On this page

Purpose | Scope | Principles Procedure statements Roles and responsibilities  Definitions  Approval information  Version history  References

Related procedures

Research Policy

Research Management (SharePoint)

Research Finance (SharePoint)

Authorship

Defence Industry Security Program (SharePoint)

Defence Trade Controls Compliance (SharePoint)

University Consulting (SharePoint)

US Public Health Service Financial Conflicts of Interest Disclosure

Use of AI in Research Guidelines

1. Purpose

1.1 The Research Data Management Procedure (the procedure) outlines the mutual obligations of UTS and UTS researchers to ensure good data management practices in line with the Australian Code for the Responsible Conduct of Research (the Australian Code). 

1.2 Following the requirements outlined in this procedure aids researchers in complying with the Australian Code.

1.3 The procedure should be read in conjunction with the Research Policy (the policy).

2. Scope

2.1 The procedure applies to all those under the scope of the policy.

3. Principles

3.1 The principles outlined in the policy apply for this procedure.

3.2 UTS communicates research methodology, data and findings openly, accurately and responsibly in line with the Management of data and information in research (an Australian Code guide).

3.3 UTS is committed to open, equitable and worldwide access to its research in line with the Open Access Policy.

3.4 Researchers must take ethical and cultural considerations into account when collecting and managing research data.

3.5 Researchers will retain clear, accurate, secure and complete records of research, including research data and primary materials.

3.6 UTS will provide access to facilities for the safe and secure storage and management of research data and materials.

3.7 Researchers should apply discipline-appropriate processes in following this procedure.

4. Procedure statements

Planning a research project

4.1 Before starting a research project, researchers should ensure they have a strong understanding of good research data management practices (refer RES Hub: Self-paced Training and UTS Library: Research data management). 

4.2 Researchers should consider the type and volume of research data and materials they will be collecting and how it will be stored, handled and managed during and after the research project. 

4.3 Where necessary, researchers should include costings for data management and storage in their research proposals. Researchers should consult eResearch for advice around such costings. 

4.4 Where researchers are collaborating on a project with an external party (such as another university or an industry partner), they should discuss which organisation's policy on data management will be followed. This must be documented in the research contract, research data management plan (RDMP) and/or data licence agreement in line with the policy.

4.5 Researchers should consider the use and application of generative AI for their research data in line with the Use of AI in Research Guidelines.

Developing a research data management plan

4.6 Researchers must develop an RDMP at the start of their research project. Research project leaders must ensure that an RDMP is completed and maintained in a UTS approved platform for projects that they lead. At a minimum, the plan should address:

  1. the research project to which it is linked (title and/or MyProposal ID)
  2. the purposes for which the information will be collected, used and/or disclosed
  3. the project’s research project leader (as data steward) and data manager
  4. where the data will be stored
  5. the size and form of the data
  6. who will have access to the data and how access will be managed
  7. the data’s security classification and how it will be protected
  8. the data’s security classification (refer Information Security Classification Standard available at Records and archives hub: Information security (SharePoint)) and how it will be protected
  9. sensitivities that apply to the data (commercial, privacy, ethical, security classification)
  10. the data’s retention period and when it should be archived or destroyed (refer Data records, retention and disposal)
  11. what licence will be applied to the data
  12. intellectual property (IP) rights relating to the data, including use of secondary or third party data.

4.7 Once an RDMP has been created, researchers can use Stash to request research workspaces, which can be used to collect, store and analyse research data.

4.8 A research project may extend beyond funding cycles and result in multiple research outputs. In these cases, it may be appropriate for researchers to create and maintain a single RDMP that outlines how they will collect, use and manage their research data.

Table: Summary of responsibilities for planning and developing an RDMP

UTS will
  1. provide guidance and training to researchers on how to manage their research data
  2. provide tools and infrastructure to enable researchers to complete RDMPs.
Research project leaders will
  1. ensure that project members are familiar with research data management practices and are given appropriate training and guidance
  2. ensure that an RDMP is completed and maintained for each project that they lead.
Researchers will
  1. undertake training to ensure they are familiar with research data management practices
  2. complete and maintain RDMPs for their research projects
  3. take ethical and cultural considerations into account when planning the collection and management of data.
Graduate research supervisors will
  1. ensure that their students complete appropriate training on research data management
  2. ensure that their students complete an RDMP for their project.
Graduate research students will
  1. complete training on research data management
  2. complete an RDMP for their project in consultation with their supervisors no later than their stage 1 assessment
  3. nominate their principal supervisor as research project leader on their RDMP.

Working with data and materials

4.9 Researchers must store their data in UTS managed or recommended research workspaces to:

  1. protect their data and manage access
  2. have a record of progress
  3. reduce the risk of accidental or deliberate deletion or falsification of data, and
  4. meet their research recordkeeping obligations.

4.10 Researchers working with primary materials, such as archival collections and fieldwork specimens, must address management of these materials in their RDMP. They must consider how the materials can be preserved (for example, conservation of objects, specimens and documents) so that they form part of the research data record. Where available, digital scans or images of the material should form part of the research data record.

4.11 Researchers working with primary materials should also consider how access to the materials may be granted to enable verification of findings and reuse if appropriate.

4.12 Primary research materials should be described with appropriate metadata (using recognised metadata standards where available (refer Australian Research Data Commons: Metadata)), including enough information to allow an interested party to identify the materials.

Storage and classification

4.13 Research data must be stored on UTS managed or recommended infrastructure as appropriate to the discipline and security classification of the data (refer eResearch: Contact us for guidance) unless collaborating on a research project with an external party where statement 4.14 may apply. Physical objects, such as notebooks, should be protected from loss or accidental disclosure. 

4.14 Where researchers are collaborating on a project where an external party (such as another university or an industry partner) has indicated that data must be stored on their infrastructure, this must be included in the research contract, the RDMP and/or separate data licence agreement in line with the policy.

4.15 Research data, especially sensitive data, should not be primarily stored on portable storage devices such as external hard drives, laptops, desktops or phones, which may be lost or stolen. Working copies of nonsensitive material (for example, deidentified data) can be stored on these devices, but primary copies of data should be stored on secure platforms (refer statement 4.13). The more sensitive the data, the less of it that should be stored on a portable device. Where storing data on a portable storage device is unavoidable, these devices must be encrypted to protect them from unauthorised access or use (refer Information Security Policy). Defence data must not be stored on any kind of portable device.

4.16 Researchers should refer to the Information Security Classification Standard (available at Records and archives hub: Information security (SharePoint)) for information on how to correctly classify their research data and determine where it may be stored. Refer the Information Security Policy and the Records Management Policy.

4.17 At a minimum, pre-publication research data will generally be classified as UTS Internal. Research data that contains personal information or is otherwise sensitive will have a higher security classification, which affects where it may be stored and how it must be protected. This includes physical copies of data that contain personal information, such as survey responses, interview recordings and transcripts.

Transborder data flows

4.18 UTS has obligations that may restrict the disclosure or transfer of data outside New South Wales or to overseas recipients. For example: 

  1. Restrictions may apply to the disclosure of personal information, or the transfer of health information, outside NSW (including to overseas recipients) (refer Privacy Policy and Privacy hub: Disclosing information outside NSW (SharePoint)). 
  2. Restrictions on the transfer or disclosure of research information and research data may be imposed on UTS under a research contract, especially where UTS may receive datasets from other entities (secondary or third-party data). Researchers must check research contracts to identify any relevant restrictions. 
  3. Research covered by defence trade controls will have restrictions on the transfer of data overseas (refer International collaboration and engagement: Defence export controls (SharePoint)).

Table: Summary of responsibilities for working with and storage of data and materials

UTS will
  1. provide guidance to researchers on how to store their data securely depending on its security classification
  2. provide facilities to researchers to store their data appropriately for its security classification.
Research project leaders will
  1. apply the correct security classification to data from their project
  2. data from their project on UTS managed or recommended infrastructure.
Researchers will
  1. understand the security classification that applies to their research data
  2. understand the requirements that determine how their data must be stored
  3. comply with data licences and agreements for third-party data that they use
  4. identify any restrictions on the transfer or disclosure of data in research contracts
  5. use UTS managed or recommended infrastructure to store their data.
Graduate research supervisors will
  1. help their students to determine the correct security classification for their data
  2. ensure that their students use UTS managed or recommended infrastructure to store their data.
Graduate research students will
  1. consult with their supervisors to determine the correct security classification for their data
  2. use UTS managed or recommended infrastructure to store their data.

Access and rights 

4.19 Researchers must: 

  1. understand and clearly articulate data ownership in their RDMPs (refer Research Intellectual Property and Research Translation Procedure), and 
  2. ensure data is shared in line with statements 4.13 and 4.14. 

4.20 When making research data or records available to interested parties (for example, project collaborators), researchers must consider: 

  1. data ownership, including intellectual property rights and Indigenous Cultural and Intellectual Property (ICIP) rights 
  2. agreements with clients, research partners, data providers and/or publishers 
  3. ethical and legal obligations, for example, preserving privacy and the intended use and consent for use of data at the time of collection 
  4. safety and security, for example, agreements with interested parties that define required controls. 

4.21 If researchers do not have consent to share identifiable research data, it may be possible to de-identify the data to enable sharing. However, de-identification of data is complex and re-identification may be possible in the context of other data. Researchers de-identifying personal information should consider the risks to individuals if their data is re-identified before disseminating the de-identified data (refer Privacy hub: De-identification (SharePoint)). 

4.22 For research involving Indigenous Peoples, researchers must provide access to Indigenous data owners to uphold ICIP rights in line with the AIATSIS Code of Ethics for Aboriginal and Torres Strait Islander Research (refer Indigenous Cultural and Intellectual Property). 

4.23 Where secondary or third-party data is being used (for example, archival materials or datasets from another organisation), researchers must ensure they gather the data in accordance with the data licence agreement or obtain an appropriate data sharing agreement. At a minimum, the following requirements must be outlined: 

  1. security 
  2. access arrangements 
  3. further dissemination (sharing and publishing) 
  4. attribution 
  5. disposal. 

4.24 Researchers must adhere to all requirements outlined in any data sharing or data licence agreement.

Table: Summary of responsibilities for access and rights 

UTS will
  1. provide facilities to researchers to share their data appropriately.
Research project leaders will
  1. clearly articulate data ownership in project RDMPs 
  2. ensure security and safety arrangements are made and ethical and legal obligations are considered before sharing data with interested parties 
  3. ensure compliance with all requirements relating to third party data outlined in data licence and data sharing agreements.
Researchers will
  1. use UTS managed or recommended infrastructure when sharing data 
  2. comply with all data licence and data sharing agreements.
Graduate research supervisors will
  1. ensure that their students share data appropriately, taking into account security and safety arrangements and ethical and legal obligations 
  2. ensure their students use the appropriate infrastructure to share their data 
  3. ensure their students comply with all data licence and data sharing agreements.
Graduate research students will
  1. consult with their supervisors before sharing and/or providing access to data 
  2. use appropriate infrastructure to share their data 
  3. comply with all data licence and data sharing agreements.

Data records, retention and disposal

4.25 Researchers must create data records for their datasets with minimum metadata, including the following details:

  1. the data steward and data manager 
  2. a description of the data and files, including README files if required to understand the data 
  3. location of the data, and 
  4. proposed retention period.

4.26 Data records must be created in Stash. The data record will be linked to the relevant RDMP and will describe the data contained in the dataset. Data records can be created at regular intervals during the lifespan of a research project, which will help protect data against accidental or deliberate alteration or deletion.

4.27 Researchers must apply appropriate retention periods to their research data. The following are the usual minimum retention periods that apply to UTS under the State Records Act 1998 (NSW)

  1. Default period: Minimum 5 years after research is completed. 
  2. Clinical trials or research with potential long-term effects on humans (including animal testing for human products): Minimum 15 years after research is completed or, where the research involved minors, until subject reaches or would have reached the age of 25 years, whichever is longer. 
  3. Gene therapy or research of regulatory or community significance: Permanent retention (contact University Records to discuss management and transfer of data as a state archive).

4.28 Other retention periods may be specified by law, the Human Research Ethics Committee or a funding body.

4.29 The data steward must review the data at the end of the required retention period. If the data is no longer in use and no longer required for legitimate purposes, and there is no legal obligation to continue to retain the data, it should be scheduled for review in line with UTS’s destruction requirements (refer Records and archives hub: Archiving and destroying records (SharePoint)). This requires the data steward to approve destruction, confirming that the data is not: 

  1. of archival value and does not need to be permanently retained, and 
  2. required for any ongoing administrative or legal purposes, including being subject to any outstanding legal or ethical requirements, challenges of the research results or allegations of research misconduct.

4.30 Where destruction is approved, appropriate security must be applied, and discipline-appropriate processes must be followed, including for eResearch to securely delete any copies they hold.

4.31 If the data are still required, and there are no obligations to destroy the data, the data steward must nominate a further retention period for the data so a future review can be conducted.

4.32 Researchers using ICIP should negotiate with the community stakeholders and rights holders regarding its retention and storage (refer Indigenous Cultural and Intellectual Property). 

Table: Summary of responsibilities for data records, retention and disposal

UTS will
  1. provide facilities and guidance to researchers on creating data records 
  2. provide guidance to researchers on how long data must be retained 
  3. provide facilities for long-term retention of data 
  4. enable secure destruction of data once its retention period has expired.
Research project leaders will
  1. create data records for their datasets, including appropriate metadata 
  2. apply the correct retention period to data from their project 
  3. as the data steward, review the data at the end of the retention period and nominate a further retention period if appropriate 
  4. ensure that the nominated data steward and data manager for their projects is kept current.
Researchers will
  1. create data records for their datasets, applying appropriate metadata 
  2. understand the requirements that determine how long their data must be preserved 
  3. apply the correct retention period to their data.
Graduate research supervisors will
  1. ensure that their students create a data record and deposit their data at the end of their project 
  2. help their students to apply the correct retention period to their data.
Graduate research students will
  1. create a data record and archive their data at the end of their project 
  2. consult with their supervisors to determine the retention period for their data 
  3. ensure that the correct retention period is applied to their data.

Data publication 

4.33 UTS encourages researchers to make their data open access in line with the Australian Code (in particular, the Responsibilities of researchers R22), while recognising that they have the right to first use of their data (before publication). 

4.34 Researchers may choose to publish data in discipline-specific data repositories (for example, re3data.org) or via the Research Data Portal. Data publication requests are generated via Stash and require a data record. As part of publication, researchers can contact the eResearch team (refer eResearch: Contact us) to generate a digital object identifier (DOI). 

4.35 Some journals and funding bodies require researchers to publish their research data as part of research outputs. 

4.36 There are cases in which it is not appropriate for researchers to give open access to their data. These include but are not limited to the following: 

  1. The researcher has been granted access to the data by a third party and is not licensed to share it. 
  2. There are security reasons for not granting access to the data, including if the data contains information about the location of rare discoveries or threatened wildlife. 
  3. The data are commercially sensitive. 
  4. Research participants have not given their consent to the publication of data. 
  5. The data contain personal and/or health information of participants and it cannot be effectively de-identified. 
  6. Where researchers have used ICIP and dissemination has not been agreed to by community stakeholders and rights holders (refer Indigenous Cultural and Intellectual Property). 

4.37 In some cases where open data publication is not appropriate, it may be possible for researchers to publish just a metadata record and only allow mediated access to interested parties. The data or a subset of the data may be supplied under a licence that restricts use and access to nominated people and projects. 

4.38 Researchers should apply licences to their data that describe the conditions under which it may be accessed and used. Researchers should choose the least restrictive licence that is reasonable.

Table: Summary of responsibilities for data publication 

UTS will
  1. provide guidance to researchers on how to publish data 
  2. provide facilities for researchers to publish data.
Research project leaders will
  1. publish, where appropriate, data and/or relevant metadata to enable discovery of data.
Researchers will
  1. understand any publication requirements (for example, by funders) that are relevant to their data 
  2. apply appropriate licences to their published data 
  3. enable access to their data, either by publication or mediated access as outlined in any data publications or data availability statements.
Graduate research supervisors will
  1. help their students understand any data publication requirements 
  2. guide their students to determine if it is appropriate to publish their data, either entirely or with mediated access 
  3. encourage their students to publish their data where appropriate.
Graduate research students will
  1. consult with their supervisors to determine whether publication is appropriate 
  2. seek guidance on publishing data if appropriate.

Indigenous Cultural and Intellectual Property

4.39 Indigenous Peoples and Indigenous Knowledge holders have the right to exercise autonomy and governance over ICIP, which includes research data. This includes the right to autonomously decide how and why ICIP is collected, accessed and used to ensure that data on or about Indigenous Peoples reflects Indigenous priorities, values, culture, world views and diversity. 

4.40 Benefit sharing: Any collection or use of ICIP should aim to benefit Indigenous Peoples both generally and, where relevant, at a local level. Research activities and outcomes should include specific, tangible benefits that respond to the needs and interests of Indigenous Peoples, including those who participate in the research project and others in the community who may be affected by the research. This must be documented. 

4.41 Agreements and community protocols: Where research undertaken is using ICIP, researchers must discuss and document access and authority arrangements to any materials used or gathered in the project with relevant community stakeholders or rights holders. Any such agreements should include community protocols governing access, storage and reuse of collected materials and relevant contact details of stakeholders and rights holders. Researchers should also consider frameworks such as the CARE Principles for Indigenous Data Governance, AIATSIS Code of Ethics for Aboriginal and Torres Strait Islander Research, Maiam nayri Wingara, Traditional Knowledge Labels as well as other relevant UTS policies. 

4.42 Storage and tools: Researchers working with Indigenous Peoples must reach an agreement regarding the storage of and access to ICIP and determine strategies for allowing access and protecting confidentiality and cultural sensitivities. Researchers must consider the storage and collection tools and methodologies that will be used as part of the project when forming agreements and ensure any collection of materials is supported by good documentation and labelling practices. Refer AIATSIS Code of Ethics for Aboriginal and Torres Strait Islander Research and Ethical conduct in research with Aboriginal and Torres Strait Islander Peoples and communities: Guidelines for researchers and stakeholders. 

4.43 Dissemination and retention: Aboriginal and Torres Strait Islander research participants have the right to access or obtain a copy of their data. If data is not returned to the community, researchers must arrange ongoing access for as long as the data remains on suitable infrastructure that has been agreed to by the community stakeholders and rights holders. 

4.44 Dissemination and attribution: Researchers must discuss wider dissemination (outputs and publications) with community stakeholders and rights holders. This requires gaining approval to ensure access and control to ICIP and reuse are in line with community protocols. Attribution to Aboriginal and Torres Strait Islander research participants must be provided and this must be documented in any agreements. Inclusion of attribution to non-human entities (for example, Country) can be considered in consultation with community. 

4.45 Secondary use and commercialisation of data: Ownership of ICIP can be expressed through the creation, collection, access, analysis, interpretation, management, dissemination and reuse of ICIP. Any secondary use or commercialisation of ICIP must be done with the express permission of the community and be in line with any benefit sharing arrangements (monetary and non-monetary). Researchers should discuss implications of such secondary or commercial use with community stakeholders and rights holders.

Leaving UTS

4.46 Research project leaders (as data stewards) and data managers leaving UTS must: 

  1. ensure that their RDMPs are current 
  2. ensure their datasets are identified (via the creation of a data record) and have a specified retention period applied 
  3. arrange for another researcher to take on the role of data steward and data manager (normally the new research project leader or the associate dean (research)).

4.47 Subject to ethical, cultural, commercial, privacy and legal restrictions, researchers may take a copy of and/or continue to access their research data by entering into a data sharing agreement with the data steward. This arrangement must be included in the research contract or in a separate data sharing agreement.

4.48 It is advised that researchers who take a copy and/or use their research data after leaving UTS continue to store and access the data in line with this procedure and the Information Security Policy. These requirements should be reflected in the research contract or data licence agreement.

Table: Summary of responsibilities for leaving UTS

UTS will
  1. advise and assist researchers in transferring data manager and data steward roles.
Research project leaders will
  1. ensure the data has an appropriate retention period 
  2. ensure that the nominated data steward and data manager for their projects is kept current.
Researchers will
  1. update the retention period for their data 
  2. make arrangements to transfer responsibility for management of their data to another data steward and/or data manager if they leave UTS 
  3. enter into a data sharing agreement with the data steward and/or data manager if they wish to take a copy of their data when leaving UTS.
Graduate research supervisors will
  1. help their students to apply the correct retention period to their data 
  2. assist their students in appropriately transferring any responsibilities (for example, data manager) to a suitable permanent staff member (the primary supervisor) 
  3. help their students to create a data sharing agreement if required.
Graduate research students will
  1. consult with their supervisors to determine the retention period for their data 
  2. ensure that the correct retention period is applied to their data. 
  3. transfer any responsibilities (for example, data manager) to a suitable permanent staff member (the primary supervisor).

Breaches and complaints 

4.49 Breaches of research data that involve personal or health information must be reported and managed in line with the Data Breach Policy

4.50 Privacy-related complaints relating to research participants or the handling of research data may need to be managed under the Privacy Policy and should be referred to the UTS Privacy Officer in addition to any required ethics integrity review requirements.

5. Roles and responsibilities

5.1 Procedure owner: The Deputy Vice-Chancellor (Research) is responsible for enforcement of this procedure, ensuring that its principles and statements are observed. The Deputy Vice-Chancellor (Research) is also responsible for approval of other associated university-level procedures and/or guidelines.

5.2 Procedure contact: The Data Management Specialist in the Data Governance Team, Data Analytics and Insights Unit is the primary point of contact for advice on implementing and administering this procedure.

5.3 Implementation and governance roles

Researchers, including graduate research students, are responsible for applying the principles and statements of this procedure to all research projects. 

The Research Technology (eResearch) team is the primary point of contact for IT systems and storage advice in relation to research data management. 

UTS Library provides training and advice on RDM best practice, copyright, licensing and open access. 

The Office of the Pro Vice-Chancellor (Indigenous Leadership and Engagement) can provide general advice and/or referral to sources of information on Indigenous Cultural and Intellectual Property (ICIP) as required.

6. Definitions

The definitions outlined in the policy apply for this procedure. The following definitions are in addition to those definitions. Definitions in the singular also include the plural meaning of the word.

Data manager means the person who is the contact for all queries regarding the research data. It may be the researcher, a research assistant, a faculty data manager or a generic name and email (for example, centre lab manager, email centre@science.uts.edu.au). The person must be contactable after the end of the research project. For graduate research projects, the data manager is the graduate research student.

Data publication (also data publishing) refers to the practice of submitting data to a repository or portal to make the data (or the metadata record of the data) discoverable, accessible and reusable.

Data record means a description of a research dataset, created in Stash, that contains information on the contents and interpretation of the dataset. It also provides context on when and why the dataset was created, who can access it and how long it must be retained.

Data sharing means allowing access to research data to specific parties for specific purposes, such as collaborators. At UTS, any data sharing agreement must be outlined in the research contract or a separate data licence agreement. 

Data steward is defined in the Data Governance Policy. For the purposes of this procedure, the research project leader is the data steward.

Dataset means a collection of related data, whether structured or unstructured, which has been collected or curated for a single purpose.

Falsification of data means the manipulation of research processes or practices and/or changing or omitting research data or outcomes resulting in inaccurate or misleading research results.

Indigenous Cultural and Intellectual Property (ICIP) is defined in the Intellectual Property Policy

Indigenous data sovereignty is the right of Indigenous Peoples to govern the collection, ownership and application of data about Indigenous communities, peoples, lands and resources, while addressing and adhering to the requirements of this procedure.

Mediated access means access to research data (or related information) with the assistance of a UTS data steward or nominee and under specified conditions regarding use and dissemination.

Research workspace is an application or service used to conduct research before data are exported for archiving. It includes but is not limited to storage and sharing platforms, collaboration services, survey and analytics platforms, code and project management, digital research notebooks and computing services.

Stash is the approved UTS system used to create research data management plans.