MIT Research Data Principles
Approved September 2019
Research data management promotes widespread use of research, and research efficiency. Researchers should actively manage their data in accordance with the following principles. MIT should support researchers’ efforts with training and resources.
Availability
- MIT and researchers alike have an interest in ensuring the availability of information relating to research activities and their results, as appropriate, to MIT, the research community, and the public.
- Researchers should make data available and meaningfully accessible to the research community and the public; as far as sponsors, the law, and their research requirements permit.
- Researchers should retain data for a period of time sufficient in length to (1) comply with sponsor requirements; (2) support validation of published research results; (3) support reuse; (4) support applications for IP protection; (5) and permit internal investigations and audits as required by law or institutional policy.
- Departing researchers should deposit at MIT copies of all research data generated or acquired in connection with their MIT research.
- Researchers should protect against loss or corruption of data, including making copies or in the case of electronic data, backups.
- MIT should provide necessary training and resources to support these efforts.
Security
- MIT and researchers share an interest in securing sensitive, proprietary, and unpublished data acquired or generated through research.
- Researchers should store their data on systems with appropriate administrative, physical, and technical safeguards.
- Researchers should secure data in accordance with the risks associated with disclosure.
- MIT should provide both guidelines and resources for securing data on a “tiers” model that aligns different information security specifications with different levels of risk.
- Classes of data requiring special attention include (1) human subjects data, (2) third party-provided data subject to contractual restrictions on use and disclosure, (3) data subject to privacy laws, (4) export-controlled data, (5) data relating to unpublished research.
Compliance
- Researchers should manage data in a manner that is consistent with academic norms and professional ethics, MIT policy, and obligations to third parties.
- MIT should advise researchers of and support their compliance with applicable laws, including privacy laws, that regulate collection of, access to, and use, disclosure, retention, and deletion of research data.
- Researchers should not share legally protected data (i.e., data protected by law or data received under a contract) with collaborators outside MIT, without first consulting OSP or OGC.
- If research data are stored on third-party systems (e.g., cloud storage), MIT should negotiate appropriate contractual terms to ensure MIT’s compliance, including restrictions on the service provider’s access to the data.
- To the extent possible given the requirements of the research, researchers should avoid acquiring or generating data that restrict future use and sharing.
- Researchers should consult with COUHES, OSP, TLO, and/or the OGC to determine whether data they would acquire or generate are subject to restrictions.
- MIT should provide resources and training that support compliance with legal obligations.