Deletion of research data
Personal data should normally be deleted or anonymised (see the definition list) upon project completion. Inform the head of department once the data has been deleted / anonymised.
If you have used research data collected from other institutions such as municipalities, private companies and the like, you must delete the research data in accordance with a signed data processor agreement.
Anonymisation means that the scrambling key is deleted, and that direct personal information such as name and / or social security number is deleted. In addition, indirect personal data (identifying background information such as occupation, age, gender) is removed or roughly categorised so that no individuals can be recognised from the material.
Data anonymisation resembles deletion but allows for the anonymised version of the data set to be kept.
If someone requires deletion, such as REK or the institution (municipality, health company, others) that you have obtained research data from, or if there has be provided information about this in connection with obtaining consent, you must ensure that deletion of research data is done in an appropriate, complete and safe way.
If the storage media used in your research project (such as servers, PCs, mobile devices or memory sticks) is to be used by other, this should be handled so that there is no risk of breaking the requirements of confidentiality. The information contained on the storage media must therefore be completely deleted to prevent any possibilities of reproduction of the research file and research data, see Guidelines for Data Security on Deletion and shredding.
Advice and tips
- Disks can be deleted using DBAN or Secure Erase
- If reused by the exact same person / persons, memory sticks may be deleted using CCleaner installed on all HiOA computers. See also BIT's website.
- CDs are deleted by physically scratching the silver coating with a knife or the like
- Contact firstname.lastname@example.org if you need help with safe deletion.
Please note that backups, the research file (see definition list) and scrambling keys must also be deleted. If only the scrambling key is deleted, the research file is anonymous.
Human biological material must also be destroyed when the storage time has expired.
Paper-based research data that you no longer need must be shredded, see also Guidelines for data security and about Deletion and shredding.
Deleting personal registries
Personal registries must be deleted unless you have applied for a license to keep the registry beyond the project period.