The rule of thumb is: as soon as possible.

Consider relevant expectations such as data repository policies, record retention requirements, or journal policies.

NIH states that you must share your data when you publish your work or before your performance period ends, whichever comes first.

You share via the same established data repositories in which you chose to deposit your data, such as:

• NIH discipline-specific repositories
• NIH-recommended generalist repositories
• Other data repositories

Storage, Backups, Security:

Generalized Storage:

• OneDrive
• FileShare
• LabArchives

Specialized Storage:

• LabArchives
• High Performance Computing
• Data Core (required for grants with IRB protocols)
• Data Repositories

To choose an appropriate repository we recommend the following steps:

This flowchart aims to guide investigators in decisions about their data retention and sharing duties for Cornell University and NIH policy compliance.

NIH has classified their repositories by funding agencies to help researchers locate the public repositories available under a specific funding Institute or Center. The link below shows lists of repositories that include the Institute or Center, Repository Name, Description, Submission Policy, and How to Access the Data. For guidance on the best repository for your data, contact the Wood Library.

• https://www.nlm.nih.gov/NIHbmic/domain_specific_repositories.html This list hosts data of a specific type or related to a specific discipline.
• For data that require limitations in access or for repositories and knowledge bases with limitations on submission, the NIH provides the following link: https://www.nlm.nih.gov/NIHbmic/other_data_resources.html

NIH-recommended generalist respositories

The NIH has endorsed nine generalist repositories that house data regardless of type, format, content, or subject matter. The NIH recommended generalist repositories are available through this link: https://www.nlm.nih.gov/NIHbmic/generalist_repositories.html.

For guidance on the best repository for your data, contact the Wood Library.

Other data repositories

Other resources to help researchers find the right repositories can be found on the Samuel J. Wood Library Data Preservation, Access and Associated Timeframes site or the  Arizona University website under the Tools for Finding Repository section.

The Center for Scientific Review (CSR) will check DMSPs for completeness and viability. The Peer Review Committee (PRC) will assess the budget and the budget justification for feasibility. The PRC will not see the DMSP which will not impact the scoring.

More information on budgeting for data management and sharing can be found here.

The costs must be included in the SF 424 R&R budget form in Section F. Other direct costs or PHS 398 can be included for Modular Budgets. There will be a new Budget Line Item labeled “Data Management and Sharing.” The costs must also be included in Section L of Budget Justification.

• Infrastructure costs that are included in institutional overhead (e.g., Facilities and Administration costs)
• Costs associated with the routine conduct of research, including costs associated with collecting or gaining access to research data
• Costs that are double charged or inconsistently charged as both direct and indirect costs

Allowable costs include any reasonable, justifiable costs required to comply with the DMSP.

Some examples are:

• Labor for data curation (e.g., formatting data, de-identifying data, preparing metadata to foster discoverability, interpretation, and reuse)
• Preserving and sharing data through established repositories, formatting data for transmission to and storage at a selected, established repository for long-term preservation and access (if fees apply)
• Developing supporting documentation
• De-identifying data
• Local data management considerations, such as unique infrastructure necessary to provide local management and preservation (before being deposited in an established repository)
• Other costs

• If your NIH sponsored research will generate scientific data, you must submit a DMSP as part of the Budget Justification Section
• This plan should be two pages or fewer and include the following information:
• Data Type
• Related Tools/Software and/or Code
• Standards
• Data Preservation, Access, and Associated Timelines
• Access, Distribution, or Reuse Considerations
• Oversight of Data Management and Sharing
• To Get Started Writing a DMSP, use the NIH Guidance here
• Review NIMH sample DMSPs
• DMPTool

• Compare your existing data practices with what is required for the renewal
• Identify gaps in your existing data management plans and practices
• Address how you will begin sharing this data
• Consider things the new policy may require, such as Data Use Agreements (DUAs) data de-identification before sharing, data documentation, and upload into a data repository
• Write your DMSP according to the guidance above

You must complete a maximum two-page data management and sharing plan (DMSP) that will be evaluated by NIH.

1. Review a checklist for researchers and NIH guidance before drafting your DMSP. The DMSP must include how data will be managed and shared, and identify the institutional process for confirming the plan is actually followed. Once the DMSP is accepted, it becomes part of the legal Terms and Conditions of the Notice of Award by incorporation. The DMSP can be updated at any time via a letter of prior approval from the Principal Investigator to the funding agency.

Best Practices for secure data storage

• ITS provides several options for dataset storage. WCM recommends the use of one of these three options for dataset storage:
• LabArchives (preferreed for Electronic Notebooks)
• OneDrive
• FileShare

• For HIPAA-protected data: the Data Core service is recommended for secure storage and computing
• Best practices for data sharing and archiving can be found here.
• Review Data Repositories
• Example data management plans

2. Determine appropriate data to manage and share. What data need to be managed and by whom?  According to the definition of scientific data above, all scientific data need to be managed (data needs to be backed-up, version controlled, with unique identifiers), but not all scientific data need to be shared.  The PI is responsible for the management and sharing according to NIH policy.

What data need to be shared under the NIH policy? The NIH policy expects researchers to maximize appropriate data sharing when developing DMSPs.

For Human Subject research data, NIH recommend the Principal Investigators to:

• Share according to federal, state/local, tribal, and institutional rules or laws
• Share the DMSP with study participants as early as possible during the informed consent process
• Outline steps to protect privacy, rights, and confidentiality
• Share the limitations on data usage with the person preserving and sharing the data (at WCM these limitations should be shared with the Library) determine if a controlled access is necessary for these datasets, even in the case of de-identified or non-limited datasets.

All limitations on sharing and steps to protect privacy, rights, and confidentiality for sensitive data should be documented in the DMSP.

3. Document the following in your DMSP:

• If datasets are subject to additional privacy controls, who will manage the controls and who will have access? 
• For Data Use Agreements, ensure they permit de-identified data sharing and/or sharing of derived data sets, if possible.
• If your research involves human subjects, ensure that consent forms have language to allow for de-identified data sharing.
• If your research involves indigenous peoples, ensure that the appropriate tribal leaders/groups have approved your plan for data collection and use.

4. Write the DMSP

• The DMPTool has helpful templates
• Here are example DMSPs
• Here is NIH's optional DMSP format page 
• Contact the Library for assistance drafting a DMSP