Skip to Main Content
It looks like you're using Internet Explorer 11 or older. This website works best with modern browsers such as the latest versions of Chrome, Firefox, Safari, and Edge. If you continue with this browser, you may see unexpected results.

Research Data Management

Learn about best practices in research data management

Data Related Policies at UConn

While working with your research data, be aware of the following UConn policies that may apply to your work or how the data is stored and handled. 

The content on this page is informational only. Please contact UConn ITS for specific questions or concerns related to your IT resources. 

UConn Data Classification Levels

Confidential Data requires the highest level of privacy and may not be released.

Confidential Data is data that is protected by either:

  • Legal or regulatory requirements (e.g., HIPAA)
  • Contractual agreements (e.g., Non Disclosure Agreements)

See the extended list of Confidential Data for common types of confidential data.


Protected Data must be appropriately protected to ensure a lawful or controlled release (e.g. Connecticut Freedom of Information Act requests). This is all data that is neither Confidential or Public data (e.g., employee email).


Public Data is open to all users, with no security measures necessary. Data is public if:

  • There is either an obligation to make the data public (e.g., Fact Sheets), or
  • The information is intended to promote or market the University, or pertains to institutional initiatives (e.g., brochures).

Encrypting and Exporting Data

Per the Export Control and Economic Sanctions Policy, "Export control and economic sanctions regulations aim to protect the national security, foreign policy, and economic interests of the United States.  Export control regulations govern how certain information, technologies, and commodities can be transmitted overseas or to a foreign national on U.S. soil, whereas economic sanctions regulations restrict transactions with certain countries, institutions, and individuals. The scope of the these regulations is broad: they cover exports in virtually all fields of science, engineering, and technology, apply to research activities regardless of the source of funding, and impose restrictions on activities by U.S. persons that occur outside the United States."

The encryption guidelines noted below in the Mobile and Remote Device Policy discuss encryption tools, and the IT link below details security tools and options available at UConn. 

Data Ownership

Per the Employee Code of Conduct:

  • Research materials, inventions or devices developed through the use of University resources are the property of the University. Rights to such property may be transferred to other parties (such as commercial sponsors) only with express written authorization. Materials subject to copyright are generally not the property of the University.
  • Research data are considered the property of the principal investigator or the joint property of collaborating individuals when research data are generated by a principal investigator working in collaboration with one or more faculty colleagues. Research data generated by postdoctoral fellows, graduate students, research trainees or others who have had significant intellectual input, shall be considered the joint property of the collaborating individuals.

Mobile and Remote Device Security Policy

"University of Connecticut faculty, staff, student employees, and volunteers who use mobile or remote devices are responsible for any institutional data that is stored, processed, and/or transmitted via a mobile or remote device and for following the security requirements set forth in this policy."

Please see the full policy, linked below, for details on the types of security requirements for these devices. 

Additionally, there are guidelines regarding storage of confidential data on mobile devices: 

"In general, confidential data should not be stored on mobile devices, including laptops. However, in certain instances and depending on job responsibilities, this may be unavoidable. In these instances, confidential data must be stored on university-owned devices ONLY with the following requirements: 

  • Except when being actively used, confidential information must at all times be encrypted on any device through a mechanism approved by the University. Alternatively, whole drive encryption software may be deployed to meet this requirement. 
  • Mobile devices must have university-supported software enabled and running to identify, protect, and respond to any threats to the data or operating systems of the devices. 
  • Devices must have Mobile Device Management software installed to facilitate device protection, including remote wipe and, if possible, device location technology for recovery. "