Printed on: 09/19/2023. Please go to policy.umn.edu for the most current version of the document.
University of Minnesota  Administrative Policy

Research Data Management: Archiving, Ownership, Retention, Security, Storage, and Transfer

Sidebar

Expand all

Sidebar

Table of Contents

Questions?

Please use the contact section below.

Leave Feedback

Policy Statement

Management of research data is a shared responsibility among: the Office of the Vice President for Research (OVPR); the Office of the Vice President and Chief Information Officer (OVPCIO); the Academic Health Center (AHC); the University Libraries and system campus libraries; the colleges, schools and system campuses; and the Principal Investigator (PI).

University ownership and stewardship of research data that are generated or acquired by faculty, staff, and students through the use of University facilities and resources are based on applicable laws and regulations, sponsorship agreements, University policies, and sound management principles.

Ensuring that (i) research data management needs and regulatory obligations, including preservation and long-term accessibility, are met for critical, high-value research data, and (ii) operational considerations with respect to the various types of research data are captured is the joint responsibility of the Vice President for Research, the Vice President and Chief Information Officer, the Vice President for Clinical Affairs, and the University Librarian and Dean of Libraries (Twin Cities campus),/Director of Libraries (Duluth, Crookston, Morris, and Rochester campuses).

Ownership and Stewardship of Research Data

Unless superseded by specific terms of sponsorship or other agreements or University policy (e.g., Copyright), the University owns all research data generated or acquired by University employees (faculty and staff) or non-student trainees or fellows (not employed by the University) through research projects conducted at or under the auspices of the University of Minnesota, regardless of funding source.

Students own research data that they generate or acquire in their academic work, unless the research data are:

  • generated or acquired within the scope of their employment at the University;
  • generated or acquired through use of substantial University resources; or
  • subject to other agreements that supersede this right (e.g., Research Data Ownership Acknowledgment form signed by student and PI).

Research data generated or acquired by students outside of their academic work or by volunteers through research projects conducted at or under the auspices of the University of Minnesota, regardless of funding source, are owned by the University unless superseded by specific terms of sponsorship or other agreements.

Multiple organizations or individuals may share ownership of research data, for instance, if the research data are generated or acquired through collaborative research.

The PI is the steward of the research data that are under their control. PIs are responsible for managing access to research data under their stewardship. PIs will select the vehicle(s) for publication or presentation of the data. PIs decide whether or not to share research data, including placing research data in public repositories, unless specific terms of sponsorship or other agreements supersede this right.

The University has the option to take custody of primary research data to ensure appropriate access in case of an allegation of research misconduct (see Administrative Procedure: Conducting an Inquiry.)

Retaining and Archiving Research Data

PIs are responsible for ensuring that critical, high-value research data under their stewardship are preserved.

The PI is responsible for determining what needs to be retained in sufficient detail and for an adequate period of time to enable appropriate responses to questions about accuracy, authenticity, primacy, and compliance with laws and regulations governing the conduct of research.

PIs must retain research data for at least the minimum period required by applicable laws and regulations, sponsorship requirements, or other agreements. PIs may choose to retain the data beyond the minimum period, up to any deadline specified by laws, regulations or other agreements.

PIs must destroy research data when required by laws, regulations, or other agreements, on or before a specified deadline, and follow the applicable process for destroying research data:

Transfer of Research Data

If a PI leaves or joins the University or a project is moved to or from another institution, the PI may request that a copy of the research data be transferred. (See Administrative Procedure: Transferring Research Data.)

Meeting Data Management Requirements

The PI is responsible for educating all participants in the research project of their obligations regarding the research data, and for protecting the University's rights and ability to meet obligations related to the research data.

If the PI is a group of researchers, the group must either take on joint responsibilities for complying with this policy or delegate different responsibilities to different members of the group.

The PI; relevant colleges, schools, and system campuses; and the Sponsored Projects Administration (SPA) are jointly responsible for identifying research data management requirements that go beyond standard requirements, e.g., FISMA, as soon as the requirements become apparent. SPA must be notified and keep a record of such requirements. Furthermore, colleges, schools, and system campuses must inform the SPA if they sign contracts that include stipulations for research data management, including security and retention needs that go beyond standard requirements, e.g., FISMA requirements.

The PI is responsible for working with University administrative and academic units to ensure compliance with this policy.

  • As soon as it becomes apparent, whether prior to or after acceptance of a grant or contract, that the PI cannot meet the responsibilities specified, the PI must consult with appropriate University officials in their colleges, schools, or system campuses.
  • Colleges, schools, and system campuses are responsible for responding to and working with a PI if they cannot meet any of the responsibilities assigned to the PI described in this policy.

When the responsibilities assigned to the PI described in this policy exceed the capacity of the PI's college, school, or system campus, the respective college, school, or system campus is responsible for informing the Executive Vice President and Provost and working with OVPR, OVPCIO, and AHC (in case of health-related research data) to assist the PI in meeting research data management needs. If the research data management needs cannot be met by the University, the PI must be informed in a timely and transparent manner.

The Vice President for Research, in consultation with the VP and CIO, the VP for Clinical Affairs, the University Librarian and Dean of Libraries (Twin Cities campus),/Director of Libraries (Duluth, Crookston, Morris, and Rochester campuses), and the Chief Financial Officer, has the authority to deny acceptance of grants or contracts if the University cannot meet the data management requirements of the sponsor.

Securing Research Data

PIs must ensure that research data are protected according to application specifications in Administrative Policies: Data Security Classification and Information Security. PIs  must collaborate with University Information Security to complete risk assessment activity in accordance with the Information Security Risk Management policy. PIs must meet all other data security requirements that may be specifically required under the terms of a contract or grant or other agreement or under laws and regulations associated with research data.

Managing the Distributed Research Data Management Environment

The Vice President for Research, the Vice President and Chief Information Officer, the Vice President for Clinical Affairs, and the University Librarian and Dean of Libraries (Twin Cities campus),/Director of Libraries (Duluth, Crookston, Morris, and Rochester campuses) are jointly responsible for periodically evaluating existing research data management solutions across the University and determining future research data management requirements, and sponsoring a Use Case Categorization Scheme (UCCS) Committee. The UCCS Committee is advisory and includes representation from the University research community and those responsible for managing research data. The UCCS Committee:

  • develops, maintains, and regularly updates a categorization scheme for research data based on use cases;
  • solicits and receives uses cases from PIs; colleges, schools, and system campus administrators; or other unit administrators involved in research data; and
  • makes recommendations for central research data management solutions when non-central research data management solutions do not meet regulatory requirements and contractual obligations; do not align with the University's risk tolerance; may exceed the college, school or system campus' capacity; or may lead to inefficient use of resources.

The UCCS Committee will take into account the varying capacities of colleges, schools and system campuses to manage research data when recommending solutions.

Reason for Policy

Research data management is based on (a) the University's commitment to research excellence and fostering discovery, (b) applicable laws and regulations, (c) the University's need to enable appropriate responses to questions about accuracy, authenticity, and primacy of research conducted under the auspices of the University, (d) the University's interest in supporting and commercializing intellectual property, and (e) the continuing value of the research data to the PI and the research community. The research environment is changing due to the exponential growth of data, legislative and sponsor mandates on data management, and new solutions for data storage.

This policy will:

  • clarify responsibilities and accountability with respect to research data management, which is shared among multiple units;
  • aid in decision making with respect to acceptable practices for management of research data;
  • promote coordination between support providers to ensure that services meet the functionality needs of the University research community and avoid overlap or competing service offerings; and
  • help the University to assure compliance with all applicable laws and regulations and internal requirements with respect to research data management practices, data storage, data security, and sharing and dissemination of research data.

Contacts

Subject Contact Phone Email
Primary Contact(s) James Wilgenbusch 612-624-1355 [email protected]
Responsible Individuals
Responsible Officer Policy Owner Primary Contact
  • Vice President for Research
  • Director of Research Computing
  • James Wilgenbusch
    Director of Research Computing

Definitions

Critical, High-value Data
Data that (i) enable appropriate responses to questions about accuracy, authenticity, primacy, and compliance with laws and regulations governing the conduct of research; (ii) are necessary to validate research findings and cannot be easily regenerated if lost; or (iii) have high potential to be reused by researchers in other significant research.
Principal Investigator (PI)
The individual or individuals primarily responsible for and in charge of a research project.
Research Data
Recorded factual material commonly accepted in the scientific or scholarly community as necessary to validate research findings, excluding preliminary analyses, drafts of scholarly or scientific work, plans for future research, peer reviews, communications with colleagues and physical objects (e.g., laboratory samples).
Substantial University Resources
Resources provided by the University that go above and beyond what is customarily provided to University employees or students. Substantial resources will vary by department/unit and context. To be substantial, the resources must be beyond the ordinary (e.g. computer) and must be more than what other members of the department or students in similar situations are regularly offered as support for their work.
Use Case
Use cases capture and describe system requirements and minimum security standards for data. A use case represents a specific example of data types together with workflow steps to achieve a research goal.
Use Case Categorization Scheme
A way to organize use cases based on how the research data may be used in a task. The same type of data may have different uses. Through the study of use cases, a categorization scheme emerges that allows for grouping of data according to system requirements.
Use Case Categorization Scheme Committee
A group of individuals tasked by VP for Research, VP and CIO, VP for Clinical Affairs, and the University Librarian and Dean of Libraries (Twin Cities campus),/Director of Libraries (Duluth, Crookston, Morris, and Rochester campuses) to develop, maintain, and regularly update the Use Case Categorization Scheme.

Responsibilities

Vice President for Clinical Affairs 
The Vice President for Clinical Affairs, through the University's Health Information Privacy and Compliance Office, oversees regulatory compliance for all health care/patient related data to ensure that University research data management practices meet applicable laws and regulations, including HIPAA and HITECH, for health related data. They are also responsible for managing all health care/patient related data that are in or under the control of the AHC, including:
  • storage, security, and access management to such data;
  • retention, preservation, and proper destruction of such data;
  • privacy; and
  • sharing of health related data, whether within or external to the University.

These responsibilities cover health-related data, including data originating from University health care partners and other external parties, unless superseded by specific terms of sponsorship or other agreements.

Campus Library Directors (Excluding the Twin Cities - see University Librarian and Dean of Libraries)
  • Ensure accessibility and preservation of research data through curation, metadata, repositories, and other access and retrieval mechanisms to meet federal, state, sponsor, and University requirements.
  • Train and support researchers in the creation and implementation of data management plans.
  • Request assistance from the University Librarian if assigned responsibilities exceed campus capacity.
  • Work with the University Librarian to develop research data management solutions system-wide, where appropriate.
Colleges, Schools, and System Campuses
Work with OVPR, OVPCIO, and AHC (in case of health-related research data) to:
  • identify and track their research data management needs, including future capacity needs, and inform the Executive Vice President and Provost about those needs.
  • manage the departure of a PI leaving the University where the University intends to continue ownership of the data, The college where the PI resided must designate a person responsible for ongoing data management.
  • manage written requests to send a copy of University research data to another organization
Office of the Vice President and Chief Information Officer (OVPCIO)
Responsible for the information technology strategy for the University, which includes a strategy for research data storage, archiving, and information security and addresses the information technology needs of the University, including the needs of research data storage.
Office of the Vice President for Research (OVPR)
The VP for Research is responsible for ensuring that:
  • research data management practices meet state and federal regulations, sponsor requirements, and University policies; and
  • research data management practices do not conflict with other University policies or interests, such as the protection of research subjects, national security interests, intellectual property, or technology transfer.
Principal Investigator (PI)
  • Determines what needs to be retained in sufficient detail and for an adequate period of time.
  • Manages access to research data.
  • Selects the vehicle for publication or presentation of the data.
  • Shares research data, including placing research data in public repositories, unless specific terms of sponsorship or other agreements supersede these rights.
  • Is responsible for ensuring that critical, high-value research data under their stewardship are preserved.
  • Educates all participants in the research project about their obligations regarding research data.
  • Alerts Sponsored Projects Administration (SPA) if a grant or contract may require management of research data that go beyond standard requirements.
Sponsored Projects Administration (SPA)
Identifies and tracks sponsor requirements for research data management, including security and retention needs that go beyond standard requirements. Communicates exceptional sponsor requirements for research data management to the PI and administering unit of the grant or contract, and if needed, to other units, such as the Libraries, OIT, or the UCCS Committee.
UCCS Committee
In addition to the responsibilities stated under "Managing the Distributed Research Data Management Environment," the UCCS Committee reports back regularly to the VP for Research, the VP and CIO, the VP for Clinical Affairs, and the University Librarian and Dean of Libraries (Twin Cities campus),/Director of Libraries (Duluth, Crookston, Morris, and Rochester campuses)), who, in turn, assign primary responsibilities for implementation to respective units. The implementation of each of the research data management solutions becomes the responsibility of the unit to which primary responsibility is assigned, but must be consistent with University technology standards developed by OIT. The UCCS Committee must be respectful of the varying capacities of colleges, schools, and system campuses to manage research data, implying that the same type of research data may require different solutions for different units.
Units other than Colleges, Schools, and System Campuses
Work with OVPR, OVPCIO, and AHC (in case of health-related research data) to identify and track their research data management needs, including future capacity needs.
University Librarian and Dean of Libraries
  • Ensures accessibility and preservation of research data through curation, metadata, repositories, and other access and retrieval mechanisms to meet federal, state, sponsor, and University requirements.
  • Trains and supports researchers in the creation and implementation of data management plans.
  • Assists campus library directors if their assigned responsibilities exceed campus capacity.
  • Works with campus library directors to develop research data management solutions system-wide, where appropriate.
VP for Research, VP and CIO, VP for Clinical Affairs, and the University Librarian and Dean of Libraries (Twin Cities campus),/Director of Libraries (Duluth, Crookston, Morris, and Rochester campuses)
  • Jointly responsible for ensuring that research data management needs and regulatory obligations, including preservation and long-term accessibility, are met for critical, high-value research data, and operational considerations with respect to the various types of research data are captured.
  • Evaluate existing research data management solutions across the University.
  • Determine future research data management requirements.
  • Appoint and oversee the work of the Use Case Categorization Scheme (UCCS) Committee.

Related Information

Board of Regents Policies

Administrative Policies

Other Related Information

  • Responsible Conduct of Research core curriculum

History

Amended:
September 2018 - Comprehensive Review, Minor Revisions: Changes in senior leadership structure and terminology about Human Research Protections incorporated into this policy.
Effective:
December 2014 - New Policy, 30 Day Review. 1. Clarifies ownership and stewardship of research data, transfer to other institutions, and access by third parties. 2. Establishes the high level guidance for coordinating the institution's efforts to satisfy research data storage and associated infrastructure needs.
Date of Comprehensive Review - Time Stamp