
• The results of the research have resulted in a patent application.
• The results of the research have become contentious or subject to challenge during the currently agreed retention period, in which case, the data set should be retained pending review and not destroyed or otherwise disposed of until the matter is fully resolved.
• The research has a public interest or longer-term value.

At the time of scheduled review, each research data set should be considered for retention, disposal/destruction, or potential relaxation of access limitations. Where the recommendation is other than for disposal/destruction a new review date should be scheduled. Research Data must be destroyed in a safe and secure manner, as outlined in the original DMP and entered as destroyed in the research data record in the University Data Repository, along with the reason for deletion.

Personal responsibility

Failure to adhere to this policy may result in an employee’s or student’s behaviour being investigated under the relevant University Disciplinary Procedure. The University will also investigate any allegations that any person conducting research on behalf of, or within the, University has not adhered to the guidelines within this policy.