Quantitative or qualitative, research projects across disciplines can produce and engage with data substantially throughout the research process.
In fact, data themselves have a complete lifecycle during the course of research projects, just like the overarching research itself. At each stage of the data lifecycle, researchers need to be aware of what they can, cannot, and should do with their data.
This guide provides an overview of NYU's policies regarding data ownership and management to help researchers navigate their responsibilities throughout the data lifecycle.
For more information regarding data management practices, please also refer to Data Services' Data Management Guide.
Image credit: Data Management Planning, NYU Data Services. CC BY-NC-SA 4.0.
Data management is done at all stages of the cyclical research life cycle, going from Creating Data, to Processing Data, Analyzing Data, Preserving Data, Publishing Data, Reusing Data, and eventually looping back to creating. Each step in the process has its own best practices & standards.
To start, who owns the copyright of the data created in a research project?
According to NYU Intellectual Property Policy:
Once obtaining and analyzing the outputs of their research, researchers may want to publish their data. In some cases, funders and publishers may also require researchers to publish data and make it openly available for reuse. To learn more about federal requirements regarding open data publication, please refer to the Federal Funder Public Access page.
NYU's Intellectual Property Policy states that:
Researchers publish and retain their data so that others may have access to the data to replicate results or test new theories related to the data.
According to NYU's Data Retention and Access Policy:
The resource page of NYU's Data Retention and Access Policy (PDF) also contains links to several sponsor policies.
After the results of a research project have been published, the data must then be retained. It is important for researchers to engage in carefully planned data retention practices so as to keep their research outcomes accountable even after the researchers have moved on to another project.
According to NYU's Data Retention and Access Policy:
Research data may contain personally identifiable information protected by privacy laws; they may also contain security information that, once leaked, can threaten the safety of other computer systems. Besides, loss of important data caused by physical damage, system failure, or cyber attack can also heavily impact research projects. Therefore, research data need to be carefully handled during publication and storage. Researchers should evaluate the risk of their data and take steps to protect sensitive information.
For this purpose, NYU has set up the Electronic Data and System Risk Classification Policy, which divides data into Low, Moderate, and High Risk classes and gives criteria and examples for each class. The appendix of this policy also outlines special cases that need to be handled under more specific policies (such as FERPA, HIPAA and GDPR regulations--specific compliance procedures are in the Resources and Links section). This policy also provides links to practical procedures and special policies to help researchers navigate data security.