Skip to main content

When storing sensitive data, the first concern is to find a good security strategy for your type of data.

Sensitive data can still meet the requirements of the FAIR Data Principles (findability, accessibility, interoperability, and reusability) and be processed in a way that the needed protection is guaranteed also in the future.

Anonymization

AnonymizationAnonymization irreversibly destroys any way of identifying the data subject. Personal data that has been rendered anonymous in such a way that the individual is not or no longer identifiable is no longer considered personal data. For data to be truly anonymised, the anonymisation must be irreversible.
OpenAIRE provides researchers with a tool to anonymise data: Amnesia. The guide for which you can find here.

Pseudonymization

Pseudonymization substitutes the identity of the data subject in such a way that additional information is required to re-identify the data subject. The pseudonym allows tracking back of data to its origins, which distinguishes pseudonymization from anonymization, where all person-related data that could allow backtracking has been purged. Pseudonymised data are still legally considered as sensitive data because the data can be linked back to a person, but it's considered as a secure approach since personal identifiers are stored somewhere else.

Encryption

Encryption is a very generic term and there are many ways to encrypt data. The key to a good encryption strategy is using strong encryption and proper key management. Encrypt sensitive data before it is shared. Encryption will make your data totally unintelligible to those who may try to access it which might reduce re-usability.

In case none of these options are available for your dataset, data should not be made open and be archived under a closed license in a Trustworthy Repository. You can however publish a description (i.e.public metadata) of your data without making the data itself openly accessible, which enables you to place conditions around access to the data.

There are other approaches to sharing sensitive data too:
  • Information professional: is someone who collects, records, organises, stores, preserves, retrieves, and disseminates printed or digital information.
  • Data access committees: A committee that reviews and authorizes applications for data access and use.
  • Safe havens: provide access to data and services to enable research while protecting the confidentiality of the data.
  • Institutional data archives/vault: safe, private, store of data that is only accessible by the data creator or their representative.