Research Data Management

• Have a plan for what you will do with the data you generate.
• Follow the 3-2-1 backup rule.
• Have a data management plan for your lab and document it.
• Make plans for continuity for when students graduate or leave UConn.  For example, you do not want a student to graduate and take data with them.

What is the 3-2-1 backup rule?

• Having 1 copy offsite protects your data from local risks like theft, lab fires, flooding, or natural disasters.
• Using 2 storage media improves the likelihood that at least one version will be readable in the future should one media type become obsolete or degrade unexpectedly. 
• Having 3 copies helps ensure that your data will exist somewhere without being overly redundant. 

When working with Personally Identifiable Information (PII) or HIPAA data, there are extra considerations to keep in mind. You may also be working with a private company, industry contractor, or other type of confidential data. 

Be sure to keep PII secure and HIPAA compliant. 

HIPAA data has encryption requirements - it must be encrypted at all points of access, including when in transit during file transfers. There are secure transfer utilities that exist for this purpose. 

Be sure that all machines in your lab or office are locked and require a NetID and password to access them. You can also password protect certain files or drives as needed. ITS can help with this. 

Check the data ownership policies of any cloud service you subscribe to. Also, remember that there is no expectation of privacy for data stored in the cloud. Don't use a cloud service for data that falls under the UConn protected or confidential data categories. 

It's recommended to use use more than one cloud service to make sure that your data is backed up regularly. 

If you buy a cloud service, you are contracting as individual, not as the university.