First determine your privacy risk categorization (and where applicable your confidentiality risk categorization). This categorization will help you to determine the most appropriate methods for digital data transfer.

The following guidance is applicable to most collaborative situations, however, if you are working with and sharing data with students/research interns, make sure that additional precautions are taken to protect the data.

Red Data

  • If a research partner or team member needs access to the data, add the user who needs access via Research Drive. Make sure the added user knows how to work safely in Research Drive and ensure that they only have access to the files that they need to see. Also ensure that they have appropriate access rights. Finally, the new user will need to install whichever encryption software has been used to protect the data on their own computer in order to de-encrypt the data. Make sure to securely provide the new user with the password to de-encrypt the data (i.e. not via e-mail).
    • Do not share red data via a public link in Research Drive.
  • If data must be digitally transferred, use ZIVVER or SURFFileSender(with encryption activated) to encrypt the data during transfer. Make sure to use a strong password to protect the encrypted file. Always provde the recipient with the password via another method (e.g. call the recipient to provide the password). Don’t send the password in another e-mail.
    • This guide provides information on using ZIVVER to obtain informed consent digitally, but also explains, in general, how to set up and use ZIVVER for other situations where digital data transfer is necessary.
    • The recipient of the data must ensure that they will store the received data in a sufficiently secure manner.
  • If the above options are not feasible, contact the Research Data Management Support Desk for additional support.

Orange Data

  • If data are stored in Research Drive and a research partner or team member needs access to the data, this user can be granted access via Research Drive. See “Red Data” for details.

    • Do not share orange data via a public link in Research Drive.

  • If data are stored in SURF Drive and a research partner or team member needs access to the data, they can be provided access via SURF Drive. Any user that can log into SURFconnext can be given access to a SURF drive file. Make sure the added user knows how to work safely in SURF drive and ensure that they only have access to the files that they need to see. Also ensure that they have appropriate access rights (i.e. whether they can only read files or also modify and/or upload files). Finally, the new user will need to install whichever encryption software has been used to protect the data on their own computer in order to de-encrypt the data. Make sure to securely provide the new user with the password to de-encrypt the data (i.e. not via e-mail).

    • Do not share orange data via a public link in SURF Drive.

  • If data need to be transferred to a third party, you can use ZIVVER or SURFFileSender with encryption activated. See “Red Data” for details.

  • If the above options are not feasible, contact the Research Data Management Support Desk for additional support.

Yellow Data

  • If data are stored in SURF Drive or Research Drive and a research partner or team member needs access to the data, they can be provided access via SURF Drive/Research Drive. Any user that can log into SURFconnext can be given access to a SURF drive file; for Research Drive, this guide explains how to add users. Make sure the added user knows how to work safely in SURF drive/Research Drive and ensure that they only have access to the files that they need to see. Also ensure that they have appropriate access rights (i.e. whether they can only read files or also modify and/or upload files).

    • If absolutely necessary, yellow data may be shared in Research Drive or SURF drive via a public link, but that link must be secured with a password that is provided to the recipient via another method (i.e. not via e-mail). It is also advised to set an expiry on the link after which the recipient can no longer access the files. The link should be deleted once the recipient no longer requires access.

  • If data need to be transferred to a third party, you can use ZIVVER or SURFFileSender with encryption activated. See “Red Data” for details.

  • If the above options are not feasible, contact the Research Data Management Support Desk for additional support.

Green Data

  • If data are stored in SURF Drive or Research Drive and a research partner or team member needs access to the data, they can be provided access via SURF Drive/Research Drive. See “Yellow Data” for details.

    • Green data may be shared via a public link without a password. The link should be deleted once the recipient no longer requires access.

  • Data may also be sent via internal VU e-mail without encryption. If data need to be sent to a recipient without a VU e-mail address, it is advised to use SURFFileSender. Even without encryption, SURFFileSender allows for more management of the transfer: you can put an expiry date on the transfer after which the tranfer link is no longer valid and if you accidentally send the transfer to the incorrect recipient, you can removed the transferred file via SURFFileSender before the recipient downloads the file.

  • If the above options are not feasible, contact the Research Data Management Support Desk for additional support.

Blue Data

  • Although “Blue Data” are not subject to privacy or confidentiality laws, it is still recommended to prevent their diversion to unauthorized individuals because your data are valuable and you don’t want them to end up publicly available before you are ready (you don’t want to get scooped!). It is, therefore, advised to at least follow the recommendations described under “Green Data”, as these methods help to prevent the diversion of transferred data and allow you to delete links and files should data be transferred to the incorrect individuals.

  • If the above options are not feasible, contact the Research Data Management Support Desk for additional support.