It looks like you're using Internet Explorer 11 or older. This website works best with modern browsers such as the latest versions of Chrome, Firefox, Safari, and Edge. If you continue with this browser, you may see unexpected results.
In order to share your data appropriately, you must both protect confidentiality and determine any access restrictions. You will also need to protect your own content. Once you've done these things, you're ready to upload your data to an open repository.
There are three general types of data that need protection:
Personally identifiable information (PII): Any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means.
Protected health information (PHI): Individually identifiable health information transmitted or maintained, in any form or medium, by a covered entity. The Health Insurance Portability and Accountability Act (HIPAA Privacy Rule) protects PHI by covered entities.
Sensitive information: Information where, if disclosed, there is a significant likelihood or psychological, social, emotional, physical or reputational harm.
There are three types of identifiers that need to be considered:
Direct identifiers such as phone numbers, names or social security numbers
Indirect identifiers such as race or income
Geographic identifiers such as zip codes or mailing addresses
Ways to remove identifiers
The Department of Health and Human Services suggests two de-identification methods:
The Expert Determination Method allows a person with appropriate knowledge to apply statistical methods to de-identify a data set and determine that the risk of disclosure is small, documenting the methods and results that led to their determination.
The Safe Harbor Method stipulates removal of 18 types of identifiers, including direct and geographical identifiers.
Determine access restrictions
There are three major types of access restrictions:
Embargoes are a specific period of time when access to data will be limited
- Typically last 6-24 months
- Sometimes required by publishers
- Funders might want data to be available within a certain time frame or in a timely manner, which might limit the embargo
User affiliations may necessitate technological restrictions
- Users may need to log into a system to access data
- Membership might be required for access, or user must be part of a certain research group due to licensing agreements
Data use agreements outline the agreement between the data producer and secondary data user
- These agreements impose rules for the reuse, storage, re-dissemination and disposal of the data
- Data use agreements are commonly required when data have the potential to identify human subjects, either indirectly or directly
Protect your content
Data ownership issues need to be resolved at the beginning of your project
- This is important, because the owner controls the dissemination, preservation and destruction of data
- Figure out how, when and by whom data will be used in publications and in the future
Bear in mind that certain things can complicate data ownership issues, such as:
- Cross-institutional collaborations
- International collaborations
- Institutional policies
- Funder policies
Upload your data to an open repository
Once you are certain your data can be shared publicly, you are ready to upload it to an open data repository. There are several free options available to you. Please also note that uploading to a public repository is not the same as preserving your data. Please contact the library staff for preservation options.