First determine your privacy risk categorization (and where applicable your confidentiality risk categorization) and use that categorization to determine the most suitable storage option.


Research Drive SURF Drive G-Drive SciStor
Red Data *
Orange Data * * *
Yellow Data
Green Data
Blue Data

*The files stored on this option must also be encrypted. If encryption is not feasible, contact the Research Data Management Support Desk for support from IT Security.


Best Practices

  • You will often have several data assets each with its own privacy risk categorization. If you are storing all of these files in one storage location, choose the option that protects the data with the highest privacy risk category. If a data asset with a higher privacy risk can be used to re-identify the subjects represented in the data with lower privacy risk (e.g. higher risk = key file & lower risk = pseudonymized questionnaires) you should:
    • Store the higher risk data in a separate storage location from the lower risk data, or
    • If the higher risk data must be stored in the same location as the lower risk data, encrypt the higher risk dataset; also store the higher risk data in a folder that is separate from the other data and which can only be accessed by those who absolutely need to view this data
  • Make use of data de-identification methods to lower the privacy risks of your processed data; your raw data will probably still need to be stored at a higher level of security, but if you lower the privacy risks for your processed data by de-identifying it, you have more storage options for where you keep this processed data.

More information and gettting access