Data collected during field work or processed as part of field- or course activity at UNIS must be classified to determine the level of security and storage. UNIS uses the same classification scheme as the Norwegian mainland universities, but since UNIS does not handle personal data or health information for research purposes, not all categories are relevant. Note that data sets maintained and processed by UNIS, but generated by external users (e.g., rented instrument pods in the Kjell Henriksen Observatory) are subject to UNIS science data regulations. 

Categories and storage options

UNIS strategy is that all research data and results shall be publicly available without any restrictions (green), but there are circumstances where data handling and access to data should be restricted. Some data collected are also regulated by law, and/or contracts with external clients. Table 1 below shows an overview of classifications, and how and where you can store scientific data within these categories. Click on the colored headers to get more information and the individual classifications. 

Classification Data handling / storage device Green (open) Yellow (Restricted) Red (confidential) Black (strictly confidential) Remarks
Private computer Yes Yes No No 1
UNIS computer (encrypted) Yes Yes Yes No 3
Memory stick / external hard drive Yes No No No 1
Encrypted memory stick / encrypted external hard drive Yes Yes Yes No 1
UNIS OneDrive account Yes Yes No No 2
Private sky storage Yes Yes No No 1
Data repositories Yes Yes Yes Yes 3

Remarks

  1. Small amounts of data can be stored on personal computers if the computer is secured and/or the data is encrypted and not accessible for external users. Note that personal computers and external devices are usually not covered by UNIS backup routines and there is always a risk of data loss.
  2. Restricted and confidential data should not be stored in shared folders.
  3. Restricted data should have access control. Confidential data should be encrypted, and password protected to control access.

Categories explained

Green (open): Most of the information handled by UNIS is open, either as a result of the goals and purposes of UNIS as a research and education institution, or because of rules and regulations regarding public access, or rules set by the various publication channels we use to disseminate research results. Examples of green data are:

  • All data and information used in publications.
  • All data used during teaching.

Yellow (restricted): The restricted category is primarily to be used for non-sensitive internal information with no interest for outside users, and not meant to be shared or published. Examples of such information are:

  • Unprocessed or uncalibrated measurements for internal use.
  • Measurements with detailed location of protected flora and fauna.
  • Datasets data sets governed by special contracts, either permanent or temporary (embargo).

Note that data sets with location information can still be published, but exact locations should be obscured or have restricted access.

Red (confidential): This category is used for information that can potentially harm UNIS’s reputation if leaked. Confidential data is regulated by law and requires special permission. Examples of data sets that may be confidential are:

  • Data sets containing high resolution seabed mapping.
  • Data regulated by export control.
  • Data sets containing high resolution topological models of critical infrastructure.
  • Data sets with details about advanced scientific equipment.
  • Data describing science infrastructure defined as sensitive through contracts or regulations.

    Likewise, personal data governed by the European General Data Protection Regulations (GDPR) should be classified as confidential, but UNIS typically does not handle such data as part of scientific studies..

Black (strictly confidential): This category is also regulated by law, and requires special security measures (encryption, access control). Leakage of confidential data can potentially cause significant harm to UNIS’s reputation if leaked. Examples include:

  • Detailed personal information.
  • Health information.

Typically, UNIS does not handle data sets classified as black.