Iron Rule 2 | Understand the Nature of your Data

Before handling any data, make sure you understand the nature of it

Understanding Data 

When handling data, take into account the following aspects: 

  • Level of confidentiality: what will happen if this data is lost? 
  • Legislative and regulatory requirements: think about applicable regulations – for instance, the Data Protection Act. 
  • Contractual requirements: your research data could be subject to contractual requirements imposed by a third party data provider. 

*New for 2022* Research Data Toolkit

The LSE Research Data Toolkit brings together key information on research ethics, data protection, research data management as well as security and travel and risk assessment.

It can be used in departments to support students, researchers and departmental staff to promote awareness and good practice relating to research data throughout the research lifecycle.

For additional information, please contact Datalibrary@lse.ac.uk, who authored this toolkit.

Data Handling 

Data handling includes every aspect of the data lifecycle from collection and storage through to transfer and sharing, retention, and disposal.   

Remember to think carefully before you share any data, making sure the necessary protection is in place when you do.    

Top Tip: Always pay extra attention to ‘personal data’ and ‘sensitive personal data’ in the context of the UK Data Protection Act. 

Learn more about the LSE Data Protection Policy here

LSE’s Information Classification Standard organises data into the categories below. Select any of the following to learn about the classification level: 

Data Storage at LSE 

LSE provides staff and students with the following options for storing information: 

OneDrive for Business (OD4B)

OneDrive for Business (OD4B) is your personal storage solution in the Cloud. 

With 1TB available for all staff and students, OD4B is recommended for work/study related file and document storage.  

For guidance on the service, please see here.  

H: Space

All staff and students at LSE are given a quota of personal file space on the network, called H: space. 

You can save your work and study related files and folders here while logged on to the LSE network. By default, this area can only be accessed by you.  

For guidance on H: Space usage and allowance, see here.  

Shared Folders

LSE’s file servers ‘Adminshared’ and  ‘Deptshared’ provides staff and researchers with an area to store data which needs to be shared across a team/department. It may have letters such as L:, M: or P:. You will automatically see folders you are authorised to access on your work PC or from remote desktop.  

For remote desktop connections, use  remote.lse.ac.uk

You might need to check with Tech Support in order to make sure folder access permissions have been set in the right way, ensuring only the right people have access to the data stored in the folder. 

Commercial Cloud Storage

Cloud storage refers to the storage and management of data online. Before using this service model, consider the nature of information you wish to store. For example, confidential information should only be stored in the Cloud if it has been encrypted.   

To further help protect your data, use multi-factor authentication (major cloud storage providers offer this option) when accessing your account. 

Also be aware that data provided by 3rd parties, subject to the contract requirements, might not be allowed to be stored in the Cloud. 

 

Sharing Data Securely at LSE

Always consider access permission levels when sharing data. Regularly review permissions to check only the right people have access to the right resources.  

  • Need to know - access is only given to those who have the legitimate business need for such access.
  • Least privilege - access permission levels should be restricted to what are absolutely necessary (e.g. 'read only' vs. 'edit').
  • Provide role-based access where possible - access is assigned via user groups instead of being assigned to individuals. 

LSE provides staff and students with the following options for sharing information: 

OneDrive/SharePoint/Teams

Any data sharing should be via one of the following means, which allow you to add a guest account to the data you wish to share: 

  • Microsoft SharePoint; or

  • Microsoft OneDrive for Business; or

  • Microsoft Teams: Request Guest User

Why should you use LSE-provided OneDrive, SharePoint, and Teams?

  • These options are formally assessed by the School and are backed by policy, please see the Research Tools Minimum Standards
  • Compliant with UK and EU data privacy legislation
  • Supported by DTS if you need troubleshooting
  • You can access OneDrive and SharePoint data anywhere with internet access and can sync files with your device. Files stored on your H: Space can only be accessed on the LSE network
  • It is recommended to save an extra copy of important information in the cloud in case your device is corrupted or lost
  • SharePoint and Teams enable you to securely share files with colleagues at LSE and with external collaborators, and you can request a SharePoint site here.

** Updated Guidelines for 2022/23 **

For detailed guidance about managing access in SharePoint/Teams/OneDrive, with screenshots and step-by-step instructions, please visit the Guidelines section of the IT Policies page here.

FileDrop (large files up to 39GB)

The LSE user must start the file sharing by first logging in to filedrop.lse.ac.uk using their LSE username and password

On the top of the home page, click on File Requests to receive a file from someone else

Click the blue button New File Request

On this page, the LSE user can request files from someone else. After the LSE user fills in the form and clicks the blue button Request File, the external partner will get an email with a unique link that can be used to send the requested files to the LSE user

 

Cloud Assurance Questions for non-LSE storage

Did you know you may need to fill in a Cloud Assurance Questionnaire (CAQ) and submit it to dts.cyber.security.and.risk@lse.ac.uk BEFORE commissioning an external (non-LSE) cloud provider to handle personal data? 

A CAQ is not just for cloud storage systems. You should also consider completing one if you and your project team want to use a cloud application that would store and process your data. There are many types of cloud computing, but the three most common covered by a a CAQ are SaaS, IaaS, and PaaS. 

A CAQ asks questions about the provider's cyber security posture for the Project Team to consider before commissioning. Part A is completed by the Project Team, and Part B by the cloud provider. 

  • You should also read the Terms of Service and Privacy Policy to check for GDPR compliance
  • Learn what data they store, where the data is physically stored, how long the data is stored for, and what the data is used for. 
  • Inform your research participants how their personal data may be used (for example, transcription apps may use your audio files to improve their voice recognition)

Top Tip: Always use LSE-provided storage and sharing facilities before considering an external cloud provider. DTS provides full support for OneDrive/SharePoint/Teams and filedrop.

A CAQ isn't always necessary. To learn more, check out our recent blog post, What's a CAQ?