Manage Your Research Data
Data acquisition and management is emerging as a key component of many research activities. Sharing data reinforces open scientific inquiry, encourages diversity of analysis and opinion and promotes new research. Below you can find resources and guidance to support data access sharing and management.
Guidance for Faculty on Data Agreements
Memo from Ann Arvin, Vice Provost and Dean of Research and George Triantis, Professor of Law, Dated February 5, 2015
Access to large data sets has become a key component of research at Stanford. Often, the data providers -- or recipients -- require the researcher or Stanford to sign a written or online agreement. This memo clarifies when Stanford researchers may sign these agreements themselves and when to contact a University office to review and sign the agreement.
Agreements for Incoming Data
You may sign a data agreement in your individual capacity under the following conditions, which relate to: (a) the nature of the data, and (b) the proposed terms of agreement. This applies whether the agreement is a letter, non-disclosure agreement, a license, or comes in another form -- including online “click” agreements.
However, when the data agreement does include any of the conditions above, or you have questions, contact the appropriate contracting office above. They will ask for information about the research, such as a project description, your funding, and University compliance (as applicable). They will consult with the Office of General Counsel, the Office of Risk Management, the Privacy Office, the Information Security Office and the Export Control Office, as appropriate.
Agreements for Outgoing Data
For agreements where you send out data sets, please contact the appropriate contracting office from the list above when the agreement involves one of the above bulleted issues, or:
If you receive or send data without any agreement, the usual academic conventions such as authorship of publications and not sharing others’ unpublished data without permission would apply.
The Stanford Research Computing Center can assist with data security requirements.
If you wish to license out data created in the course of your Stanford work for commercial purposes, contact the OTL (Office of Technology Licensing).
Genomic Data Sharing
NIH Genomic Data Sharing Policy effective January 25, 2015. Memorandum effective January 25, 2015 from Ann M. Arvin, M.D, Vice Provost and Dean of Research, and Harry B. Greenberg, M.D., Senior Associate Dean for Research, SoM
RCO Guidance: "NIH Genomic Data Sharing for NIH Grant Submission" which links to:
- Institutional Certification Genetic/Genomic Data Sharing NOT-G1 rev1 11/14 issued by Stanford University Research Compliance Office
- Sample Genomic Data Sharing Plan template
- FAQs (see Genomic data sharing)
Standard Forms related to Institutional Certification Genetic/Genomic Data Sharing can be found on the RMG website.
The Stanford Digital Repository
The Stanford Digital Repository (SDR) provides digital preservation, hosting, and access services that enable researchers to preserve, manage, and share research data in a secure environment for long-term citation, access, and reuse. By depositing data into the SDR you will:
- Receive a permanent link (persistent URL) to your deposit that will not change over time
- Be able to control when your data is made public and what the licensing rules are around your data
- Make it easy for others to find your data
- Rest easy knowing your data are securely preserved for the future
- Option to register a DOI for your dataset or sign up for an account to mint your own DOIs
The Data Management Services site includes text about the SDR that you can copy and paste into your data management plan (DMP) if you intend to use the SDR for your research data.
Data Management Services
Stanford University Libraries offers tools and services to help researchers comply with funding agency provisions on data management and to improve the visibility of their research.
The University Libraries offer Data Management Services to assist Stanford's researchers with the organization, management, and curation of research data, including:
- Understanding and creating data management plans
- Organizing and backing up your research data
- Acquiring and analyzing data
- Assigning metadata to enable future discovery
- Preserving your data for long-term access
The DMP Tool (Data Management Planning Tool) provides templates, Stanford-specific guidance, and suggested answer text for creating a data management plan for your next grant submission. The Stanford Digital Repository provides long-term preservation of your important research data in a secure, sustainable stewardship environment, combined with a persistent URL (PURL) that allows for easy data discovery, access, sharing, and reuse.
The Data Management Plan Tool
The Data Management Planning Tool (DMP Tool) puts at your fingertips all the information you need to write the data management plan for your next research grant proposal. This online tool includes:
- Current funding agency requirements for approximately three dozen national funding agencies, including the NIH, 14 NSF directorates, DOD, DOE, NASA, NOAA, NEH-ODH, the Gordon and Betty Moore Foundation, and IMLS
- Help text with suggestions and guidelines on composing each plan section
- Links to Stanford-specific guidance, as well as general guidance from funding agencies and information about best practices
- Text about the SDR that you can copy and paste into your data management plan (DMP) if you intend to use the SDR for your research data.
- Tools that allow you to edit, collaborate, share, and export your plan
The European Union General Data Protection Regulation (GDPR)
The European Union General Data Protection Regulation, or GDPR, is a new and substantial data privacy law that is relevant to 33 countries in the EU and European Economic Area.
GDPR applies to individuals and organizations handling personal data within the EU, transferring data into and out of the EU, and processing of EU data anywhere. It is effective as of May 25th, 2018.
FAQs on GDPR
How does it affect Stanford?
Stanford as an educator, employer and research institution collects and processes personal data from around the world on a regular basis. When we are collecting and processing data from people located in the EU – regardless of citizenship or residency – during the course of offering goods or services, marketing, or by one of our sites established in the EU, we fall within GDPR and must meet the regulatory requirements.
What kind of information is protected under GDPR?
The GDPR protects personal data of people located in the EU. Personal data includes some obvious types of information like name, address, health information and IP address. But it also includes information related to race or ethnicity, religion or philosophical beliefs, and sexual orientation. This is because, in the EU, protection of personal data is considered a fundamental right of the individual.
Can you give a specific example of how the GDPR might affect a particular function at Stanford?
A good example is the Bing Overseas Study Program (BOSP), which has five sites in the EU. Those sites have staff, contractors, faculty and, of course, students all in the EU. Even if personal data was never transferred outside of the EU by BOSP, the sites are still established in the EU, making them subject to GDPR.
Another example is a research study where there will be data subjects from the EU. We must ensure that our informed consent form meets EU regulatory requirements, as well as U.S. requirements like the Common Rule, otherwise known as the Federal Policy for the Protection of Human Subjects.
How has the university responded to the upcoming changes?
In August 2017, the University Privacy Office convened a multi-disciplinary task force to begin reviewing and assessing GDPR and its impact on the university. Through the GDPR Task Force and its seven working groups, we have:
- Engaged in data mapping
- Conducted a gap assessment
- Prioritized our compliance efforts
- Developed new privacy notices and policies
- Amended consent language in admissions, financial aid, human resources and research
- Updated contractual language
- Developed a training video for the university
This is an ongoing effort for us, as this is a new law and everyone – including the European regulators – is still learning how to achieve compliance.
What are the consequences for entities that fail to comply?
- Fines of up to €20,000,000 (about $23.4 million) or 4 percent of total worldwide yearly revenues, whichever is higher
- Inability to transfer data from the EU
- Inability to collaborate with entities that comply with GDPR
- Private claims from data subjects
- Heightened scrutiny from data protection authorities
These consequences could have a substantial effect on the university in terms of reputation and achieving our core mission.
Where can I find Stanford's training on GDPR?
You can find the GDPR training here.
How do I notify the University that my research entails data subject to GDPR?
For sponsored projects, at the time of proposal development and submission via the SeRA system, your PDRF or PIF (for SoM) will include project questions related to the GDPR requirements.
At the time of award, your institutional official will negotiate additional terms and conditions that may be required in order to comply with GDPR regulations.
For all research projects that include human subjects data collection and processing of the nature described in the GDPR training, language for the consent will be provided to you during your IRB review. This language will inform participants about their study data regulated under GDPR.