View Current

Research Data Management procedure

This is the current version of this document. To view historic versions, click the link in the document's navigation bar.

Section 1 - Preamble

(1) This Procedure is effective from 2 March 2021.

Top of Page

Section 2 - Purpose

(2) This Procedure outlines the requirements for responsible management of research data and information (data) in compliance with the Australian Code for the Responsible Conduct of Research, 2018 (the Code).

Top of Page

Section 3 - Scope

(3) This Procedure applies to all research undertaken by staff and students of Deakin University irrespective of the location of the research.

Top of Page

Section 4 - Policy

(4) This Procedure is pursuant to the Research Conduct policy.

(5) The University is responsible for:

  1. training Deakin researchers about how to manage research data
  2. providing facilities to store and access data, and
  3. maintaining the University's open access repository.

(6) Researchers are responsible for:

  1. developing, reviewing and adhering to a Research Data Management Plan (the Plan) in accordance with this Procedure, when commencing and throughout research projects
  2. complying with any contractual, intellectual property, confidentiality agreements, ethical and legal requirements relevant to the project when developing the Plan.

(7) Researchers are strongly encouraged to use the University’s Research Data Management Planner, which details all the information required by this Procedure.

Top of Page

Section 5 - Procedure

Data custodianship

(8) Each dataset must be assigned a data custodian who should be identified in the Plan. The custodian may be an individual or outside agency or an intermediary that manages data coming from a number of sources.

(9) Where the data custodian is external to Deakin, a Deakin staff member should be appointed to act as a dual custodian to ensure custodial requirements are met. They will manage the data if the external custodian cannot.

(10) The data custodian or Deakin dual custodian is responsible for:

  1. regular review of the Plan in accordance with the documented schedule and other appropriate points in the research
  2. storage of data in accordance with the Plan
  3. ensuring storage of and access to the data is managed according to the Plan, including providing mediated access to authorised parties as appropriate while maintaining the data in a protected form
  4. ensuring any relevant conditions stipulated in an approved ethics application and/or contract are adhered to, including confidentiality agreements or conditions of consent around the reuse or sharing of any human research data.

Data storage and transfer

(11) The University is responsible for providing facilities that comply with:

  1. privacy requirements and other relevant laws
  2. regulations and guidelines
  3. research discipline-specific practices, and
  4. standards related to the safe and secure storage of data and information in accordance with the Information and Communications Technology Security policy.

(12) Data relating to University research projects should be stored in the facilities, infrastructure and platforms provided and supported by the University.

(13) Where data must be stored at a location outside the University, such as a public archive or for collaborative projects:

  1. a copy of the data should be stored at the University
  2. researchers must as a minimum ensure the platforms or facilities conform to the data security requirements and protocols as those required by the University
  3. where data are electronic, Digital Services must approve the proposed storage.

(14) Data collected off campus must be stored securely and regularly transferred or transported to the University where relevant, including:

  1. for electronic research data by the secure means provided by the University as regularly as practical
  2. for non-electronic research data, at the conclusion of the off campus data collection and/or at regular intervals where the data collection period is protracted.

(15) Data transfer must comply with any legislative requirements associated with the export or import of the research data out of or into Australia, or cross border transfer/transportation of the data, prior to the transfer or transportation of the data.

(16) Where research data are collected online, researchers must take reasonable steps to ensure that the collection is legal in the data’s country or region of origin.

(17) Data storage protocols must facilitate long-term preservation and retrieval of the data according to the University’s requirements.

Data safety and security

(18) Researchers will take all reasonable steps to ensure that research data subject to legislative or security requirements are managed appropriately to mitigate any risks to the University, the research team and any human participants involved in the research. Researchers will also take all reasonable steps to ensure that such data are not vulnerable to unauthorised access and stored securely.

Data access

(19) Access arrangements may be restricted, shared or open and should be appropriate for the nature of the data, taking into account any relevant sensitivities or risks associated with sharing the data and complying with the relevant requirements of any associated ethics or biosafety approval processes.

Data description

(20) Researchers must include a descriptive metadata record of their data that meets the University’s requirements and is stored in the University’s repository.

Data ownership

(21) Ownership of research data will be determined by any of the following (where applicable):

  1. copyright arrangements and the University Copyright policy and procedure
  2. intellectual property arrangements and the University Intellectual Property policy 
  3. contractual obligations and the University Contracts policy and procedure
  4. confidentiality agreements
  5. ethical requirements
  6. cultural property considerations
  7. any other legal requirements.

Data reuse and sharing

(22) Researchers should collect and store research data in such a way that it can be used in future research projects, unless there are valid reasons for not making data accessible, such as respect for cultural ownership or unmanageable risks to the privacy of research participants.

(23) Restrictions to or proposed sharing or reuse of the research data and how the custodian will mediate access to the data (where applicable) should be included in the Plan. Reasonable efforts must be made to seek agreement from all relevant members of the research team prior to sharing or reusing the data.

(24) The custodian must ensure a written agreement is in place prior to any sharing of data outside the research team, including any limitations to further sharing of the research data.

(25) Reuse or sharing of human research data must comply with the human research ethics requirements, including ensuring future use of the data complies with any conditions of participant consent, or has been granted a waiver of the requirement for consent.

(26) Where human biospecimens, non-human specimens or imported materials are shared, a copy of any relevant records relating to the management of the specimens must accompany the specimens.

Data retention

(27) Researchers must retain their data for the relevant period specified in the Research Data Retention Table at clause 40.

(28) The relevant retention period for research data and the date data can be destroyed (if applicable) should be specified in the Plan and reviewed as appropriate.

Data destruction

(29) Research data may be destroyed when it has reached the end of its applicable retention period and following consultation with University’s University Records Team.

(30) Research data should be destroyed securely by one of the processes recommended on the University’s Research Data Management webpage.

(31) Details of data destruction should be recorded in an existing register or the Plan by the data custodian.

Researchers leaving the University

(32) Prior to leaving the University, researchers must provide access to the Plan and any physical or digital storage location/s with their direct line manager or supervisor.

(33) Where the Deakin data custodian leaves the University, a new custodian must be appointed. Where the final member of a research team leaves the University, the Head of Academic Unit will take on the responsibilities of the data custodian unless other arrangements are made.

(34) Researchers may take a copy of the research data for future use if they ensure that:

  1. all members of the research team agree
  2. the data is no less secure than it would have been at the University, and
  3. they will comply with the Plan as it pertains to the future storage and use of the data outside of the University.

Collaborative research across institutions

(35) Deakin researchers conducting collaborative research across institutions must ensure that they comply with this Procedure.

(36) Researchers should discuss and agree on a Data Management Plan and its requirements with collaborators, in writing, before conducting collaborative research across institutions.

(37) Where applicable, a materials transfer agreement should be in place for material obtained from external institutions.

Research Integrity Advisers (RIAs)

(38) Researchers who have concerns regarding data management practices may seek confidential advice from Research Integrity Advisers regarding their obligations and options.

Breaches of the Code

(39) Potential breaches of the Code related to the management of data and information in research will be managed according to the Research Integrity Breaches procedure.

Top of Page

Section 6 - Data Retention Table

(40) The retention period specified in the following Data Retention Table commences (unless Exceptions* apply) when:

  1. The final research output has been published or findings disseminated, and there is no further intent to share the data via a mediated, or open access repository, or for secondary research purpose.
  2. Where it was not anticipated that data would be subject to future publication, sharing or secondary analysis in the past, but an opportunity to engage in one or more of those activities arises, the original data retention period will recommence from the point of publication, data sharing and/or secondary analysis.
Data type Minimum retention period
Records relating to the management and administration of specific individual research projects. Includes the development of research methodologies and protocols, resourcing, development and reporting on ethics applications, results of experiments, progress reporting to internal or external bodies and arrangements for informal collaborative research links with outside organisations.    
7 years
Summary record of data created as part of research activities within the institution. Includes information about the nature and type of data, principal researchers or investigators, how long the data is to be retained, location and format of data and any conditions around access or reuse of the data.  
Data and datasets created as part of research activities within the institution, which are of regulatory or community significance. Includes data created that is:
- part of genetic research, including gene therapy;
- controversial or of high public interest;
- costly or impossible to reproduce;
- relates to the use of an innovative technique for the first time;
- of significant community or heritage value to the state or nation; or
- required by funding or other agreements to be retained permanently.   
Data and datasets created from clinical trials as part of research activities within the institution. Excludes data and datasets with the regulatory or community significance stipulated above.    
15 years
Data and datasets created as part of research activities within the institution that involve minors. Excludes data and datasets with the regulatory or community significance stipulated above.    
15 years after child reaches the age of 18
Data and datasets created as part of research activities within the institution. Does NOT include data created for the specific research activities for which the additional regulatory requirements listed above apply.  
5 years
Records relating to the management and administration of specimens obtained from humans for research purposes. Includes records documenting the use of human cadavers and body parts and all biospecimens including (but not limited to) tissue, blood, genes and organs.
Includes acquisition records, records relating to a specimen's condition and use in research projects, interventions undertaken on the specimen and destruction of the specimen or transfer and removal from the institution. Also includes records of the consent obtained from the participant for the use of their biospecimens including duration and types of consent (e.g.,specific, extended or unspecified), and any access restrictions applied.  
15 years
Records relating to managing Genetically Modified Organisms (GMO) or other material requiring biosafety provisions, while being used in specific research projects. Includes applications and assessments of Notifiable Low Risk Dealings (NLRDs), ongoing management of biosafety material.    
8 years
Records documenting the management and care of animals in the institution's custody, as required under the Australian Code for the Care and Use of Animals for Scientific Purposes, the Prevention of Cruelty to Animals Act and Regulations and associated codes of practice. Includes information about the acquisition of animals, scientific procedures or research projects using animals, number and species of animals held, number and species of animals removed from the premises or destroyed, and records of any breeding conducted.  
7 years
Records relating to the management and administration of organic and inorganic specimens that are not derived from humans or animals, and which do not have any biosafety provisions and are held by the institution. Includes acquisition records, records relating to a specimen's condition and use in research projects, interventions undertaken on the specimen and destruction of the specimen or removal from the institution.  
7 years
  1. Where research data obtained from a third party is subject to licencing or copyright arrangements, any applicable retention period specified in a related agreement should be adhered to.
  2. Where data was collected for a human research project, researchers must comply with the retention requirements outlined in their approved ethics applications, giving particular attention to the information provided to research participants at the time of consent. Where researchers intend to retain, share or reuse the data in a way that differs from what was originally described in the approved ethics application, approval to do so should first be sought from an ethics review body.
  3. Where research data are subject to other relevant laws, these must be adhered to.
  4. Where research data are subject to safety considerations that make extended storage inappropriate (e.g. unstable chemical or material storage, highly sensitive data relating to extremist or terrorist activities), a shorter retention period may be acceptable subject to any relevant approvals (e.g. from laboratory managers or an ethics review body).
Top of Page

Section 7 - Definitions

(41) For the purpose of this Procedure:

  1. Data custodian: the individual or entity responsible for the management of a project’s research data.
  2. Dual custodian: a Deakin staff member who is responsible for ensuring that the data are managed as described in this Procedure where the custodian is external to the University.
  3. Data description: descriptive metadata relating to research data.
  4. Data destruction: elimination or deletion of records, documents or information, beyond any possible reconstruction.
  5. Mediated access: setting of conditions or controls on access to or reuse of data.
  6. Metadata: descriptive information about research data that enables it to be curated, searched, identified, retrieved and re-used.
  7. Open access: where anyone can access, use and share data with no cost or permissions applying.
  8. Preservation: data management to ensure continued access to materials or records about the materials for as long as necessary.
  9. Research data: all data that is created by researchers in the course of their work, and for which the University has a curatorial responsibility for the required retention periods, and third-party data that may have originated within the University or come from elsewhere. This excludes administrative and teaching data and research publications.
  10. Research Integrity Advisers: advisers who assist in the promotion and fostering of responsible research conduct and provide advice to those with concerns about potential breaches of the Code.
  11. Reuse of data: use of research data for a research activity or purpose other than that for which it was originally intended.
  12. Transferred: physically moving data from one location to another.
  13. Transmitted: electronically moving data from one location to another.