Data security

Guidance on research data security and the measures you can take to protect sensitive data.

On

91Ö±²¥

Research data security is essential to prevent unauthorised access, disclosure, destruction or amendment of data.

The principal investigator or lead researcher of a project is responsible for ensuring data security, the level of which depends upon the nature of individual data.

Higher levels of security are required for sensitive data, which may include identifiable personal information, pose risks to commercial or intellectual property rights, or compromise national security.

The SafePod at 91Ö±²¥ is a safe setting allowing researchers access to a range of datasets that require secure access. For support accessing secure data on individual computers (including Office for National Statistics datasets), contact the Information Security Team at info-security@sheffield.ac.uk.

 may apply if there is a risk to national security or concern about the country to which data is being transferred. Researchers should also be aware of the GDPR and its implications for research.

If you have any concerns about data security, you should contact the .


Data security options

There are a range of measures you can take. These include:

  • controlled access to digital files through password protection and/or
  • firewall and protection installed on all computers used
  • identification and use of appropriate storage (see Data Storage advice)
  • controlled access to rooms and equipment where data (digital or physical) are held
  • use of the when working off campus (this allows access to , avoiding the need to store data insecurely elsewhere)

Further security measures to protect sensitive data include:

  • ensuring conditions of data providers’ consent are met
  • techniques or data aggregation to avoid disclosure of sensitive data
  • never storing highly sensitive data on including Google Drive, or on machines connected to an external network
  • of data if remote access is necessary, including via email or file transfer
  • encryption of data transported on storage devices
  • use of the University’s , a secure, cloud-based platform for researchers working with sensitive data.

Sensitive data may need to be destroyed due to ethical or contractual requirements, or when the desired outcomes have been achieved. In these cases, data should be destroyed so that no information can be recovered.

Researchers should be aware of the University’s .

More information about data security

Research ethics and integrity

(UK Data Service)


Access control

A number of individuals may require access to a project’s research data, potentially with different privileges to read, write, update or delete. 

 provides password protection and access to collaborators within the University.

The University  can be used to give controlled access to external collaborators, with the exception of highly sensitive data.

More information about access control and collaborative research





For further information, contact .