Skip to main content

Data Management: Regulation and Security

Data Back-Up

Backing up data is an essential part of the data management process. Hardware failure, virus infection, hacking, and loss or theft of hardware are all common realities that can have a devastating effect on research if proper back-up hasn't taken place. See the UK Data Archive's guidelines on Backing-up Data for more information.

Backing Up vs Storage

Back-up and storage are related concepts, but are not the same thing. While storage refers to ways of preserving files for the short- or long-term, back-up refers to preserving copies of your files in different physical locations and using different media to protect against data loss.

3-2-1 Rule

A good rule of thumb for backing up data is the 3-2-1 rule. It states that at least 3 total copies of data should exist, 2 of which are local but on different media (devices), and at least 1 copy should be stored offsite. The offsite storage is important in case of fires, floods, or theft.

Chief Data Officer

Concerned primarily with the university's administrative data, USC's Chief Data Officer provides resources and limited support concerning research data. Links of note include:

Data Resources
Data Use and Data Sharing

Data Security

Security of data refers to data files, computing systems, internal and external networks, and physical locations.

For information about data security from the University of South Carolina, click HERE

Data Privacy

While information security is concerned with protection, privacy is concerned with the sensitivity of data, the justification for collecting data, and decisions about notification and sharing. International, Federal, and State legislation and regulations may apply. Privacy issues vary greatly by location and subject matter of data, posing significant liabilities, especially with regard to protected personal information (PPI) and personal identifying information (PII). A few resources of note include:

European Union General Data Protection Regulation (GDPR)
International Association of Privacy Professionals (IAAP)
South Carolina Enterprise Privacy Office
including SC-DIS 200, Information Security and Privacy Standards

University Policies

The following university policies are potentially applicable to research data management.

Information Security IT 3.00
Archives and Record Management LIB 1.03
Research Data Access and Retention RSCH 1.05
Data & Information Governance UNIV 1.51
Responsible Use of Data, Technology, and User Credentials UNIV 1.52
‚Äč
  - Note that this policy includes several appendices designed for adaptive use by university personnel, potentially including researchers.