Policies and documents
Research Data Management Policy
1. Positioning statement
York St John University (YSJU) supports the principle of Open Access (OA) for both research data and outputs, recognising the benefits to the public and wider academic community.
The University requires all staff to deposit all research data that supports an output into the University data archive unless specified otherwise in their Data Management Plan (DMP). It is recognised that some data may be subject to restriction for legal, ethical or commercial reasons.
This policy applies to all research conducted at YSJU, this includes research (including consultancy and expert services) by all staff and students and those conducting research on behalf of the University, including Honorary staff, Visiting Fellows, Cultural Fellows and Professors and Emeritus Professors. It identifies roles and responsibilities to ensure that research data will be stored, retained, discoverable and accessible; and disposed of securely in accordance with all legal, statutory, ethical, contractual and funding requirements. The policy aims to ensure that University research meets the ‘Concordat on Open Research’. As such it will meet the expectations on research data management of organisations such EPSRC. The policy also integrates information from the former ADD03 Policy on Safeguarding Research Data to produce a single policy on research data.
3. Principles of safeguarding data
- Protecting the privacy and confidentiality of personal, confidential and sensitive data collected in the course of research. The University’s Data Controller is the Registrar. Where an individual feels that the rules of data protection have been compromised they should contact the Data Controller.
- Ensuring the ethical conduct of research and data collection using YSJU’s research ethics guidelines and process for research ethics approval.
- Maintaining the data security of research data. The University of Edinburgh defines data security for research data as ‘the means of ensuring that data are kept safe from corruption and that access is suitably controlled.’ Here at YSJU data security is important to prevent:
- Accidental or malicious damage/modification to data
- Theft of data
- Breaches of confidentiality
4. Roles and responsibilities
All researchers have a responsibility to:
- Take responsible ownership of all research data that they generate.
- Follow legal, regulatory and compliance needs.
- Ensure the maximum possible security and confidentiality of research data and that personal, confidential or sensitive data is not disclosed to unauthorised recipients.
- Ensure the integrity of research data.
- Ensure the appropriate availability of data.
Specific roles and responsibilities include:
- Head of School is responsible for the promotion and implementation of this policy
- Researcher is any member of the staff or student body undertaking research or involved in the collection, generation or analysis of research data and has personal responsibility for that data.
- Research and Undergraduate Degree Supervisors are responsible for making their students aware of any relevant research ethics and integrity requirements and informing them of ethical procedures and ethical review, and making them aware of YSJU’s policy on safeguarding research data, including storage, backup and encryption.
- Principle Investigator (PI) ‘takes responsibility for the intellectual leadership of the research project, for the overall management of the research and for the management and development of researchers.’
- Research Manager is ‘responsible for managing and supporting researchers, including: Supervisors, Principal and Co-investigators, Research Team Leaders, Directors of Research and Heads of Schools or Departments.’
- Repository Librarian is responsible for supporting the University research community in depositing data and outputs into the University repository/archiving system and advising on Metadata.
- Deputy Vice Chancellor has to give permission for a final data set to be stored in a national or international repository
5. Ownership and intellectual property rights
The ownership of research data generated by researchers will be subject to the University’s Intellectual Property Policy, unless the terms of research grants or contracts determine otherwise.
6. Managing and safeguarding research data
Research data should be managed to the agreed standards throughout the research data lifecycle as part of the University’s commitment to Research Excellence and in compliance with funder requirements. Data standards should be applied to internally and externally funded research. The PI, Research Degree Supervisor or Lead Researcher is responsible for the creation of a Data Management Plan (DMP) using the tools provided by the University. All research proposals should include a DMP that explicitly addresses data capture, management, integrity, confidentiality, security, retention, sharing and publication.
From the beginning of the research project there is a requirement for whoever is leading the research project to ensure that all researchers involved in the project know about the DMP and are responsible for monitoring its implementation.
It is University policy that research data will be safeguarded by all researchers, by being:
- Collected fairly and lawfully, and stored/transferred in accordance with the Data Protection Act; held securely, be accurate and only held for as long as necessary.
- Processed within the research participant’s rights, under the terms it was collected and be relevant, adequate and not excessive.
- Stored securely in a format appropriate for the type of research data in question.
- Make use of university-provided storage that is within any legal jurisdiction specified in the research proposal or grant awarding boarding regulations, for example stored within the European Union.
- Limited to access by only those that are authorised as part of the research project.
- Where possible, all electronically stored data on the University network relating to research participants, should be anonymised or pseudonymised in respect of personal details or identifiers. Where portable electronic storage devices or laptops are being used (e.g. external hard disks or USB devices) the expectation for anonymised or pseudonymised data still applies.
- Encrypted during transmission, for example if stored on a USB stick, laptop, or sent over the internet.
All published outputs resulting from the research should include a reference to where the supporting data can be accessed (See point 7).
7. Storage and management of the final research data set
The data that is stored and made publically available is data that supports a research output and is likely to be a subset of the research data. Once complete, the final dataset must be ‘cleaned’ to ensure it complies with the University Data Protection Policy and then deposited in the University Research Data Repository.
If the final data set is to be stored in a national or international repository it must only do so if conditions for access have been considered and agreed by the Deputy Vice Chancellor (DVC); even if the data set is stored elsewhere (with permission of the DVC), entry must be made into the University Data Repository.
When depositing research data into external data repositories, the data repositories should support ORCID (see Appendix 1)
Exclusive rights to reuse or publish research data should not be handed over to commercial publishers or agents without retaining the rights to make the data openly available for reuse, unless this is a condition of funding.
A statement should be provided in any research output describing how and on what terms any supporting research data may be accessed. Supporting data should be accessible online no later than the first online publication of the research output.
Research data that is deposited digitally should follow university guidelines for:
- Secure storage in a durable format appropriate for the type of research data in question.
- Metadata and/or other documentation that is adequate to enable discovery.
The University expects that the majority of research data will be digitised, however in instances where analogue research data is unsuitable for digitisation, it should be:
- Stored securely
- Labelled, indexed or categorised appropriately.
- Described in an entry in the University Data Repository.
Unless otherwise required all research data sets should be held for a minimum period of 10 years from the later date of either the last access, or of the last publication based wholly or in part on the data set.
Research data sets shall be retained for longer where:
- An increased retention period is required to meet the University's statutory obligations, contractual obligations or the guidelines of the body funding the relevant research project.
- The results of the research have resulted in a patent application.
- The results of the research become contentious or subject to challenge during the currently agreed retention period, in which case, the data set should be retained pending review and not destroyed or otherwise disposed of until the matter is fully resolved.
- The research has a public interest or longer-term value.
At the time of scheduled review, each research data set should be considered for retention, disposal/destruction, or potential relaxation of access limitations. Where the recommendation is other than for disposal/destruction a new review date should be scheduled.
Research Data must be destroyed in a safe and secure manner, as outlined in the original DMP and entered as destroyed in the research data record in the University Data Repository, along with the reason for deletion.
Unless otherwise stated as in point 7, data should be stored in an area provided by the University. This ensures that data is safe and backed up.
If data is being stored on a USB stick or a personal laptop they should be encrypted and backed up to an area provided by the University. The University can supply encrypted USB sticks and also provide advice on encryption software.
8.1 Security sensitive research
Security sensitive research such as that associated with, for example, terror related materials, Ministry of Defence commissioned work, animal rights extremism, or IT encryption design. Staff or students who are dealing with security sensitive research must declare this research as it reduces misidentification of terrorism or other criminal activity. The Cross School Research Ethic Committees will provide guidance on what is considered security sensitive.
Security sensitive research should not be kept on personal computers but on the specially designated secure server which is supervised by the University Research Development Manager. Material held on this server should not be disseminated or exchanged with other people.
9. Funded publications
- If the research is funded by the AHRC, BBSRC, EPSRC, ESRC, MRC, NERC or STFC, it must comply with the RCUK open access policy.
- If the research is funded by the Wellcome Trust, it must comply with the open access requirements of Wellcome Trust policy.
- Where grant funding is used the author must acknowledge that source.
- Where grant funding is provided the researcher must comply with the publishing requirements of the funder.
10. Personal responsibility
Failure to adhere to this policy may result in an employee’s or student’s behaviour being investigated under the relevant University Disciplinary Procedure. The University will also investigate any allegations that any person conducting research on behalf of, or within the, University has not adhered to the guidelines within this policy.
 RCUK (2015) Guidance on best practice in the management of research data [Internet]. Available from http://www.rcuk.ac.uk/documents/documents/rcukcommonprinciplesondatapolicy-pdf/ [Accessed 15 November 2016]
RCUK (2015) Draft concordat on open research data [Internet]. Available from http://www.rcuk.ac.uk/research/opendata/ [Accessed 15 November 2016]
 EPSRC (2014) EPSRC policy framework on research data: expectations [Internet]. Available from https://www.epsrc.ac.uk/about/standards/researchdata/expectations/ [Accessed 15 November 2016]
 Edinburgh University (2011) Edinburgh University Data Library Research Data Management Handbook v.1.0 [Internet] Available from http://www.docs.is.ed.ac.uk/docs/data-library/EUDL_RDM_Handbook.pdf [Accessed 11 November 2016].
 RCUK (2010) Concordat for Engaging the Public with Research [Internet]. Available from http://www.rcuk.ac.uk/documents/scisoc/concordatforengagingthepublicwithresearch-pdf/ [Accessed 15 November 2016]
 Ibid. p 5.
 As outlined in the Data Protection, Data Storage and University Ethics policies
 Universities UK (2012) Oversight of security-sensitive research materials in UK Universities: guidance [Internet]. Available from http://www.universitiesuk.ac.uk/policy-and-analysis/reports/Documents/2012/oversight-of-security-sensitive-research-material.pdf [Accessed 15 November 2016].