Research data is all registering/ written down/ reports in form of numbers, texts, pictures and sounds that are being generated or arise during a research project. Read about research data.
Personal data is research data containing personal information. Personal information may be non-sensitive and sensitive.
Are you going to handle data with sensitive personal information (RED and BLACK data)? Such data requires particular handling and must be reported to The Norwegian centre for research data (NSD) 30 days before the collection of the data starts.
Read more about data classification and roles and responsibilities in terms of processing personal data below.
All research data are classified as GREEN, YELLOW, RED or BLACK. You and your supervisor are responsible for the research data to be processed in compliance with the guidelines for the te different classifications. Research data with sensitive information (RED and BLACK data) requires particular processing.
- Open or freely available (GREEN) - Research data not containing personal information, for example data about animals, plants, bacteria etc.
- Limited (YELLOW) - De-identified data where the key is locked away and stored safely away from the data, anonymized data, data with non-sensitive personal information.
- Confidential (RED) - Research data with sensitive personal information or information about health.
- Strictly confidential (BLACK) - Large amounts of sensitive personal information, large amounts of health information, research data or data sets of great economic value. Students should not handle such data.
As a student you own your own researh data. Should you be involved in a research project, there may be a need to regulate ownership of results, research data and confidentiality. To transfer ownership of data from student to supervisor a specific contract to do so must be written.
Contact the legal advisers in the Research Office when you have questions about ownership of results, reserach data and confidentiality.
- The student has the operative responsibility as project manager.
- The supervisor has a particular responsibility to support the student with assessing research ethical issues o do with data collection and working with personal data.
The responsibilities of the project manager
- To assess if the project should involve processing personal information. The project manager should check if the project should be reported to NSD.
- To report the project to NSD within 30 days before starting the processing. Information for the form: The contact person at NMBU is Jan Olav Aarflot in the Research Support Office.
- To describe processing (colletion, storing and archiving) personal data in a Data Management Plan.
- To ensure that persons processing personal data have concluded the necessary Information Security and Privacy training before processing data.
- To report any changes during the project.
- To follow up own project at the end of the project.
Personal data councelling services at NMBU
The Norwegian centre for research data (NSD) assists students at NMBU that will handle personal data in their prosject.
The NSD contact person at NMBU is Jan Olav Aarflot i Forskingsavdelinga.
- Students should store research data using their NMBU OneDrive area.
- Personal data with senistive information (RED data) may be stored on the OneDrive area for a short period of time. The data must be made anonymous as soon as possible. Read more about making datasets anonymous.
How to access the NMBU OneDrive?
- Access to OneDrive is via NMBU Home Office.
- Start a browser, type the address https://portal.nmbu.no, and log in with your NMBU username and NMBU password.
- Data from surveys/ questionnaires are as a rule non-sensitive (YELLOW data).
- You should use Nettskjema to collect your data. The first storage of data may be in the Nettskjema solution.
- The data may be downloaded from Nettskjema and stored on your own storage area on the NMBU OneDrive.
- The data should be made anonymous as soon as possible.
Contact Solveig Fossum-Raunehaug (the Research Support Office) when you have questions about data collection and storage of non-sensitive research data.
Research data with sensitive personal information (RED data), requires particular handling and must be reported to the Norwegian centre for research data (NSD) within 30 days before the data collection starts.
- Audiovisual recordings are classified as sensitive personal information (RED data).
- Nettskjema dictaphone should be the method used to make audiovisual recordings. The recordings will be automatically stored within the solution.
- The data may be downloaded from Nettskjema and stored on your own storage area on the NMBU OneDrive. The data should be made anonymous as soon as possible.
- Teams or Zoom may be used for audiovisual recordings. the recordings are automatically stored on your personal area on the PC.
- Audiovisual recordings must be made anonymous as soon as possible and stored on your own storage area on the NMBU OneDrive.
Contact Jan Olav Aarflot (Research Support Office) when you have questions about collecting and storing sensitive research data.
If the data you are collecting is part of a larger research project and/ or your supervisor wishes to keep the data you may gainaccess to LargeServer (W.).
Contact the NMBU IT-department for access to W:.
There are limitations in the use of privately owned computers, mobile phones or other digital devices for collection and storing research data.
Strictly confidential data (BLACK data) cannot be stored on a privately owned PC/ device.
Data can be stored on a privately owned PC/ device for a shorter period of time if the following requirements have been met:
- There is opportunity to store data you have collected when they are transferred to correct storage/ deposit as soon as there is opportunity to do so
- You may for shorter periods of time upload a copy of a dataset to your private computer/ device to process and analyze
- The data must only be used by you
- Your user for the computer cannot be with administrator rights
- Your user for the computer must be secured with a strong password (link in Norwegian)
- A separate user with administrator rights must be created
- The user with administrator rights must be secured with a strong password (link in Norwegian)
- There cannot be any other users of the computer/device
- You are required to keep your computer/device automatically updated with the latest operating system security updates
- You must have updated valid antivirus software installed on your computer/device
- If you leave the computer/ device it must be locked
- The data must be encrypted (Windows)/(MacOS)
- The computer/device must be completely turned off during transport
- You must exercise caution and scepticism about links in emails and on unknown websites
- You must be careful when using unknown wireless networks, especially when on travel
- Have knowledge about which programs that enables copy of folders and files to various private backup or cloud solutions
Go to this web page to find information about Storing research data on PC, mobile or other digital device
Contact Jan Olav Aarflot (the Research Support Office) if you have questions about the use of a privately owned PC/device.
NMBU comply with the FAIR principles (Findable, Accessable, Interoperable and Resuable) and the principle that "Research data should be as open as possible and as cloed as necessary". Research data must be archived and shared when possible.
- Students may archive/ deposit their research data in the archive "NMBU Open Research Data" (DataverseNO). The archive may be used for archiving all kinds of data, except from research data with personal sensitive information. Research data can have open access or limitations ("embargo").
- Should the student not chose to make use of the archive "NMBU Open Research Data" (DataverseNO), the data should be transferrred to the supervisor. When transferring ownership of data from student to supervisor a separate agreement must be made.
According to the NMBU guidelines research data must be made available when possible.However, there may be a number of challenges with open access. Men det kan finnast fleire utfordringar knytta til det å gjera enkelte datasett ope tilgjengeleg. Reasons for limited availability may be:
- Safety measures: Where availability of data may harm individuals or national security, the data sets are not to be made open access.
- Personal data: Where availability of data is in conflict with the current privacy regulations, the data sets are not to be made open access.
- Other legal matters: Where availability of data is in conflict with other legal provisions, the data sets are not to be made open access.
- Commercial provisions: Data with commercial value generated in projects with a company may be exempt from the general principle of open access. The recommendations are then that the data will be made available after a certain period of time, e.g. 3 to 5 years.
- Other conditions. Where availability of the data has great economic or practical consequences for those who generated/ collected the data, the data sets may be exempt from the general principle of open access if the arguments satisfy the conditions. This may apply to for example qualitative research data.
Contact the University Library if you have questions or require councelling about archiving (deposit) and sharing research data.