Secure disposal of research data
Research Data must be securely archived at the end of the research, or securely destroyed using the most appropriate method. Research data may also need to be destroyed during the research where that has been specified as part of the research procedures, for example, where data is anonymised or transcribed, the unanonymised data, or original recordings, may need to be destroyed prior to the end of the project.
- Ensure that research data is held securely for the required period, and only for as long as necessary and appropriate;
- Ensure that for external or internal bids costs associated with preparation of data for archiving are included, wherever possible;
- Ensure that disk re-imaging is performed where appropriate – you cannot reply upon simply deleting the data;
- Ensure you always format an SD card which has been used for interviews as soon as the data has been downloaded;
- For sensitive data, consider physically destroying the hard drive;
- Should research data be appropriately retained at the end of a project and therefore require appropriate storage (for legal or regulatory, funder, validation or re-use by the research team or other researchers purposes) then researchers should seek further advice from the library;
- Ensure that hard copy information is disposed of via confidential waste;
- Be clear at the outset that you have the right to destroy to data if you are going to need to (for example where the research is collaborative, make sure partners and funders are in agreement).
- Put in place blanket arrangements such as ‘I will retain the data for 7 years’ – data retention must be appropriate to the specific circumstance;
- Allow research data to fall into the wrong hands because it has not been securely disposed of;
- Forget about the research data at the end of the project;
- Hold on to research data for longer than necessary or appropriate, especially where this would not be in line with Data Protection Legislation, or participant consent;
- Rely on simple deletion of data only – always consider the above options to be absolutely sure.
Who should I contact if I'm not sure?
For further guidance, specifically around IT asset disposal and secure destruction of data, please contact the IT Service Desk.