Research Data Management Policy guidance

This policy applies to all staff, students, supervisors and other members of the University community who are involved in the management of research data. For details, go to the Research Data Management Policy.

This policy is supported by the:

• Research data classification standard
• Research data retention
• Research data glossary

Definition

Within the University, research data are defined as the evidence that underpins the answer to a research question and can be used to validate findings regardless of their form (e.g. print, digital, or physical).

Examples

Research data can be quantitative information or qualitative statements collected by researchers in the course of their work by experimentation, observation, modelling, interview or other methods, or information derived from existing evidence.

Data may be raw or primary (e.g. direct from measurement or collection) or derived from primary data for subsequent analysis or interpretation (e.g. cleaned up or as an extract from a larger data set), or derived from existing sources where the rights may be held by others.

Data or information related to the management and conduct of research

Administrative data created by the management or conducting of research (e.g. funding applications, research contracts, data management plans or ethics applications) are institutional data and are governed by the University’s Data Governance Policy.

Primary materials

Primary materials are physical objects and samples, such as biological samples, that are acquired for research and from which research data may be derived. Primary materials are not research data.

For more information, see Research data management overview.

The RDM policy details 18 responsibilities across three groups: the University (1-3), researchers (4-16) and supervisors (17-18).

4. Establishing and maintaining clear roles and responsibilities for the management of research data within their research project or group, with principal investigators retaining overall responsibility for ensuring compliance with this policy.

Identify the RDM tasks required by your project across the phases of the research data lifecycle:

1. Plan and design
2. Create and collect
3. Analyse and interpret
4. Publish and report
5. [Enabling you and others to] Discover and reuse

Each task should be assigned to an individual within the research team or group, and these responsibilities should be recorded in the Data Management Plan. Refer to Data Management Planning (DMP).

5. Ensuring that legal, ethical, data sovereignty, protective security and commercial constraints relating to research data are considered prior to data collection and adhered to throughout the research data lifecycle.

Project constraints may be defined by:

• Legislation, such as the Privacy Act 2020 and Customs and Excise Act 2018 (export controls)
• University policies
• Funding agreements
• Agreements with data providers or collaborators (refer to Working with third-party research data and Data sharing agreements)
• Ethics application process and related standards
• International standards, such as the CARE principles

Project constraints should be documented in the Data Management Plan (DMP) and regularly updated and monitored to ensure compliance during and after completion of the project.

6. Preparing a Data Management Plan for sensitive or restricted data or where this is required by the University, a funder, ethics approval processes, research data provider or other external party.

The University's online Data Management Planning (DMP) tool will help you consider and document research data management decisions across the research data lifecycle. The DMP tool includes templates to follow and extensive guidance.

Go to Data Management Planning (DMP) for the DMP tool.

Individual projects may seek advice through the Research data management consultation service.

7. Ensuring collaborations with external parties have agreements in place that specify ownership and custodianship rights and responsibilities for research data. These agreements must be signed by the appropriate University delegate.

There are a number of agreements that may apply, including Data sharing agreements (sometimes called data transfer agreements), Confidentiality and non-disclosure agreements, and Material transfer agreements. 

8. Identify the resources required for the management of research data and confirm the availability and cost of these resources as part of proposal development for externally funded and internally funded research.

Identify RDM resources by first considering all the RDM tasks for a specific project across the research data lifecycle. This may include anything from using research data capture tools or transcription to storage or computing requirements.

Researchers can seek a Research data management consultation to determine the resource requirements.

9. Ensuring that digital forms of research data are stored on an appropriate University-managed research storage service or other trusted storage service approved by the University Chief Information Security Officer.

Data capture, collection and generation tools

For information on University-approved (security-assessed) tools, go to:

• Data collection and generation tools
• Generative AI tools
• Transcription

Data storage

• To select an appropriate storage service, go to Choosing data storage.
• Personal and portable devices (e.g. USB, hard drive, laptop, desktop) are not appropriate for the storage of research data in most cases.

10. Ensuring research data are accompanied by appropriate metadata to support the reproducibility of findings and enable the application of the FAIR, CARE and Māori Data Sovereignty data sovereignty principles alongside the University’s data classification.

Metadata (information about research data, such as content, quality, format, location and access rights) can take different forms, for example, free text (e.g. a README file) to standardised, structured, machine-readable content. It can be embedded within the data file, recorded as a separate text/ spreadsheet file that is linked to the collection of data files it describes, and/or contained in a catalogue record that points to the research data.

Describing research data with rich metadata underpins the FAIR principles for research data and enables Māori data sovereignty, Pacific data sovereignty and the CARE principles for Indigenous data.

For more information, go to Research metadata.

11. Publishing digital forms of research data in the University research data repository or other publicly accessible repository, unless the data cannot be published due to legal, ethical, data sovereignty or commercial constraints.

Research data should be published in a University or other publicly accessible data repository unless there are legal, ethical, data sovereignty or commercial constraints precluding publication. These constraints should be documented in the project Data Management Plan.

Where research data cannot be published, researchers are required to publish a metadata-only or descriptive record about the research data unless it would cause harm to research participants, the University or other stakeholders. In this way, researchers can balance FAIR principles for research data and indigenous data sovereignty principles.

The University's Institutional Figshare supports data publishing or publishing of a metadata-only record.

For more information, go to Research data publishing and discovery.

12. Including, where possible, a data availability statement in all accepted manuscripts and final accepted theses describing how and on what terms any supporting research data may be accessed.

Data availability statements or data access statements are required by a number of funders and journal publishers and are critical to enabling data to be findable and accessible (part of meeting the FAIR principles for research data).

Where data is not published or openly available, these short statements can explain the mediated process by which data rightsholders exert authority to control who has access and for what purpose. This enables Indigenous data sovereignty (Māori data sovereignty, Pacific data sovereignty and the CARE principles for Indigenous data).

13. Ensuring there are appropriate data governance arrangements in place to represent the interests of rightsholders and other key stakeholders in the research data.

Data governance refers to the arrangements put in place to ensure the interests of rightsholders and stakeholders in research data are protected and that all ethical, legal, data sovereignty and commercial constraints are adhered to during and after the project.

Commonly, research data governance will enable answers to questions regarding:

• The quality and value of the data for a particular application
• Who can access it and for what purpose, how this is decided, and by whom
• How it can be accessed, including location, and
• The security required and how the data are being protected

These details should be documented in the project's Data Management Plan.

Governance enables adherence to security, privacy, sovereignty and contractual constraints and obligations, notably providing processes to support rangatiratanga or authority to control and kaitiakitanga or guardianship by Indigenous rightsholders.

14. Ensuring research data are returned, retained, deleted and/or destroyed in accordance with legal, ethical, data sovereignty and commercial constraints.

The Data Management Plan (DMP) should clearly specify what will happen to research data at the end of the research project. This will be informed by the:

• Minimum retention periods specified in the Research data retention table
• Agreements in place with research funder or external data providers
• Legal, ethical, data sovereignty, protective security and commercial constraints that apply to the research data (if any)
• Form of the data and how it has been stored

If the action to publish, retain/archive, delete or destroy research data is not taken directly by the principal investigator or nominated representative, this will be undertaken by a University representative or system based on information provided in the Data Management Plan (DMP) or other system.

The need to delete or destroy research data is a factor in Choosing data storage at the start of the project.

Retention and archive of digital research data

Many research projects will generate or gather digital research data that are not appropriate for publishing (e.g. intermediate files or personally identifiable data). Digital research data that needs to be kept for the minimum retention period should be:

• Tidied and accompanied by metadata (e.g. Describing research data with a README) to enable verification, others to make sense of it, and stewardship and governance (including data sovereignty)
• Archived on sustainable University-managed storage (e.g. Archive (tape) storage associated with a Research Drive).

Deletion of digital research data

Data may be required to be deleted after the minimum retention period. Deletion of digital research data files stored on University-managed storage removes the pathway to the data files and will lead to the eventual overwriting of these files. This does not always eliminate the possibility of recovering all or part of the original research data.

Destruction of digital research data

Destruction of research data means the process of overwriting, erasing or physically destroying information so that it cannot be recovered. Destruction of digital research data files stored on University-managed storage is not achievable in most cases. This is due to the frequent and automatic backup of files that occurs on University-managed storage.

In a small number of cases where there is a requirement to destroy data after expiration of the minimum retention period, AND this has been arranged at the start of the project in consultation with University IT providers, please liaise with your Digital Services business relationship manager.

Physical research data and artefacts

These items should be considered for digitisation. Where necessary, physical records and artefacts should be retained in appropriate storage facilities managed by, or in arrangement with, the University. When appropriate, these items can be destroyed using Iron Mountain services.

15. Ensuring that non-digital forms of research data created after the commencement date of this policy are promptly digitised where possible and managed in accordance with this policy. The original non-digital research data are to be securely destroyed following digitisation unless there is a requirement for retention, in which case researchers will ensure appropriate storage arrangements.

Digitisation is the process of converting physical or hard-copy records into electronic or digital formats.

In most cases, you can use University-managed printers (accessed via your University username and password) to scan physical documents. These files should then be moved to an approved University storage solution, such as Research Drive.

Once the digitisation process is complete and the digital copy is verified, the original non-digital research data should be securely destroyed, unless there is a specific legal, ethical, or administrative requirement for its retention.

16. Ensuring appropriate arrangements are made if they require and have rights to continued access to research data after leaving the University.

In most cases, those leaving the University can undertake a handover of research data management, including:

• Updating the Data Management Plan (DMP)
• Ensuring that off-boarding meetings with supervisors, research groups and academic heads discuss arrangements for ensuring ongoing access to the research data
• Ensuring all agreements and ethics approvals relating to the use of data are updated as required

Where relevant, this may also include:

• Entering into an agreement if there is a need to transfer the research data to another institution (where permitted by ethics approvals and agreements)
• Establishing external collaborator status for the departing staff member or student where that individual requires ongoing access to research data held at the University

Where the departure of the researcher is unexpected, these activities should be undertaken by the academic head or their delegate.

17. Supervisors are responsible for providing guidance and support to students on the application of this policy to student research projects.

18. It is the responsibility of the supervisor to ensure that the student prepares a Data Management Plan where required under this policy, ensuring that research data ownership rights, licensing arrangements and custodianship responsibilities are clearly stated prior to the collection of the research data.

Supervisor support may include:

• Advising on any aspect of the research data lifecycle and best practices for managing research data in accordance with the RDM policy
• Discussing and reviewing a Data Management Plan (DMP)
• Participating in a Research data management consultation
• Raising awareness of supporting resources and development or training opportunities

Research Data Support Services
Email: researchdata@auckland.ac.nz

eResearch Engagement Lead
Email: Laura Armstrong

Associate Director, Research Operations
Email: Nick Kearns

Poutiaki Rangahau Māori, Pro Vice-Chancellor (Māori)
Email: Geremy Hema