Responsibilities in relation to research data security at UWE Bristol
All individuals who have access to research data must ensure that they fully understand their responsibilities, including compliance with best practices.
Failure to appropriately understand and implement these responsibilities could result in you being held personally responsible if a data breach or loss occurs. Always seek guidance if you are not sure.
- Be clear who has responsibility for research data, and what your own responsibilities are.
- Make sure all those who need to, and only those who need to, have secure access to the research data.
- Consider research data management at the bid stage – you may be able to seek funds to support your research data management, and having clearly thought this issue through will shine through and will improve the quality of your bid.
- Produce a UWE Bristol research data management plan for your research (all research, staff and student, at any level); file it on your project file; attach it to the Research Governance Record for your project (staff to upload these for staff and PhD research only).
- Researchers who believe that the security of a UWE Bristol device may have been lost or compromised, or that a data breach may have occurred, must inform the IT Service Desk immediately by phone, as well as informing the UWE Bristol Project Manager who, ultimately, has responsibility for the data.
- Think about what to do with your data before it becomes a problem, not after.
- Be slack about data security, you are personally responsible for your own data practice, and for any breaches in data security arising from failures in relation to your data responsibilities.
- Put off seeking guidance about what to do because you are too busy, or it all seems too complicated. Actively understanding and managing your research data responsibilities protects you from the consequences of a breach or loss, and contributes positively to the quality of your research.
- Think that because the research is student research, the requirements for research data security are any less (a data breach is a data breach, whoever the researcher is).
- Wait for a few days to see if you can find your lost device, you must report it immediately to the IT Service Desk by phone.
- File your Research Data Management Plan away and never look at it again (it is a plan, and you have to follow it).
- Pro-Vice Chancellor Research and Business Engagement - Information Asset Owner for Research Data, who will set the overall University requirements, and delegate aspects of that role as appropriate. Supported by the Information Asset Manager for Research, who is the Research Governance Manager.
- Deans and Heads of Service - overall responsibility for the security of research data within their College or Service. Responsibility for research data within College usually delegated to them by the Information Asset Owner in this respect.
- UWE Bristol Project Manager (the senior person with overall responsibility for the research, usually the Principal Investigator) - usually deemed to have lead responsibility delegated to them for the security of their research data:
- They should ensure that appropriate data security measures are in place, and in accordance with University guidance and best research practice(s). Working within the law and University's policies and guidance, they determine what may or may not be done in relation to the data, and will be held accountable for doing so.
- The UWE Bristol Project Manager is responsible for decisions about collection/ acquisition, transport, storage, use, retention, archiving and disposal, including the timing, and these decisions must be in line with consent, legislation and regulation, UWE Bristol policies, procedures and guidance, funder and sponsor requirements, and best practice in the field.
- The UWE Bristol Project Manager is responsible for ensuring these decisions are appropriately implemented.
- The UWE Bristol Project Manager is responsible for ensuring that all those with access to data have the necessary competencies. This does not always mean they must personally provide training, but they must satisfy themselves in this respect before granting data access, and must ensure that all concerned fully understand their responsibilities and requirements in relation to the data.
- It is a mandatory requirement for all staff and doctoral research that a UWE Bristol Research Data Management Plan be uploaded to the UWE Bristol Research Governance Record). This is the responsibility of the UWE Bristol Project Manager (with significant contribution from the student for student research), as is ensuring it remains up to date, and that all those who need to have seen and understand it.
- It is highly recommended that a proportionate version of the UWE Bristol Research Data Management Plan is produced by the Supervisor, in discussion with the student, for all UG and M research.
- In cases when a UWE Bristol Project Manager moves role or leaves UWE Bristol, they must inform the Head of Department that there is data for which they are responsible that must be allocated to another UWE Bristol Project Manager. It is the Head of Department's responsibility to ensure that this is done, and the Head of Department must make sure appropriate arrangements are in place for research data when an individual leaves, or is away for a significant period of time (such as extended sick leave). A resource available to the Head of Department in such circumstances is the UWE Bristol Research Governance Record (including Research Data Management Plan) entries for the individual concerned, to assist in ensuring any necessary arrangements in relation to data are made.
- Everyone - is responsible for their own part in maintaining the security of data to which they have access, and for reporting any breach of which they become aware, like health and safety, research data security is everyone's business.