Research Data Management, Retention, and Sharing

The Principal Investigator.

The Cornell University Policy 4.21 on Research Data Retention specifies that principal investigators are the custodians of their research data and responsible for the proper use, access, security, and control of any research data under their management or supervision, including the data used in scholarly publications or presentations.

1. Are your research data referenced in a publication?

Yes: Create a data retention record in the data retention tool upon publication (60 days after publication at the latest)
No: No action required

2. Are your research data a result of a grant that has just ended?

Yes: Create a record for your dataset in the data retention tool after grant closure (60 days after closure at the latest)
No: No action required

3. Are you leaving WCM or retiring?

Yes: Create a record for your dataset in the data retention tool before leaving (60 days before departure at the latest)
No: No action required

• Six years after publication OR after grant close-out
• An additional six years each time you cite your paper referencing the research data

Remember that any repositories you choose must also be able to share your data.

1. Does your funding agency or your journal require you to use a specified data repository?
Yes: Deposit data in the specified repository

No: Do researchers who work with similar data share their data in a specific repository?

Yes: Deposit in the repository used by your research community
No: Contact the Wood Library for guidance on using a generalist repository. You can also use this NIH resource to help you choose an appropriate repository: NIH-Supported Data Sharing Resources.

Please remember: Once the data are deposited in a repository (that allows sharing if the data need to be shared), do not forget to create a record in the data retention tool to indicate the location of your dataset(s). 

Creating a record of data retention in WIDRR alone without depositing data in a NIH-recommended repository will not meet the NIH sharing requirements for dataset(s) that need to be shared.

If data are removed from the public repository, this will jeopardize compliance with both NIH and Cornell University policies. Any changes in data deposition must be versioned.

Yes for publications and grant close-outs if your data is in a repository that supports sharing.  

But, for those who want to initiate grants after January 25, 2023, you must also a Data Management and Sharing (DMS) plan.

Please remember the term Scientific Data is defined in the NIH policy as "The recorded factual material commonly accepted in the scientific community as of sufficient quality to validate and replicate research findings, regardless of whether the data are used to support scholarly publications. Scientific data do not include laboratory notebooks, preliminary analyses, completed case report forms, drafts of scientific papers, plans for future research, peer reviews, communications with colleagues, or physical objects, such as laboratory specimens."

NIH policy requirements:

The NIH policy requires investigators to share any scientific data to replicate or validate findings.

These do NOT include the following:

• Lab notebooks
• Preliminary analyses
• Case reports
• Manuscript draft
• Future research plan
• Peer reviews
• Communication with colleagues
• No lab specimen or other physical objects

NIH recommens keeping data at least three years after grant closeout, but this is different for a contract. The data should include methodology and procedures (including software) used to collect data, data labels, definitions of the variables, and any other information to reproduce and understand the data. NIH also advise the use of naming conventions resulting in unique identifiers, favor the use of Common Data Elements, and suggest advance thought about data storage format and its impact on the research budget, about version control, and the back-up of generated data.

Cornell University policy requirements:

The CU policy requires investigators to record the location of the following data in WIDRR:

• Scientific raw data from publication (DOI of the publication must be provided)
• Scientific raw data from any work not published before the investigator’s grant ends (ex.: Preliminary analyses). The funder grant ID must be provided.
• Scientific raw data from any work not published before the investigator leaves WCM. The Service Now ticket related to the offboarding of the investigator must be provided.
• Metadata associated with the raw dataset OR instruction on how to access the same raw dataset from the same data provider
• Lab Notebooks
• A methods file that details all the analytical steps performed on the raw data until their final published form. This includes software and code used. 

IMPORTANT: to be compliant with the CU policy, investigators must retain any data that cannot be shared in WIDRR. For data that need to be shared according to NIH policy and according to submitted DMP plans, investigators should use a NIH-approved repository and create a record in WIDRR to indicate the location of their dataset.

You must complete a maximum two-page data management and sharing plan (DMSP) that will be evaluated by NIH.

1. Review a checklist for researchers and NIH guidance before drafting your DMSP. The DMSP must include how data will be managed and shared, and identify the institutional process for confirming the plan is actually followed. Once the DMSP is accepted, it becomes part of the legal Terms and Conditions of the Notice of Award by incorporation. The DMSP can be updated at any time via a letter of prior approval from the Principal Investigator to the funding agency.

Best Practices for secure data storage

• ITS provides several options for dataset storage. WCM recommends the use of one of these three options for dataset storage:
• LabArchives (preferreed for Electronic Notebooks)
• OneDrive
• FileShare

• For HIPAA-protected data: the Data Core service is recommended for secure storage and computing
• Best practices for data sharing and archiving can be found here.
• Review Data Repositories
• Example data management plans

2. Determine appropriate data to manage and share. What data need to be managed and by whom?  According to the definition of scientific data above, all scientific data need to be managed (data needs to be backed-up, version controlled, with unique identifiers), but not all scientific data need to be shared.  The PI is responsible for the management and sharing according to NIH policy.

What data need to be shared under the NIH policy? The NIH policy expects researchers to maximize appropriate data sharing when developing DMSPs.

For Human Subject research data, NIH recommend the Principal Investigators to:

• Share according to federal, state/local, tribal, and institutional rules or laws
• Share the DMSP with study participants as early as possible during the informed consent process
• Outline steps to protect privacy, rights, and confidentiality
• Share the limitations on data usage with the person preserving and sharing the data (at WCM these limitations should be shared with the Library) determine if a controlled access is necessary for these datasets, even in the case of de-identified or non-limited datasets.

All limitations on sharing and steps to protect privacy, rights, and confidentiality for sensitive data should be documented in the DMSP.

3. Document the following in your DMSP:

• If datasets are subject to additional privacy controls, who will manage the controls and who will have access? 
• For Data Use Agreements, ensure they permit de-identified data sharing and/or sharing of derived data sets, if possible.
• If your research involves human subjects, ensure that consent forms have language to allow for de-identified data sharing.
• If your research involves indigenous peoples, ensure that the appropriate tribal leaders/groups have approved your plan for data collection and use.

4. Write the DMSP

• The DMPTool has helpful templates
• Here are example DMSPs
• Here is NIH's optional DMSP format page 
• Contact the Library for assistance drafting a DMSP

• Compare your existing data practices with what is required for the renewal
• Identify gaps in your existing data management plans and practices
• Address how you will begin sharing this data
• Consider things the new policy may require, such as Data Use Agreements (DUAs) data de-identification before sharing, data documentation, and upload into a data repository
• Write your DMSP according to the guidance above

• If your NIH sponsored research will generate scientific data, you must submit a DMSP as part of the Budget Justification Section
• This plan should be two pages or fewer and include the following information:
• Data Type
• Related Tools/Software and/or Code
• Standards
• Data Preservation, Access, and Associated Timelines
• Access, Distribution, or Reuse Considerations
• Oversight of Data Management and Sharing
• To Get Started Writing a DMSP, use the NIH Guidance here
• Review NIMH sample DMSPs
• DMPTool