Research Data Management: Implementing: Storing and Securing Your Data

These services are aimed at University of Washington affiliates looking for data storage options. Services that are HIPAA-aligned or FERPA-aligned offer the tools for secure transmission and storage, but each user must still ensure that their data is maintained in compliance with any security requirements. The comparison chart assumes UW affiliation. If you are interested in long-term archiving, please contact Scholarly Communications and Publishing for guidance. For even more UW storage options, visit UW IT's Online storage page.

Service	Storage Capacity	Pricing	FERPA Aligned	HIPAA Aligned	PID1 Capable	Access Restrictions
ResearchWorks Archive	Unlimited2	Free3	-	-		Open web access, but with a temporary embargo option.
RedCap	Unlimited4	Free			-	Accounts can be shared with UW affiliates.
Google Drive	Unlimited	Free		-	-	Capable of open or restricted web access.
UW OneDrive for Business	1TB total 2GB per file	Free			-	Sharing limited to UW affiliates.
U Drive	30GB	Free	-	-	-	Not shareable.
lolo Archive	Unlimited	Paid			-	Sharing limited to researchers at UW and UW affiliates.
Shared File Service	Intended for small storage needs	Paid		-	-	Limited to UW affiliates.
Cloud Services (e.g. AWS, Azure, Google)	Unlimited	Paid			-	Publicly available, accounts can be shared outside UW system.
Open Science Framework (OSF)	Unlimited	Free	-	-		Capable of open or restricted web access.

<sup>1. System can assign materials a persistent identifier (PID) such as a Digital Object Identifier (DOI) or Handle.↩
2. Requires administrative assistance for files over 10GB.↩
3. May require a negotiated charge for very large datasets.↩
4. Limited to 100MB per file upload (unlimited total file storage).↩</sup>

Keeping research data secure is crucial to protect sensitive information and comply with ethical guidelines and legal regulations. The following strategies provide a guide to keeping your data secure:

• Maintain secure storage: Keep both physical and cloud-based data storage secure by using strong passwords and encryption, robust security features, and ensuring that physical locations where data is stored are secure. See UW-IT's guide to security basics, protecting your password, and encrypting your computer and devices.
• Access Control: Implement role-based access controls, ensuring that only authorized personnel have access to specific data. Ensure each user has a unique account and password to track access and require multi-factor authentication for accessing sensitive data.
• Data Anonymization: If possible, anonymize data to protect participants' identities and minimize risks in case of a data breach.
• Comply with Data Protection Regulations: Ensure compliance with data protection regulations such as HIPAA or FERPA, depending on the type of research. REDCap is a HIPAA compliant webtool used in academic and clinical research to collect and organize data securely.
• Training All Collaborators: Train all team members on security best practices, including secure password practices and data handling protocols. The Office of the Chief Information Security Officer has a number of training videos that are aimed at community members working with institutional data, but are extremely relevant to those of us working with research data as well.

It is extremely important to plan ahead to prevent data loss in the event of a disaster or unforeseen occurrence. The following strategies provide a guide on how to safeguard your research data:

• Backup your data: Set up automated backups on a regular schedule (daily, weekly, or bi-weekly depending on the importance and frequency of data changes). Back up your data using the 3-2-1 method - keep THREE copies of your data (1 original, 2  backups), TWO different types of media (e.g. internal hard drive, external hard drives, removable USB, cloud storage, etc.), and keep ONE copy in an off-site location (e.g. storing an external hard drive in a separate physical location)
• Use a reliable version control system: Implement a version control system like Git to track changes in your data or code. This is particularly useful for collaborative research projects.
• Train all collaborators on data protection best practices: Train all team members on data protection best practices, including proper handling, storage, and security measures.
• Develop a data management plan: Create a data management plan (DMP) that outlines how data is collected, stored, and archived. Include details on data ownership, access, backup schedules, and data retention policies. Read more about writing DMPs in our guide to writing a Data Management Plan. DMPTool is an online tool that helps researchers write their plans. See our guide to using DMPTool for more information.