Definition
Whether you send or receive research electronic information, it is crucial to be well informed and prepared before sharing research data. At UBC, it is the responsibility of your research group to ensure the electronic information you share meets the university security and privacy requirements, as well as provincial, national, and international applicable regulations. This page will provide an overview of research data sharing requirements, and good practices.
Before you read this page
It is strongly recommended that you discuss with a subject matter expert when planning a research project that will share electronic information. This page covers high-level concepts and may not include all information specifically applicable to your research project.
For assistance, please contact arc.support@ubc.ca
Key Notes
The information on this page may be relevant to you if:
- You are working with UBC Electronic Information;
- You research project is sharing data;
- Your research data is subject to specific security requirements;
- You want to safeguard your research data during transfer.
Requirements
Information Security Requirements
UBC Electronic Information sharing must be compliant with the requirements of UBC Information Security Standard U3. This Standard provides recommended guidance, as well as approved sharing tools based on the data classification. Depending how the data is handled once shared, other Information Security Standards may apply. Please see our Electronic Information Security page for more information.
Information Privacy Requirements
Sharing personal or personally identifiable information may require consent. Visit our Electronic Information Privacy page for more information.
Legal and Contractual Requirements
When the shared data is regulated or subject to a data sharing agreement, you should review the applicable agreement/regulation to ensure all requirements are met.
Good Practices
Create a data sharing procedure
Creating a data sharing procedure is a simple and efficient method to ensure your research data is shared in a secure and compliant way, and may help with your ethics application. The procedure should guide researchers and/or collaborators on how, where and when to share research information. It may include:
- Who is responsible for the data;
- Sharing approval process;
- What tool to use to share data;
- In which format data can be shared;
- What information cannot be included in sharing;
- Any privacy and security requirements;
- Who can access the shared information;
- How to remove shared information access;
- Process for information miss-sharing (or reference to incident management procedure where applicable);
- Agreement relating to data retention after the research project;
Keep a log and review access periodically
It is often easy to forget who was provided access to your dataset, and whether or not it is still required. As a good practice, it is recommended to keep a log of who has access to your research data, why, and review this log periodically to remove access when no longer required.
Avoid email attachments
By default, emails are not encrypted and using email to share your valuable research data could result in it being exposed to a malicious actor. UBC offers secure alternative option such as Microsoft Teams and OneDrive to easily share information inside, and outside the institution. Visit our OneDrive and Teams for Research page for more information.
Dropbox and Google Drive are not approved
Per UBC Information Security Standard U3, sharing platform such as DropBox and Google Drive should not be used to share research information, as they are not UBC approved tools.
The university offers secure alternative option such as Microsoft Teams and OneDrive to easily share information inside, and outside the institution. Visit our OneDrive and Teams for Research page for more information.
Encrypt Confidential Information
To maximize the security of your most valuable data elements, it recommended setting file level encryption using tools like Veracrypt and Cryptomator for active data, or encrypted .zip archives in other cases.
Additional Information
For more information about Research Information sharing, you may also consult:
UBC IT
https://it.ubc.ca
UBC Office of the CIO
https://cio.ubc.ca
PrivacyMatters
https://privacymatters.ubc.ca