Share your data with colleagues

In a collaborative research project it is possible that a number of individuals may require access to the data — potentially with different privileges to read, write, update or delete.

How can I collaborate on research data?

Is your data fit for sharing?

How and with whom you can share your data depends on the nature of your data: does it include personal data, is it confidential or in any way restricted?

The University has developed a Policy on Categorising and Protecting University Information Assets (Word doc) that grades data and advises on storage and transfer of information. We recommend that you familiarise yourself with the Policy, especially the information classifications:

  • Ordinary;
  • Confidential;
  • Restricted; and
  • Personal.

How can I share folders with research data?

If you want to share folders containing research data with other Lancaster colleagues, you will need to request research data storage. Find more about this in our storage guide. You can request that the storage folder be shared with Lancaster colleagues. 

If you need to share data with colleagues outside Lancaster, we recommend using Box. Please also check our summary below to see which method of data transfer is adequate.

What is Box?

Box is Lancaster University’s solution for secure online storage. Box is an enterprise cloud storage solution that is available to all members of the University. Box uses high-grade encryption to secure data, both in transit and at rest. Box is certified by a number of external bodies as demonstrating secure practices and technologies and technologies and adheres to the adequate protection requirements of the EU Data Protection Directive.

Please note that the maximum size of a single file is 5GB. The total storage size is 1TB per user.

Can I use Box to store and share my working data?

Using Box is the preferred way to share data with colleagues within and outside of the University. There are a number of ways that data can be shared with external parties using Box, and it is the data owner’s responsibility to ensure that this is done correctly and in accordance with the data type.

Box offers users the ability to share data with external users through unique links. These can (and should) be set to require a strong password (that should be communicated using an alternative method to how the link is sent, such as phone or text). Users can also specify how long the link is active for and whether the data can be download or simply viewed. The user access of the document uses high-grade transport encryption.

More information about how to use Box is available.

What can I use for secure information transfer?

There are a number of methods available for you to use — the choice of the transfer method would depend on the information classification and circumstances, such as whether is it paper based information, whether you want to transfer information between departments on campus (internally), or whether your department has any extra rules/regulations that you need to consider.

The table below summarises some possible transfer methods, depending on information classification:

Information ClassificationSending externallySending internally
Ordinary
Confidential
Restricted
  • LU Box.
  • Encrypt and send using ZendTo.
  • Emailing not recommended — if no other alternative, must encrypt.
  • LU Box.
  • Shared folders or SharePoint site with appropriate access permissions.
  • ZendTo.
  • Emailing not recommended — if no other alternative, must encrypt.
Personal

Are the recipients registered as Data Processors? Are they allowed to have this information? Compliance team can offer advice.

Is it possible to remove information (e.g. names) and send non-personally identifiable information (e.g. ID number)?

  • LU Box (encrypt sensitive personal data before upload)
  • Encrypt and send using ZendTo.
  • Emailing not recommended — if no other alternative, must encrypt personal information before emailing.
Is it possible to remove information (e.g. names) and send non-personally identifiable information (e.g. ID number)?
  • LU Box (encrypt sensitive personal data before upload).
  • ZendTo (must encrypt sensitive personal data before upload).
  • Shared folders or SharePoint site with appropriate access permissions.
  • Emailing not recommended — if no other alternative:
    • Encryption required if contains personal information of more than one person*
    • Encryption recommended if it’s about an individual and sent internally*

 

* Depending on the content of the information you are transferring, you need to apply a sensible/realistic level of protection.

How can I encrypt data with personal information and send it to a colleague at another university?

  • The reconditions for sending personal data outside of campus would be to encrypt the files first and then use a service such as LU Box or ZendTo to transfer.
  • The only recommended solution is the encryption of individual documents using the built-in encryption of office products. If it is just a document you are sending, then this encrypted file should be uploaded to one of the services above and then the password of the encrypted file should be communicated over a different channel such as a telephone call or text message (not an email).
  • If you need to send something other than an Microsoft Office file or a collection of files, ISS advises using 7-Zip which should be set to use AES-256.