Behandling av data etter avsluttet prosjekt | FoU-håndbok - Ansatt

Processing data after project completion

Processing data after project completion

Personal data should not be stored unnecessarily. The project manager is responsible for ensuring that personally identifiable data is not stored longer than what implied by purpose and consent. The research data must be anonymised or deleted.
Published
Latest update

Deletion of research data

Personal data should normally be deleted or anonymised (see the definition list) upon project completion. Inform the head of department once the data has been deleted / anonymised.

If you have used research data collected from other institutions such as municipalities, private companies and the like, you must delete the research data in accordance with a signed data processor agreement.

Anonymisation

Anonymisation means that the scrambling key is deleted, and that direct personal information such as name and / or social security number is deleted. In addition, indirect personal data (identifying background information such as occupation, age, gender) is removed or roughly categorised so that no individuals can be recognised from the material.

Data anonymisation resembles deletion but allows for the anonymised version of the data set to be kept.

Deletion

If someone requires deletion, such as REK or the institution (municipality, health company, others) that you have obtained research data from, or if there has be provided information about this in connection with obtaining consent, you must ensure that deletion of research data is done in an appropriate, complete and safe way.

If the storage media used in your research project (such as servers, PCs, mobile devices or memory sticks) is to be used by other, this should be handled so that there is no risk of breaking the requirements of confidentiality. The information contained on the storage media must therefore be completely deleted to prevent any possibilities of reproduction of the research file and research data, see Guidelines for Data Security on Deletion and shredding.

Advice and tips

  • Disks can be deleted using Secure Erase
  • If reused by the exact same person / persons, memory sticks must be formatted.
  • CDs are deleted by physically scratching the silver coating with a knife or the like
  • Contact  itservicedesk@oslomet.no if you need help with safe deletion.

Please note that backups, the research file (see definition list) and scrambling keys must also be deleted. If only the scrambling key is deleted, the research file is anonymous.

Human biological material must also be destroyed when the storage time has expired.

Paper-based research data that you no longer need must be shredded, see also Guidelines for data security and about Deletion and shredding.

Deleting personal registries

Personal registries must be deleted unless you have applied for a license to keep the registry beyond the project period.

Resources

Definitions and abbreviations.