Skip to Main Content

Managing your research data

Storing data

Best practice for storing data

  • Store data uncompressed in non-proprietary or open standard formats
  • Copy or migrate data to new media every two to five years
  • Backup regularly especially after every change made to your data, and in different forms of storage
  • Check the data integrity at regular intervals
  • Organise and label data clearly
  • Ensure the storage location is fit for purpose, free from the risk of flood, fire etc.
  • Create digital versions of paper-based data
  • Ensure data security for sensitive or personal information


Corti, L., Eynden, V. v. d., Bishop, L., & Woollard, M. (2014). Managing and sharing research data: A guide to good practice. Sage.


Access and store your data

Follow the AUT data storage guidelines:

  • Contact AUT ICT Services for data storage advice.
  • AUT staff and students may use Microsoft OneDrive (1TB cloud storage per person) for keeping your data while you are working or studying at AUT.   
  • Some AUT research institutes may provide a data storage for their researchers.
  • Use an online repository for open data.

Backup your files/data regularly!

Māori perspectives on data storage

Exploring Te Ao Māori perspectives on offshore data storage

"This report seeks to strengthen the Māori-Crown relationship by building understanding of Māori perspectives on data storage. It also aims to inform discussions and guide government agencies in their decision-making about storing data."

Confidentiality and security

Identifying data sensitivity

  • Is the data confidential (e.g. including personal or commercial information)?
  • Can unauthorised access harm individuals, assets or organisations as a result of disclosure?
  • Would disclosure violate laws?
  • Are there data integrity concerns?
  • What would be the impact of unauthorised use, modification or destruction of the data?
  • Will time-sensitive decisions be made on the data (i.e. sensing data for earthquakes, floods, etc.)?

This step is important as it helps you determine the appropriate security and privacy requirements. 

Further reading:

De-identifying your data

Anonymisation involves removal of all data that can be used to identify individual participants in a research project, and for protecting their privacy.

  • Remove direct identifiers such as names, addresses, phone numbers etc.
  • Indirect identifiers such as place of employment, occupation, postcode, ethnicity or age should be removed if combined with other information can identify a person
  • ANDS Guide for de-identification 

Access restrictions 

  • De-identifying data can be expensive and time consuming, and may leave the data with no value
  • Restricted access may apply to those data that are unable to be de-identified

Any restrictions to your data should be recorded in your data management plan.

Storage security

  • Consider how you will protect your data from theft, loss, neglect and insecure practices.   
Physical location Guard against unauthorised access to the location
  • ensure physical locations are secure/locked
  • log removal or access to files
  • avoid using transportable drives as permanent storage
Network location Ensure network security
  • avoid storing data on drives connected to external networks
  • use a firewall
  • use encryption
Computers Prevent unauthorised access to computers
  • create strong passwords
  • use a firewall and virus protection software
  • protect from power surges
  • routinely back up data to other locations
Retention Decide how long the data should be retained
  • create a retention policy
  • dispose of data appropriately
  • provide audited disposal


  • Backing up regularly to avoid data loss
  • Save two copies of your data in different devices and one copy off site (e.g. a cloud storage). Safety and sensitivity should be taken into account
  • Find more about Backup from the UK Data Services website


Data preservation involves maintaining, preserving and adding value to research data throughout its lifecycle. It is done after the completion of your research project. Consider the following:

  • Which data will be retained and for how long
  • Do you need to retain any data you collected indefinitely?
  • What method of disposal will be used?
  • Are there any contractual, legal, or regulatory requirements?
  • Where will you archive the data for long term use? Will an open data repository be considered?
  • If pre-existing data (secondary data) is going to be used, how long it will be available

Find more details from the following online guides: 

Research data repositories

You may use data repositories to find data for your research, or to deposit your own research data.  Storing your data in a repository will ensure it is preserved for future use.  A repository will assist with data organisation, analysis or metrics, and security.  Depositing data in an open data repository may increase visibility and impact.