Researchers must ensure that the sharing of any UBC information meets UBC security and privacy requirements, as well as any applicable data agreements, provincial, national, and international regulations. This page will provide an overview of information sharing requirements and good practices.
Before you read this page
It is recommended that you discuss your project that will share research information with a subject matter expert. This page covers high-level concepts and may not include all information applicable to specific research project.
For assistance, please contact firstname.lastname@example.org
The information on this page may be relevant to you if you:
- Are working with UBC research information;
- Research project is sharing information;
- • have research information that is subject to specific security requirements;
- You want to safeguard information during transfer.
Information Security Requirements
UBC Electronic Information sharing must be compliant with the requirements of UBC Information Security Standard U3. This standard provides requirements and guidance, as well as approved sharing tools based on information classification. Depending how the information is handled once shared, other Information Security Standards may apply. Please see our Information Security page for more information.
Information Privacy Requirements
Sharing personal or personally identifiable information may require consent. Visit our Information Privacy page for more information.
Legal and Contractual Requirements
Research information sharing may be subject to legal and contractual requirements. Researchers are responsible for ensuring these requirements are met.
Create a data sharing procedure
Creating an information sharing procedure is a simple and efficient method to ensure research information is shared in a secure and appropriate manner. Additionally, such procedures may benefit researchers when submitting a research ethics application. The procedure should guide researchers and/or collaborators on how, where, and when to share research information. It may include:
- Who is responsible for the data;
- Sharing approval process;
- What tool to use to share data;
- In which format data can be shared;
- What information cannot be included in sharing;
- Any privacy and security requirements;
- Who can access the shared information;
- How to remove shared information access;
- A process for information miss-sharing (or reference to incident management procedure where applicable);
- Agreement(s) relating to information retention after the research project;
Keep a log and review access periodically
It is often easy to forget who was provided access to a research dataset, and whether or not their access is still required. As a good practice, it is recommended to keep a log of who has access to research information and why. Review this log periodically to remove access when it is no longer required.
Avoid email attachments
By default, email is not encrypted. Using email to share research information could result in it being exposed to a malicious actor. UBC offers secure alternative options such as Microsoft Teams and OneDrive to easily share information inside and outside the institution. Visit our OneDrive and Teams for Research page for more information.
Dropbox and Google Drive are not approved
Per UBC Information Security Standard U3, sharing platforms such as DropBox and Google Drive should not be used to share research information, as they are not UBC approved tools.
The university offers secure alternative options such as Microsoft Teams and OneDrive to easily share information inside and outside the institution. Visit our OneDrive and Teams for Research page for more information.
Encrypt Confidential Information
To maximize the security of sensitive information elements, it is recommended to use file level encryption using tools like Veracrypt and Cryptomator for active data, or to encrypted .zip archives in other cases.
For more information about Research Information sharing, you may also consult: