Discuss the research data management issues raised by the following
scenarios, and consider what practical measures might have been taken to
reduce risks to security
Scenario 1
Unshredded and unanonymised data transcripts are found on the street in a clear plastic rubbish bag.
Scenario 2
A lecturer stores personal and confidential data on the hard drive of her College computer. She is given
a new computer by her department and the old one is given to research students to use in their office.
The students are able to access both her personal and research data.
Scenario 3
A researcher’s laptop is stolen while she is away at a conference. Vital research data on the hard drive
was not backed up anywhere else.
Scenario 4
A researcher sends project documents in the post but writes the wrong address on the package so the
documents are lost.
Scenario 5
A researcher emails digital audio files to a transcriber who saves them to his computer desktop and also
stores them in his email once received. The transcriber fails to delete the files from his email and
computer once he finishes the transcription and sends it to the researcher. He later sells his computer
on eBay
Scenario 6
A transcriber tells her friends and family about the ‘interesting interview’ that she is transcribing, giving
details about the name and place of work of the interview participant.
Scenario 7
A fire at the College destroys a research office and all the paper copies of an important research
collection which a researcher was preparing for archiving.
Scenario 8
A researcher encrypts his data folder, then forgets his password and can no longer access his data.
Library Services | Information Management www.kcl.ac.uk/library/using/info-management
February 2014
Preventative Measure 1
Paper records should be securely shredded or placed in a sealed confidential waste bin (these are
available in some buildings). Many departments make their own arrangements for disposal of
confidential waste so check with your department administrator whether you have a contract in place.
Alternatively, you can contact Estates for assistance with disposal of confidential records; email
[email protected]. Procedures vary from campus to campus, for example the Strand facilities team issue
confidential waste sacks whilst at Denmark Hill sealed bins are more commonly used. Estates will be
able to advise on the correct procedure for your area.
Preventative Measure 2
Electronic records can be deleted from College servers once no longer needed. Items such as
CDs/DVDs, tapes and floppy disk drives can be disposed of via the College media destruction services.
Facilities available vary from campus to campus and if media destruction is not available these items
can be disposed of as hazardous waste. Contact your Campus Facilities office for details of local
arrangements; email [email protected].
Prior to the disposal of any computer, you should ensure that data is erased from the hard drive. Even
then this might not be sufficient - personal information stored on the hard drive of your computer may
still be retrievable despite deletion. Only ‘scrubbing’ or overwriting the data will sufficiently delete
them from the machine. Do not presume IT services will clean the hard drive before passing on the
computer. Further information on this process is available from IT Services; email
[email protected]
Preventative Measure 3
Always keep a back-up of data. Before travelling you could remove data that you won’t need from the
laptop and back it up onto an encrypted laptop or device. Under the Data Protection Act you have a
legal obligation to protect personal data so it should be stored securely, especially when travelling.
Preventative Measure 4
If the postal service must be used as a form of transfer, data should be sent by courier or recorded
delivery. The College approved courier is City Sprint
https://internal.kcl.ac.uk/about/ps/purchasing/suppliers/couriers.aspx
Preventative Measure 5
You should not email files that you would not want people to keep on their computers. Files should be
encrypted or sent via secure transmission. We recommend using the College file transfer service,
https://internal.kcl.ac.uk/it/email/fts/index.aspx.
The transcriber could still download the document and leave them on their computer, so transcribers
should be asked to sign a confidentiality agreement confirming they will destroy copies of data files
once they have been returned, and verify after transcription that this has been done.
Preventative Measure 6
Ensure transcribers are made aware of their responsibilities to comply with College policy on research
integrity http://www.kcl.ac.uk/innovation/research/support/conduct/about.aspx and ask them to sign
confidentiality agreements preventing them from divulging confidential information.
Preventative Measure 7
Keep back-up copies of any important data in an offsite location. Important paper documents can be
scanned and kept digitally.
Preventative Measure 8
The researcher could have kept a copy of the password in a separate location to the data folder.
College guidance on passwords can be found here
https://internal.kcl.ac.uk/it/connected/AccountsandPasswords/Kings-password-guidelines.aspx
Based on a UK Data Archive resource http://data-archive.ac.uk/create-manage/training-resources/storage