Opening or destroying data

DISPOSAL OF RESEARCH DATA

Research data must be disposed of if:

• The data contains personal information and cannot be anonymised.
• Opening, publishing, or archiving the data is not possible or worthwhile.
• There are no plans for further use of the data.

IMPORTANT:

• Do not store data containing personal information longer than what you have informed the research participants.
• Remove all data containing personal information from university devices, systems, and software immediately after you have finished processing personal data.
• All data containing personal information must be deleted from university devices, systems, and software before your JYU user account expires.
• Remember that the data must never fall into the hands of unauthorised parties and it must be destroyed securely.
• Before disposal, check with your thesis supervisor how long research data must be retained in your discipline for thesis and results verification.

Secure disposal of research data

• The most secure way to destroy files containing research data is overwriting.
  • You can think of overwriting as a kind of technical paper shredder that destroys the data.
  • Overwriting means filling the file or storage medium multiple times with random data, after which the original files cannot be recovered.
  • There are dedicated programs for overwriting, such as Eraser.
  • Overwriting is obligatory if your data contains special categories of personal data or sensitive/confidential information.

If your data does not contain special categories of personal data or sensitive/confidential information:

• Move the data stored on the U-drive to the recycle bin and empty the recycle bin.
• Even though your U-drive will stop working after graduation, data must not be left on the U-drive.
• Delete files stored in the university’s Office365 applications. Move files to the recycle bin and select “delete permanently” in the recycle bin.
• Delete files from all other university devices, software, and systems you have used (e.g., Webropol).
• Place paper-based data in the confidential paper recycling box, from which it will be shredded. Do not use the regular paper recycling box or trash bin!
  • Many university buildings have dark gray lockable Sulo bins for this purpose.
• Return storage devices (e.g., university recorder) emptied and, if possible, overwrite the stored files.
• CDs, SSDs, and similar media can be taken directly to the Digital Services service desk in the Lähde building (room B315) for disposal.
  • Overwrite files if necessary.
• If you have for some reason saved data on your personal computer or work computer, use overwriting.

If you have organised and documented your data management carefully, this document serves as a handy checklist of all the places where you have stored your data!

FURTHER USE OF RESEARCH DATA

Discuss with your supervisor already during the data management planning stage whether the research data you collect is worth preserving.

• In other words, does your data have value for further use – either for yourself (for example, if you continue from your thesis topic to a doctoral dissertation) or for future researchers and research projects?
• Together, consider the benefits and challenges of further use, and whether your data can realistically be processed and stored in a way that enables reuse.

Further use of data must be planned before data collection begins!

• Opening, publishing, archiving, or otherwise storing the data for reuse must be disclosed to research participants in the privacy notice.
• If reuse requires anonymisation of personal data, this must be taken into account in the planning and implementation of data collection.
  • For example: conduct your survey anonymously from the start so that no personal data is collected.
• If you transfer the data you have collected or produced to a research group, project, or similar, you must make an agreement on transferring the rights to the data to the project before your work begins. See more in the learning material section: Rights Related to Data.

Archiving data

Archiving data means that you make an archiving agreement with an archive operating under archival legislation (e.g., Kielipankki – The Language Bank of Finland, Kansan Arkisto, Finnish Literature Society Archive) and transfer your research data to the archive.

• The archive acts as the distributor of the data, meaning the data is no longer available to you for the original research purpose.
• Archived data is not necessarily openly available to everyone, but it is preserved for the period specified in the agreement between the donor and the archive.
• If you are considering archiving, contact the archive you have chosen.

Opening and publishing

Opening and publishing data often – but not always – go hand in hand.

• Opening means that the data is permanently available in a data repository, such as JYX or Finnish Social Science Data Archive (FSD).
• Publishing means that the data is openly accessible: for example, it can be freely downloaded from JYX or FSD.
• By opening and publishing your data, you promote the goals of open science.

First, consider whether you have the right to open and publish the data:

• Does your data contain personal information?
  • If you can anonymise the data, opening may be possible.
• Have you informed participants about opening and publishing?
• Are you using someone else’s existing data, and do you have rights to process it after your thesis is completed?
• Have you made an agreement with a research group or company that the data cannot be published?

Do not confuse publishing your thesis with publishing your data.
Here, we are specifically talking about publishing the research data, not the thesis itself.

Opening and publishing research data in JYX

Students’ datasets can be opened in the University of Jyväskylä’s publication repository JYX.

The Open Science Centre publishes well-organized and well-managed datasets in JYX that do not contain personal data and have not been archived or published elsewhere.

• The following instructions apply only to opening and publishing in JYX. If you want to archive your data in, for example, the SKS Archive, contact SKS. If you want to publish your data in, for example, the Finnish Social Science Data Archive (FSD), contact FSD.

Assess with your supervisor whether opening your data for reuse is possible and reasonable:

1. Is the data anonymous?
2. If your data is anonymous, make a value assessment with your supervisor to determine whether the data has research, historical, or cultural reuse value, in which case it can be published in JYX.

Criteria for value assessment:

• Can the data be used for purposes other than its original intended use?
• Have you organised, documented, and described the data at a sufficient level so that someone else can interpret and use it?

Opening and publishing data is done in the Vasara system: Publishing Student Research Data

• The Vasara system guides you through the data opening process.
• You will be asked to describe your dataset, and keywords describing your data will be automatically suggested.
• The data is uploaded to Vasara as a ZIP file.
• Your data will be reviewed by the Open Science Centre, after which your main supervisor will receive a message requesting an assessment of whether the data is suitable for reuse in theses or scientific research more generally.
• Publishing the data requires your main supervisor’s approval.

The Open Science Centre will assist you if needed!

Storing data for your own future use

If you plan to reuse the data collected for your thesis – containing personal data – for an article or dissertation, the primary solution is to anonymise the data after your thesis is completed.

• This way, you will not retain any data containing personal information!

If anonymisation is impossible and you intend to keep data containing personal information for reuse, you must address issues related to informing the participants, agreements on data rights, and secure storage. This must be done already during the data management planning stage.

Informing Participants

It is essential that participants are informed in the privacy notice and consent form about the purposes and lifecycle of the data.
If participants were told that the data will be used for the thesis and destroyed immediately after its completion, the data cannot later be reused for, e.g., a dissertation article.

• If the data will not be destroyed immediately, participants must be aware of this from the start.
• If the purpose of use changes after the you have informed the participants, participants must be informed again.
• Discuss with your supervisor whether your thesis is classified as scientific research and whether the legal basis for processing personal data can be considered public interest.
  • In this case, it is sufficient to inform participants about data reuse when collecting thesis data and ensure their consent for different purposes (e.g., thesis, article).
  • Consent obtained during the thesis stage remains valid for reuse unless withdrawn by the participant.
• If the legal basis for processing personal data in your thesis is consent (i.e., the thesis cannot be considered scientific research), and you plan to use the data for a dissertation article (which can be considered scientific research): choose both consent (for the thesis) and public interest scientific research (for the dissertation article) as legal bases.
• If this is a follow-up study, inform the participants: “This is a follow-up study. You will be contacted later unless you withdraw your consent to participate.”
  • Then, request consent for follow-up contact in the consent form.
  • In the thesis stage, state in the privacy notice that the data will be retained until a specified date for possible follow-up research and what personal data the retained dataset contains.
  • The data must be destroyed if the follow-up study does not start by the given date.
  • Later, when you contact the same participants again, provide detailed information about the follow-up study (information sheet and privacy notice), including what will happen to the data after the follow-up ends.
  • Note that follow-up contact may require retaining participants’ email addresses!

Agreeing on Rights

• If you are writing a thesis and collecting data with a partner, in collaboration with an organisation, or as part of a research group, make an agreement on data usage rights, including reuse.
• Read more in the learning material section: Rights Related to Data.

Data Storage

Secure storage of research data cannot be compromised after the thesis is completed.
If the data is not anonymised and/or not archived/opened/published, arranging secure and appropriate storage solutions is the responsibility of the student who collected the data and acts as the data controller.

• Check whether you can use solutions provided by the University of Jyväskylä during the transition from degree student to doctoral researcher. Can you arrange the transition so that your university credentials and access rights remain active without interruption?
• If an interruption in access rights is expected, check whether applying for alumni study rights could be a solution.
• If it is not possible to prevent an interruption in access rights, you must delete all datasets containing personal data from university network drives and environments (e.g., Webropol) before your access rights expire!