Home Sensitive Data Collected by Students - Tycho Hofstra

Sensitive Data Collected by Students - Tycho Hofstra

“Where do students store their sensitive research data?” This question was casually asked of me by a colleague in front of the supermarket on the VU campus. Not a strange question, of course. For sensitive data collected by researchers, there is infrastructure and support in place that allows even the most sensitive data to be stored and processed within the rules of the GDPR. Storage options such as Research Drive and Yoda give researchers the assurance that privacy and security are guaranteed.

However, this infrastructure is only accessible to contracted university staff, which students are not. After raising the question with colleagues and other data stewards within the LCRDM network, it became clear that this remains a grey area. There is no structural solution; sensitive data collected by students is dealt with on a case-by-case basis, often by granting students access to the researchers’ infrastructure. The responses I received from other universities, both domestic and abroad, revealed that they face the same issue and are eager to hear how we have addressed it.

Deadlock
Together with data steward Cahit Oguz and functional administrator Dimitri Unger, we organised a Birds of a Feather session at the SURF Research Day on this topic. Using case studies, participants discovered that the challenges surrounding sensitive data collected by students often influence each other. One of the hottest topics was the question of who is ultimately responsible (or the owner) of student data – the university or the student themselves? Without clarity on ownership, creating policies and guidelines is difficult, making it currently unclear whether students are even at fault when they operate within the margins of the GDPR.

All of this would be resolved by infrastructure for students that meets these conditions, but as long as there is uncertainty about the fundamentals, understandably there is no support for costly investments in infrastructure. From various perspectives, this issue ends in a deadlock, where GDPR-conscious students and lecturers can only be helped by opening a small window to the researchers’ infrastructure. A solution that is limited in personnel capacity and storage space and is paradoxically dependent on the lack of awareness of privacy legislation among students.

Moving Forward
This very awareness was identified by participants during the Birds of a Feather session as a catalyst to break free from the deadlock. Guidelines based on ethics and ‘good science’ rather than policy could create the support needed to make decisions about ownership or investments in infrastructure. Additionally, progress is being made on a smaller scale: several participants indicated that faculty-level storage options are being offered to students for sensitive data.

The Birds of a Feather session has inspired both SURF and the research support and education departments to get the ball rolling on this topic. Personally, I look forward to the results of the RDM for Students survey created by Katherine Marcroux from Radboud University, whose findings will be presented at the Open Science Festival in Groningen. This could form the foundation for a national initiative.

Questions or comments? Please contact me at t.m.hofstra@vu.nl or SURF.