Before you determine which digital data transfer option to use, you should assess the privacy risk (and where applicable the confidentiality risk) for the data asset(s) you plan to transfer. This will help you to determine the most appropriate and secure method for your data.
The following guidance is applicable to most collaborative situations, however, if you are working with and sharing data with students or research interns, make sure that additional precautions are taken to protect the data.
If data are stored in Research Drive and a research partner or team member needs access to the data, this user can be granted access via Research Drive. See “Red Data” for details.
If data are stored in SURF Drive and a research partner or team member needs access to the data, they can be provided access via SURF Drive. Any user that can log into SURFconnext can be given access to a SURF drive file. Make sure the added user knows how to work safely in SURF drive and ensure that they only have access to the files that they need to see. Also ensure that they have appropriate access rights (i.e. whether they can only read files or also modify and/or upload files). Finally, the new user will need to install whichever encryption software has been used to protect the data on their own computer in order to de-encrypt the data. Make sure to securely provide the new user with the password to de-encrypt the data (i.e. not via e-mail).
If data need to be transferred to a third party, you can use ZIVVER or SURFFileSender with encryption activated. See “Red Data” for details.
If the above options are not feasible, contact the Research Data Management Support Desk for additional support from IT Security.
If data are stored in SURF Drive or Research Drive and a research partner or team member needs access to the data, they can be provided access via SURF Drive/Research Drive. Any user that can log into SURFconnext can be given access to a SURF drive file; for Research Drive, this guide explains how to add users, including those without SURFconnext login capabilities. Make sure the added user knows how to work safely in SURF drive/Research Drive and ensure that they only have access to the files that they need to see. Also ensure that they have appropriate access rights (i.e. whether they can only read files or also modify and/or upload files).
If data need to be transferred to a third party, you can use ZIVVER or SURFFileSender with encryption activated. See “Red Data” for details.
If the above options are not feasible, contact the Research Data Management Support Desk for additional support from IT Security.
If data are stored in SURF Drive or Research Drive and a research partner or team member needs access to the data, they can be provided access via SURF Drive/Research Drive. See “Yellow Data” for details.
Data may also be sent via internal VU e-mail without encryption. If data need to be sent to a recipient without a VU e-mail address, it is advised to use SURFFileSender, preferably with encryption, although this isn’t as crucial as for higher risk data. Note that even without encryption, SURFFileSender allows for more management of the transfer: you can put an expiry date on the transfer after which the tranfer link is no longer valid and if you accidentally send the transfer to the incorrect recipient, you can removed the transferred file via SURFFileSender before the recipient downloads the file.
If the above options are not feasible, contact the Research Data Management Support Desk for additional support from IT Security.