Storing and securing

your data

Research Data Management Support Services

UK Data Service

University of Essex

April 2014

Overview

Looking after research data for the longer-term and protecting them

from unwanted loss requires having good strategies in place for

securely storing, backing-up, transmitting, and disposing of data.

Collaborative research brings challenges for the shared storage of,

and access to, data.

Areas of coverage • Making back-ups

• Data storage

• File sharing and collaborative environments

• Data security

• Data transmission and encryption

• Data disposal

Stuff happens: fieldwork nightmare

• “I’m sorry but we had to blow up your laptop.”

• “What….all my client case notes and testimony, writing, pictures,

music and applications. Years of work. NO!!!!”

• Source: lilysussman.wordpress.com

Stuff happens: data inferno

• What if this was your university, your office, your data?

• Fire destroyed a University of Southampton research centre

resulting in significant damage to data storage facilities

• Source: BBC

Stuff happens: hard drive failure

Source: http://blog.backblaze.com/2013/11/12/how-long-

do-disk-drives-last/

Backing-up data

• It’s not a case of if you will lose data, but when you will lose

data

• Make sure you don’t lose it for good by keeping additional

backup copies

• Protect against: software failure, hardware failure, malicious

attacks, loss, accidents etc.

• Ask yourself: would your data survive a disaster?

Backing-up strategy

Consider:

• What needs to be backed-up? All, some, just the bits you

change?

• What media? External hard drive, DVD, online etc.

• Where? Original copy, external local and remote copies

• What method/software? Duplicating, syncing, mirroring

• How often? Assess frequency and automate the process

• For how long? How long you will manage these backups for

• How can you be sure? Never assume, regularly test a restore,

and use verification methods

Local data storage

• All digital media are fallible

• Optical (CD, DVD) & magnetic media (hard drives, tape)

degrade – lifespan even lower if kept in poor conditions

• Physical storage media become obsolete e.g. floppy disks

• Copy data files to new media two to five years after first

created

Storage services

• Online or ‘cloud’ services increasingly popular

• Google Drive, DropBox, Microsoft SkyDrive etc.

• Accessible anywhere

• Background syncing

• Mirror files

• Mobile apps available

• Very convenient

• Everyone uses them, and that’s ok BUT precautions

must be taken..

• Consider if appropriate, as services can be hosted outside

the EU (DPA for personal data)

• Encrypt anything sensitive or avoid services altogether

Other storage options

• Your university or department may have options available e.g. • secure backed up storage space

• VPN giving access to external researchers

• locally managed Dropbox-like services such as ownCloud and ZendTo

• secure file transfer protocol (FTP) server

• Data repository or archive • a repository acts as more of a ‘final destination’ for data

• many universities have data repositories now catering to its researchers

• UK Data Service has it’s own recently launched service called ‘ReShare’, for social science data of any kind

Demo: SyncToy synchronising

• For syncing two folders - free download from Microsoft

• User friendly, at the price of power

Verification and integrity checks

• Ensure that your backup method is working as intended

• Be wary when using sync tools in particular

• mirror in the wrong direction or using the wrong method, and you could

lose new files completely

• Applies to online DropBox-like syncing services too

• You can use checksums to verify the integrity of a backup

• Also useful when transferring files

• Checksum somewhat like a files’ fingerprint

• …but changes when the file changes

Demo: MD5 checksum checks

• Calculate the MD5 checksum value of a file to check its integrate,

e.g. after back-up or transfer

• Example using free ‘MD5summer’ software

(http://www.md5summer.org/)

• Mac OSX has built in MD5 functionality

• Online version of demo: www.data-

archive.ac.uk/media/361550/storingyourdata_checksumexercise.pdf

Version control

• Keep track of different copies or versions of data files

• useful for files kept in multiple locations

• or which have multiple users

• a way to safeguard against accidental changes

• File names are a good way to do this

• unique descriptive names for files

• include date and/or version number in name

• indicate relationships between files

e.g. FoodInterview_1_draft; FoodInterview_1_final; HealthTest_06-

04- 2008; BGHSurveyProcedures_00_04

Example: version control table

Example: Google Drive version control

• Collaboratively edit documents in ‘the cloud’ while tracking version

history

Non-digital storage

Printed materials, photographs

• degradation from sunlight and contact (sweat on skin, acid in paper)

• use high quality media for long-term storage/preservation e.g. using acid-free paper &

boxes, non-rust paperclips (no staples), no sellotape

Confidential items, e.g. signed consent forms, interview notes

• store securely, in locked container

• separate from data files

Source: http://www.tramway.co.uk/ Source: Florida State Archives

Data security

• Protect data from unauthorised access, use, change, disclosure and

destruction

• Personal data need more protection – always keep separate and

secure

• Who knows who’s watching..!

Data security strategy

• Control access to computers:

• use passwords, lock your machine when away from it

• anti-virus and firewall protection, power surge protection

• all devices: desktops, laptops, memory sticks, mobile devices

• all locations: work, home, travel

• restrict access to sensitive materials e.g. consent forms, patient

records

• Control physical access to buildings, rooms, cabinets

• Proper disposal of data and equipment

• Even reformatting the hard drive is not sufficient

• Always encrypt personal or sensitive data

• = anything you would not send on a postcard

• e.g. moving files, interview transcripts

• e.g. storing files to shared areas or insecure devices

• Basic principles

• applies an algorithm that makes a file unreadable

• need a ‘key’ of some kind (passphrase, file) to decrypt

• The UK Data Service recommends Pretty Good Privacy (PGP)

• more complicated than just a password, but much more secure

• involves use of multiple public and private keys

Encryption

Image source: RRZEicons

Encryption software

• Many free software options that are easy to use

TrueCrypt

http://www.truecrypt.org/

Free, cross platform

• Encrypt hard drives, or partitions of hard drives,

• Encrypt files and folders

• Encrypt portable storage devices such as USB flash drives

AxCrypt*

http://www.axantum.com/axcrypt/

Free, Windows only

*Note: take caution when installing AxCrypt to ensure that you uncheck

options to install extra ‘bundled’ software

Demo: Encryption with TrueCrypt

• You can use TrueCrypt to create a reusable encrypted storage

space (or ‘volume’)

• See also alternative demo of encryption with Safehouse Explorer

(Windows only): www.data-

archive.ac.uk/media/312652/storingyourdata_encryptionexercise.pdf

Data destruction

• When you delete a file from a hard drive, the chances are it’s still

retrievable – even after emptying the recycle bin

• Files need to be overwritten (ideally multiple times) with random

data to ensure they are irretrievable

File on hard disk drive

File deleted from disk

X X X X

File securely deleted from disk

Data destruction software

• BCWipe - uses ‘military-grade procedures to

surgically remove all traces of any file’

• Can be applied to entire disk drives

• AxCrypt* - free open source file and folder

shredding

• Integrates into Windows well, useful for single files

• If in doubt, physically destroy the

drive using an approved secure

destruction facility

• Physically destroy portable media,

as you would shred paper

*Note: take caution when installing AxCrypt to ensure that you uncheck options to install extra ‘bundled’

software

Summary of best practise in data storage

and security

• Have a personal backup/storage strategy – original local copy,

external local copy and external remote copy

• Copy data files to new media two to five years after first created

• Know your institutional back-up strategy

• Check data integrity of stored data files regularly (checksum)

• Create new versions of files using a consistent, transparent system

• Encrypt sensitive data – crucial if using web to transmit/share

• Know data retention policies that apply: funder, publisher, home

institution – and remove sensitive data securely where necessary

Contacts

Collections Development team

UK Data Service

University of Essex

datasharing@ukdataservice.ac.uk