Interesting meeting at Leicester this week with our Information Assurance Services. Andrew Burnham and myself have developed a roadmap to implement research data management policy as required for EPSRC and other funders and are currently leading the development of guidance and support for researchers in time for the new academic year. We are doing this in collaboration with colleagues in IT Services, the Academic Practice Unit, Library and Research Support Office on behalf of the Research Computing Management Group, chaired by our PVC Research & Enterprise Kevin Schurer, which feeds recommendations up to the University Research Committee. We are feeding in the many relevant external information and guidance resources as produced through the JISCMRD programme, UKDA, DCC and related.
I’ve lost some of you haven’t I?! To add to the confusion, there is also the university code of practice for researchers.
However, the question has arisen as to when and how we distinguish the university records management policy with this research data management policy? We are of course referring here to differences in language between different parts of central services in a university – never mind the disciplinary differences across the university academic community.
Information Assurance Services (IAS) currently have a records management policy tabled for university approval. It might be described as corporate based and is not immediately identified with research. And yet if sensitive data were to be lost in a researcher’s lab notes the matter would probably reach IAS before any other body in the university (they also handle FoI requests in the first instance). IAS identify the lab notes as “research records” not “research data” so is a “research records management policy” then required?
From a research data viewpoint we might think of research records as being about the process including funder specific and personal information about the researchers rather than the research itself. Indeed we made exactly this distinction when following up on an external research data audit to all research staff: “Do you use, reuse or generate sensitive (including commercial in confidence) research data?” Researchers tend to assume that departmental and university administrators will be looking after the “research records”.
So let’s clarify how IAS see it. They incorporate information compliance and security (including FoI and environmental concerns), risk management and business continuity. The question then arises: is there clear legal ownership of research data? Many researchers are somewhat surprised to find out their hard work is actually “owned” by their institution for these purposes. This becomes particularly relevant when researchers move institution, as of course they often do.
So I found myself wondering aloud: do we need a “research managment policy” which then refers to the “records management policy” guidance and the rather more prescriptive “research data management policy”?