Research data is more dynamic because of:
- expanding computer networks
- the increase in the use of removable storage
- the popularity of remote access, mobile devices and internet services
As a result, principle investigators need to consider the three states that data can be held during the lifecycle of the project.
The three data states
- data at rest: data that is permanently stored on a local machine, a server, USB drive, portable hard drive or cloud storage service. Information Services offers a centrally managed file store that provides physical security, network security, access control, threat prevention and loss prevention.
School based servers or PCs are not to be used as permanent storage, and a USB drive, portable hard drive or cloud based service must only be used as temporary storage.
- data in motion: data that is being moved between permanent locations by various methods such as USB drives, portable hard drives, and electronic transfer such as email, cloud based services and file transfer.
Research data classified as confidential or highly confidential must be encrypted when being transferred via USB drives or portable hard drives.
- data in use: describes situations where stored data is delivered from permanent storage to a different computer, device or application, to allow access or processing. From a security perspective, data in use is primarily concerned with ensuring the receiving computer, device or application is secured to avoid unauthorised access.
All devices used to access confidential or highly confidential data must utilize access controls. This includes setting passwords or PINs on laptops, tablet computers, smart phones and other mobile devices.