Skip to Main Content

University Library

Research Data Management Toolkit

Best practices in Research Data Management promote research integrity and collaborative opportunities. A Research Data Management Plan ensures data security, accessibility and validation of results.

Ethics & Compliance considerations

Before completing this section of your Research Data Management Plan you will need to determine:

  • Who has ownership of the data
  • If the data is sensitive
  • Whether it is subject to regulatory controls, including Defence Trade Controls legislation, sanctions, or Foreign Interference Awareness.

In addition, management of all UWA research data must comply with relevant UWA and Australian guidelines.

Ownership and Intellectual Property

It is imperative that the ownership of research data is clarified prior to the commencement of a project. Future storage and reuse are directly affected by the intellectual property rights of research data. IP Australia defines intellectual property as "...the property of your mind or proprietary knowledge. Basically, the productive new ideas you create. It can be an invention, trade mark, design, brand, or the application of your idea."

Data ownership should be documented in the Research Data Management Plan.

Ownership is affected by:

  • the commercial potential of the research data;
  • whether the research data is acquired through organisational collaborations;
  • project funding agreements;
  • researcher status (Intellectual property regulations apply to all UWA researchers, with notable differences between research staff and research students); and
  • whether UWA-owned or third-party data has been utilised during the conduct of research.

Generally, UWA students (including higher degree by research students) own their research data, whereas the University has ownership of data produced by UWA staff, as described in sections 3 and 4 of the UWA Intellectual Property Policy.

Data sensitivity

Research data may contain confidential or other sensitive information. It is important that you understand the level of sensitivity of your data so that it can be stored and shared appropriately (as outlined in the Store active data tab). The data sensitivity classifications used in the University have been adapted with permission from the UWA information Protection Classification Guide produced by Information Governance. 

The UWA IP Classification scheme is a 4 level scale, with 1 being the least restrictive and least valued information and 4 being the greatest value and needing the most protection.  

Level

Classification

Description

Examples

Who can access it

1

Public

Information that is Public is intended, or available, for release to the public.

This classification includes information made available to read or download from our websites, and Open data (where the University publishes research data for manipulation by the public). 

Information classified as Public can be restricted both earlier in its lifecycle (e.g. before publication) and/or later once it has been removed from access by the public. 

Public information by default will have an insignificant consequence to the University, third parties or research subjects if unauthorised access occurs.

Data is either not sensitive and can be published unaltered or is sensitive data which has been irreversibly de-identified and has no other consequences associated with it being made public (e.g. reputational damage, commercially sensitive or contractual).

Members of the public.

2

Confidential

Information that is Confidential is intended for use by a discrete group of users (for example, UWA staff, or  a research group that may include higher degree by research students and/or selected external collaborators). This type of information is protected by requiring authentication using the standard UWA account (e.g. Uni ID). 

This will be the default classification for all information unless another classification is applied and should be seriously considered for most information to support the UWA Information Governance Framework Information Principle 6 which states that "Information will be Accessible; collaboration and sharing will be promoted and enabled by default".

This supports the idea of open by default and restricted by exception which enables re-use of information, transfer of knowledge and minimisation of rework; and promotes cross function collaboration and understanding.  

Unauthorised access will have limited or minor consequences or impacts on the University, third parties or research subjects.

Data collected from animals, internal University data, working research data.

Research group/collaborators only, with password protection.

3

Confidential Restricted

Information that is Confidential Restricted is intended for use by a discrete group of users with a business need based on their organisational function (for example, specific UWA staff and higher degree by research students only).This will usually be based on either the function of their role (e.g. Payroll for pay details), a specific project / initiative they are part of or the seniority of the staff member (e.g. Director, Senior Leadership team). 

Examples of this include such things as payroll details, some contracts, tenders and agreements and in general anything which contains Personally Identifiable Information (PII).  

Information to be released outside its designated access will need to be approved by the appropriate authority such as the Information Steward, or Business System Owner.    

Unauthorised access to Confidential Restricted information could have moderate consequences or impacts on the University, third parties or research subjects.

Identifiable data, e.g. personal name and contact details, geospatial coordinates

Researchers who collected the original data

4

Highly Restricted

Information that is Highly Restricted is intended for use by a discrete group of users with a specific business need based on their individual role (often at an Executive level) or those with a very specific role which is related to that type of information (e.g. data used for double blinding researchers).   

Highly restricted information often contains sensitive personal information, legally privileged information, commercially sensitive information to UWA and/or a supplier, or information relating to animal/human ethics for research.   

Release of highly confidential information outside its designated access will need to be approved by an appropriate authority such as the Information Steward, Business System Owner or in some cases a specific named individual or role who has a legal responsibility for that information.  

Unauthorised access to Highly Restricted information by default will have a major or catastrophic consequence to the University, third parties or research subjects if unauthorised access occurs. 

Information that would have a catastrophic consequence to the University and research subjects if unauthorised access occurs would be handled differentially by controls around access (e.g. location, storage, and permissions) from that with a major consequence, where required.

Culturally sensitive data, data pertaining to minor or at-risk participants, e.g. Indigenous, children, people with a disability, people living under politically unstable regimes, war zones

Chief investigators only

The ratings (insignificant, minor, moderate, major and catastrophic) are qualitative measures of consequence used similarly to those used by the UWA Risk Matrix (as approved by the UWA Risk and Audit Committee).   

 

If your research data is particularly difficult to classify and you require advice, you can contact UWA’s Information Governance team using the Information Governance (IG) Service Request form.

Select the Advice & Consultancy  > Information Protection service, and then type in your question about data classification for the Information Governance team.

Data Sensitivity Decision Tree

Definitions

The qualitative measures of consequence below have been extracted from the UWA Risk Matrix and are used as the deciding factor in the decision tree above.

 

Insignificant 

Minor  

Moderate 

Major 

Extreme

Reputation 
  • Unsubstantiated adverse criticism
  • No media attention 
  • No reputational impact
  • Substantiated low-level criticism
  • Short-term local media attention
  • Isolated reputational damage
  • Substantiated wide spread public and sector comment
  • Prominent but short term local/national media attention and criticism
  • Limited reputational damage
  • Substantiated and sustained negative media coverage
  • Adverse local/national media exposure
  • Reputational damage nationally or locally
  • Loss of public confidence and government, community or student support 
  • Extensive and sustained national/ international negative media coverage
  • Long-term damage to reputation

Research & Education
  • Negligible impact on research/ teaching objectives, targets and activity (including student enrolments and retention) 
  • Short term or minor impediments to meeting research/ teaching objectives and targets (including student enrolments and retention)
  • Short term negative impact on research or teaching activity 
  • Significant impediments to meeting research/ teaching objectives and targets (including student enrolments and retention)
  • Impact on teaching or research activity for a sustained period
  • Short term damage to relationship with partners/ collaborators
  • Major impediments to meeting research/ teaching objectives and targets (including student enrolment and retention)
  • Loss of major research/teaching program or activity
  • Long term damage to relationship with partners/collaborators
  • Serious and sustained inability to meet research/ teaching objectives and targets
  • Loss of multiple teaching/ research programs or activities
  • Irreparable impact on relationships with partners/collaborators 

Legislative  compliance  
  • Procedural or good faith breach with little or no impact to UWA

 
  • Minor non-compliance, including minor breaches of an Act or Regulation
  • May result in infringement notice.

 
  • Breach of an Act or Regulation with potential for regulatory action 
  • Major breach of an Act or Regulation with expected regulatory action
  • Potential for prosecution and/ or major fines 
  • Serious breach of an Act of Regulation
  • Significant criminal prosecution or civil litigation (including class action) and/or significant fines
  • Significant impact on future funding, licensing or registrations

Regulatory controls

UWA has a long-held commitment to openness in academic research and international collaboration. Of equal importance is UWA's responsibility to ensure the security of its research and to implement protections against foreign interference. We all have a role to play in safeguarding Australia's research from efforts by foreign governments to misappropriate intellectual property and research findings. Your research data and any intellectual property is valuable but it is also an asset to clandestine foreign actors who seek to obtain such data for the benefit of a foreign actor. To ensure the protection of your data, it is important to select data storage which is sufficiently secure for the level of data sensitivity (see the Storage & Retention tab for more information on this).

Further information on Defence Trade Controls, the Defence and Strategic Goods List, and Foreign Interference Guidelines from the UWA Office of Research

Policies and Guidelines

There are several policies and guidelines of relevance to research data management.

UWA governance:

  • UWA Research Integrity Policy - section 3 refers to the management of research data and primary materials, while section 8 addresses collaboration.
  • UWA Intellectual Property Policy documents the ownership and management of intellectual property at UWA.
  • Graduate Research School has policies on Intellectual Property and Research Integrity that are particularly relevant for PhD students.
  • Acceptable Use of IT Policy expresses your personal security requirements for safeguarding the University's reputation, its IT Services and IT Assets, as well as protecting your digital identity, security and online experience.
  • Information Protection Policy - definitions, obligations and responsibilities for securing information based on its risk, legal requirements and business value.
  • Western Australian University Sector Disposal Authority (WAUSDA) developed by the Western Australian Public Universities in conjunction with the State Records Office of WA to form part of the Recordkeeping Plan of each University, as required under section 16(3) (a-c) of the State Records Act 2000.
  • UWA RDM Operating Model - the purpose of the document is to outline the processes, roles, governance, and reporting relating to research data management at UWA.

Australian governance:

Australian Research Data Commons has extensive documentation on working with sensitive data for Australian researchers and the ARDC Guide on Data Sharing for Human Research Ethics Committees provides expert tips for documenting consent and data management in Human Research Ethics applications.

For further information, email staffsupport-lib@uwa.edu.au (UWA staff) or hdrsupport-lib@uwa.edu.au (UWA HDR students).

 

CONTENT LICENCE

 Except for logos, Canva designs, AI generated images or where otherwise indicated, content in this guide is licensed under a Creative Commons Attribution-ShareAlike 4.0 International Licence.