Research Data Management: During

Create documentation on your data as you collect it, including information on what the data is, how it was created, who created it, what equipment was used, what software was used and when it was created. Once your data collection is complete, your data will often undergo further processing and analysis. This also needs to be documented, along with any acronyms or jargon used. Beyond this, any other notes that will help others to interpret the data should be included.

Develop a system for file naming that works for your project and is meaningful to others, use it consistently and make sure it is part of a well-organised structure. It is best to develop procedures for data files before you start gathering data to ensure consistency across your research data.

Ideally all data items related to a project should be grouped and deposited with a summary of contents and relationships. You may even want to consider using a database or spreadsheet to track data.

Using version control maintains current and historical versions of work and ensures that the relationships between items is recorded. Simple version control on documents can be managed through file naming.

Version control for coding involves using a software tool which helps to track and manage changes to a software project's code, files and other artefacts. It can prevent conflicts by allowing multiple developers to work on a project simultaneously.

Useful information: UK Data Service's Versioning page and GitLab Documentation

The metadata describing your data supports findability, citation and reuse. Depositing your metadata with your data enables others to discover and understand your data. It provides important context for the interpretation of your data and makes it easier for machines to conduct automated analysis. Creating metadata is good research practice and enables you to keep track of your own work.

Simple metadata can be managed through descriptive filenames and document tags in software like Word or Excel. At the file level, metadata should allow for replication, while project-level metadata links related files for comprehensive understanding. A general overview is available from the Archaeology Data Service

Follow standard metadata schemes, general ones such as Dublin Core, or discipline specific. The Digital Curation Centre has an excellent Disciplinary Metadata Directory, see also the Metadata Standards Catalog and a portal of data standards at FAIRsharing.org.

The majority of data will be stored at the University during your project. While external services such as Dropbox, Google Drive and personal OneDrive are convenient, they do not comply fully with the University's data policies. The iSolutions Team have produced a guide to help you decide on the best location to store your data securely using OneDrive, Teams, SharePoint or the Research Data drive.

It is possible to restrict access to folders on the University's Research Data Drive, so that only certain individuals or groups are allowed to view and edit the contents. A typical configuration for project folders is to allow access only to members of the project team, but it is also possible to set up folders within the project folder that are restricted to fewer users. For more information contact iSolutions via serviceline@soton.ac.uk

If you are considering using external storage providers, perhaps because of conditions imposed by external collaborators, you must only consider those which will allow you to take the following security measures:

• Encrypt the data in transit between your local system and the external storage via SafeSend.
• Encrypt the data stored remotely.
• Store the data only in data centres operating in jurisdictions which provide the same level of privacy and data protection as the UK and European Economic Area or that are contractually bound by the EU Model Clauses.

Useful information: UK Data Service Guide to data encryption and Storing data

If you are sharing data with external collaborators, even if they are part of the same research project, you must have a data sharing agreement in place. Contact riscontracts@soton.ac.uk for more information. When you share data with others, they will be data processors but the University will still be the data controller and therefore responsible for how the data is used.

Use SafeSend in preference to email to transfer files. SafeSend is a university service to make it easy for you to safely move files, which can be individually encrypted, in and out of the University. Files of up to 200.0 GB can be transferred in this way. If you do use email to transfer files, files should be encrypted. See How to encrypt an email on Outlook

Collaborators can be given a University computing account as part of their visitor status, subject to the completion of the necessary agreements. Through this account, they could be given permissions to transfer data directly into certain folders on the Research Data Drive.

Applies to you if you are working in a UK-based business or organisation; and applies to your processing of personal data (including storing, sharing, analysing, interpreting, anything!).

Data protection is the right to privacy. You must ensure that personal data are collected, handled, stored, disclosed, and destroyed fairly, lawfully and transparently. Using the University of Southampton IT resources will enable you to fulfil part of these requirements.

Researchers dealing with sensitive data should also familiarise themselves with the university policies on data protection (GDPR) and ethics.

If your data processing activity is based on the use of any kind of personal data, you should complete an Initial Data Protection Review (IDPR). This will inform if a Data Protection Impact Assessment (DPIA) is required, see the Information Governance SharePoint site for details IDPRs & DPIAs

The sharing of personal data must have a purpose and be necessary, it needs to be documented, lawful and secure. There are additional safeguards for countries outside of the European Economic Area.

Data sharing agreements ensure that all of these requirements are met. The University of Southampton has a Data Sharing Policy which will help you prepare your data sharing agreement.

The University Ethics Policy applies to all staff, students and visitors, including individuals, collaborators or agents conducting research or other studies in the name of the University and/or engaged to conduct research by the University.

The lawful basis for processing research data under DPA (2018) in academic research is the University's public task, as its Charter mandates that it educates and researches. Therefore, researchers should not ask participants to consent to their data being used in research.

While ethical practice requires obtaining participants' consent to partake in research under Common Law, this is distinct from DPA (GDPR) consent for personal data, which is granular, time-limited, and revocable—making it unsuitable for most research. Instead of seeking participant's consent for research data puposes, it is recommended that researchers ask that participants understand the data usage and sharing terms of the research. The current university templates for consent forms and participant information sheets (PIS) contain example wording. If you want to discuss further which wording would be most appropriate for your planned use and sharing of data, contact researchdata@soton.ac.uk.

Researchers must complete an Initial Data Protection Review form and may need a full Data Protection Impact Assessment, detailed on the Information Governance & Data Protection SharePoint.

The University Intellectual Property Regulations govern the ownership and use of Intellectual Property Rights (IPR) (including research data) generated by University staff and students.

In addition, there is often a positive obligation from our non-commercial sponsors (UKRI, Medical Charities, Government Departments, EU) to consider the protection and commercialisation of any IPRs arising from the research they are funding. This may require a temporary delay in the release of research data until the commercial potential of the idea is assessed and protection secured (if appropriate). Only a very small proportion of the IPR generated across the University will warrant patent protection and necessitate temporary restriction on sharing. The value of the majority of University Intellectual Property (IP) will be derived through publication and widest dissemination which in turn, may create opportunities. If you think your IP may have commercial potential, advice from your Collaboration Manager in RIS should be sought at the earliest opportunity to allow sufficient time for a commercial assessment.

Confidentiality obligations will also arise from the contractual arrangements entered into for research. Industry usually is very cautious but so are government departments and public sector organisations. Whereas RIS will seek to secure terms and conditions that maximise your academic freedom (including the right to publish and to re-use the research outputs), industry sponsors will often impose confidentiality obligations and restrictions on the Intellectual Property Rights (including research data) arising from the work they fund at the University. Where consultancy terms are imposed because the research is more “applied”, it is most likely no on-going rights can be preserved. It is also worth bearing in mind that if you are working in collaboration with other universities, there may be joint ownership issues. These need to be agreed and should be covered by the proposal and collaboration agreement. Advice on the terms and conditions governing research projects should be sought from the Research Support Officer in your Faculty.