A data storage strategy outlines where and how you'll store your data as you work through your project. There are many things that should be considered when planning your data storage approach including access and security requirements, the level of data sensitivity, storage costs and any relevant legislation.

Having a well-thought out plan for your data storage will ensure that you can avoid:

1. Data loss from human or technical error
2. Data breaches, which may be malicious or accidental
3. Breaching funder or legislative requirements
4. Collaborator frustration from unforeseen access issues

Information security specialists have developed a useful acronym to use to assess your plan for data storage:

C - Confidentiality: Your data shouldn't be made available to people who aren't authorised to view it.
I - Integrity: Your data should be kept accurate and complete - no-one should be able to edit it without your knowledge and permission.
A - Availability: Your data should be able to be accessed by the appropriate people when they need to in a useful way.

Balancing these three considerations can be difficult. Keeping all your research on piece of paper in a tightly locked office might provide good confidentiality, but it might not be very available to your collaborators. Putting all your working data up on an open Google Sheet that anyone can edit might result in great availability, but poor integrity. It's important for you to understand how confidential your data should remain; how many people should be allowed to edit/modify it; and how people will get to the data when needed.

The Curtin University Information and ICT Appropriate Use Policy states that all datasets "will be identified and protected in a manner that is appropriate to their sensitivity and importance" - not all research projects will require the same approach and not all data within a research project will require the same treatment; some access requirements will make particular approaches more suitable or less suitable for your research project. That's why it's good to consider your approach to these issues alongside each other.

 In addition to the information security requirements of Curtin, you may also need to adhere to requirements from industry or governmental regulatory bodies, funder/grant bodies or from external collaborators. Careful consideration of all these demands early on can help avoid problems at later stages.

When deciding on storage and access systems, it's crucial to consider how sensitive the data is. Unauthorised disclosure of sensitive information can cause serious damage to individuals and organisations, so mitigating that risk is critical to the data management planning process and to the ethical conduct of research.

The Curtin Information Security Classification Decision Flowchart and the Information Security Classification Policy below can help you decide what the appropriate category of Information Security is for your data. The Decision Framework on the Use of Cloud Services linked below gives some considerations and guidelines when choosing a cloud storage system for your research data.

This classification can help determine:

• Where the data should be stored
• Who can access the data
• How the data should be disposed

It may be useful to note that for most Curtin research involving humans, the classification should be Confidential or Protected.

Data loss, whether caused by technical or human error, can set your research back for years. Backups and safeguarding refers to your steps and plans to minimise the risk of loss or destruction of your data. The specifics of your plan will depend on your dataset size, software or instrumentation used and your research process, but some recommendations are universal:

1. An automated backup procedure is better than a manual one.
2. Backups should occur at regular intervals and whenever major changes are made.
3. Store your backups on multiple types of storage in multiple locations. The link below on the 3-2-1 Backup Method describes this more.

When it comes to choosing where to store research data, there are many options to consider. As you plan where to store your work, you should address the following issues:

• Is this option recommended by DTS/Curtin Information Management & Archives or the relevant research body you're working with?
• How easily can you access support for using this storage?
• Will you require access to the data when off campus?
• Who will need to access the data?
• Does the option create backups automatically? If so, how long can they be retrieved?
• Are you working with Confidential data?
• Will you need to access the data once you leave Curtin?
• How much data will you produce?
• Are there any legislative restrictions around where the data is stored?

Below is table of the standard storage options available at Curtin with details that can help you assess if the storage option is suitable for your research.

The Research Drive (or R: drive) is a shared network drive for storing research data at Curtin University and is provided by DTS.

Please note the following regarding the R: drive:

1. R: access is secure - only you and those people you nominate can see the files stored there, so it's safe to keep sensitive information there.
2. Once you have completed your research, you are required to store your data for a certain period as outlined in your DMP. The R: drive is Curtin's preferred location for this.
3. All R: drives require a completed and approved Data Management Plan. Creation of an R: drive is done after your DMP is approved by a Supervisor or Principal Investigator. The approver process is outlined from p2 in the DMP Tool help document linked below. 

Modifying a research drive

Once your drive is created, changes to access and storage space can be requested from DTS. Please see the links below on how to make these requests.

Accessing the R: drive

Your R: drive should be located in the networked drives whenever you log on to any Curtin computer.

If you need to access your R: drive on your own personal laptop while on campus, please follow the DTS guide to mapping the R: drive.

If you need to access your R: drive while off campus on your own laptop, please follow the DTS guide to using the Curtin VPN client. Once completed, follow the guide for mapping the drive.

DTS give the following recommendations when using the Research Drive:

1. Keep all individual files below 1000GB in size.
2. Limit the number of files within a directory to 20,000 files.
3. Limit the number of folders within a directory to 10,000 folders.
4. It's fastest to copy the files to your local computer from R:, update the documents and then copy them back once finished.
5. If you're not actively using files, it's best to add them to an archived file using a file compression program such as Winzip or 7-Zip, which will make them easier to store.
6. To protect your data against integrity loss during transfer, you should consider applying checksums. Software such as WinMD5Free checks that the file in the new location and the file in the old location are identical.

When considering the suitability of various storage methods for your research data, you should keep in mind that reliable storage methods come with a cost - and usually the greater the storage space required, the greater the cost.

Some cloud services may provide their services free of charge if your data size requirements are low. Others may charge you by the gigabyte or terabyte once you reach a certain dataset size; other will charge by how often you upload and download the data.

When using the Research Drive you may be asked to follow certain guidelines and processes in order to help DTS control costs of providing you with large amounts of storage. These might include:

1. Archiving inactive files with archiving/compression software (such as WinZip or 7-Zip) will help reduce the size of data stored.
2. When shifting the file formats of your data, move the original files to an archival storage location to save space.
3. When working with downloaded datasets, only keep the files that are relevant to your work and delete the unnecessary files/folders.

Whatever your choice of storage location, by staying aware of what data you need to store, you can control the cost to yourself or your institution.

The Customs Act 1901, the Defence Trade Control Act 2012 and the Defence and Strategic Goods List 2019 establish a set of restrictions to control the flow of items and technology related to the armed forces or goods that are inherently lethal, or to things that aid their development or manufacturing. These restrictions also extend to data, information and software that meet this criteria.

One of the requirements is that anyone anyone importing, exporting or otherwise moving any of these things to have a permit. If you believe your research falls into this category, please read the information in the "Exporting controlled goods and technologies" link below and contact the Research Office for guidance and help.