Data access controls

Controlled access to research data protects privacy and confidentiality,
maintains data integrity, supports collaboration, and ensures ethical
and legal compliance. Consider and document the following in your Data
Management Plan (DMP).

• Define who is allowed to access which data and for what purpose.
• Specify who is responsible for granting, reviewing, and removing access rights throughout the project.
• Ensure all people with access have the appropriate authority, training, and trust to handle the data.
• Data sharing agreements should be used when sharing non‑public data with external collaborators.
• If your project involves sensitive data, use the Five Safes framework to assess risks and plan appropriate controls.  

Data collection and storage

• Use University-approved (security-assessed) data collection and generation tools.
• Collect only the minimum personal or sensitive information needed for your research.
• De‑identify data before storing it in shared locations when possible (see De-identifying data).
• Store data on University‑managed research storage services.
• Use Research Drive for sensitive data.

Data analysis

• Use Research virtual machines for shared compute needs.
• For sensitive data, consider Managed virtual machines or a Secure Research Environment (SRE).

Data transfer and sharing

• Use FileSender and Globus for encrypted file transfer over the REANNZ network.

Research Data Support Services
Email: researchdata@auckland.ac.nz