Storing and handling data
Data classification
Understanding your own research data is the first step when you plan for storage and security.
You must assess and classify any sensitive or personal data you work with so that you can manage and store it appropriately.
Classify your data
As described in the information protection policy, you should classify your data according to its sensitivity.
The Alan Turing Institute (ATI) data confidentially tiering can help you to assess data sensitivity. A very brief summary of the five tiers is:
- Tier 0: publicly available, open information
- Tier 1: data which will eventually be made public, no significant risk
- Tier 2: pseudonymised or low sensitivity data with low risk
- Tier 3: weakly pseudonymised personal data with moderate risk
- Tier 4: personally identifiable information.
Please see the Research information management guide to data classification IT Knowledgebase article for a fuller explanation.
When you have classified your data, you can then decide how to store it and what special controls you need to put in place.
The Research Information Management Guide (PDF) sets out what kinds of research data can be stored in what kinds of storage solution for each tier. It considers:
- Storage locations
- Data processing platforms
- Data transfer mechanisms.