Scholarly Communications

Quantitative or qualitative, research projects across disciplines can produce and engage with data substantially throughout the research process. 

In fact, data themselves have a complete lifecycle during the course of research projects, just like the overarching research itself. At each stage of the data lifecycle, researchers need to be aware of what they can, cannot, and should do with their data.

This guide provides an overview of NYU's policies regarding data ownership and management to help researchers navigate their responsibilities throughout the data lifecycle.

For more information regarding data management practices, please also refer to Data Services' Data Management Guide.

Image credit: Data Management Planning, NYU Data Services. CC BY-NC-SA 4.0.

Data management is done at all stages of the cyclical research life cycle, going from Creating Data, to Processing Data, Analyzing Data, Preserving Data, Publishing Data, Reusing Data, and eventually looping back to creating. Each step in the process has its own best practices & standards. 

To start, who owns the copyright of the data created in a research project?

According to NYU Intellectual Property Policy:

• In general, data generated in the course of research are owned by the researchers. NYU does not claim ownership of these data.
• Except when the data are closely associated with inventions or patents, special types of commercializable work over which NYU may claim ownership rights. In these cases, NYU may claim ownership of the data, even though the data themselves may not be patentable. 

Once obtaining and analyzing the outputs of their research, researchers may want to publish their data. In some cases, funders and publishers may also require researchers to publish data and make it openly available for reuse. To learn more about federal requirements regarding open data publication, please refer to the Federal Funder Public Access page.

NYU's Intellectual Property Policy states that:

• In general, researchers are free to publish their data.
• However, to protect inventions or patents, NYU may require the delay of publication of related data for up to 90 days, so as to protect its intellectual property rights or to meet legal or contractual obligations. The Provost may also authorize longer review or delay periods if needed.

Researchers publish and retain their data so that others may have access to the data to replicate results or test new theories related to the data.

According to NYU's Data Retention and Access Policy:

• As a general rule, NYU always has the right to access research data.
• Sponsors and publishers may also require data to be made openly accessible.
• For projects sponsored by the U.S. government, the general public can also request access to data through the Freedom of Information Act (FOIA). This is the case for data that are later used to develop governmental policy and law.

The resource page of NYU's Data Retention and Access Policy (PDF) also contains links to several sponsor policies.

After the results of a research project have been published, the data must then be retained. It is important for researchers to engage in carefully planned data retention practices so as to keep their research outcomes accountable even after the researchers have moved on to another project.

According to NYU's Data Retention and Access Policy:

• In general, researchers are required to keep data available for at least 3 years after final project close-out, or 5 years after final reporting/publication.
• Data related to inventions or patents should be kept for as long as necessary.
• In the event ethical charges or allegations are made against researchers regarding research practices or outcomes, related data need to be kept for at least 7 years after those proceedings are completed.
• If students are involved in research, data must be kept at least until the student's degree is awarded, or after the student has abandoned the project.

Research data may contain personally identifiable information protected by privacy laws; they may also contain security information that, once leaked, can threaten the safety of other computer systems. Besides, loss of important data caused by physical damage, system failure, or cyber attack can also heavily impact research projects. Therefore, research data need to be carefully handled during publication and storage. Researchers should evaluate the risk of their data and take steps to protect sensitive information.

For this purpose, NYU has set up the Electronic Data and System Risk Classification Policy, which divides data into Low, Moderate, and High Risk classes and gives criteria and examples for each class. The appendix of this policy also outlines special cases that need to be handled under more specific policies (such as FERPA, HIPAA and GDPR regulations--specific compliance procedures are in the Resources and Links section). This policy also provides links to practical procedures and special policies to help researchers navigate data security.

NYU Policies

• Data Retention and Access Policy
• Intellectual Property Policy
• Electronic Data and System Risk Classification Policy

Organizational and Federal Data Sharing Policies

• NIH Data Sharing Policy
• NSF Dissemination and Sharing Policy
• Federal Acquisition Regulation (FAR) Data Policy

NYU Data Security Procedures

• Data and System Security Policy
• IT Security Information Breach Notification Policy
• NYU IT Security and Policies Website

NYU Data Security Compliance Guides

• Export Compliance Guide
• FERPA Compliance Guide
• GDPR Compliance Guide
• HIPAA Compliance Guide
• NYU GLBA Information Security Program
• Payment Card Industry Data Security Standard

See Also

• Council on Governmental Relations (COGR) Data Sharing and Retention Guide
• NYU Data Services Data Management Lib Guide