Martin Paul Eve bio photo

Martin Paul Eve

Professor of Literature, Technology and Publishing at Birkbeck, University of London

Email Books Twitter Github Stackoverflow MLA CORE Institutional Repo Hypothes.is ORCID ID  ORCID iD Wikipedia Pictures for Re-Use

Writing a data management plan

I am often asked for advice on writing data management plans in the humanities, so thought I would share my advice on this more generally. The first thing you need to do is to work out what “data” you are likely to collect or generate. Note that any manuscript you are writing should be considered as a digital data object.

  1. Sensitivity. How sensitive are the data? Do they identify living or dead people? What information do they reveal about them? (for instance, if sexuality plays a role, extreme care should be taken, even if this is already a matter of public record.) Are there GDPR considerations if so? What consent protocols do you have in place? Do you need ethical clearance from IRB?

  2. Risks. How problematic would a data breach be? What risks are there to the data? (My last DMP had contingency plans for my ill health and/or death.) How do other considerations mitigate the damage. I would normally score this on a: risk/likelihood/danger/impact scale where the overall impact is likelihood x danger (these on a scale of 1->5). Then I would do a risk/likelihood/danger/impact scale for after mitigations.

  3. Access. Who will have access to the data? Where will they be stored? (This should be specified geographically as well as software-wise. I.e. if you say Dropbox, then you need to also work out whether Dropbox is GDPR compliant and where it is storing its data in the world.) Do you need encryption?

  4. Backup. During the work process, what are the backup processes to keep the data safe? This should be a minimum of 2-3 redundant geo-distributed copies. (i.e. “one copy of the data will be stored on my laptop. A second copy will be stored on The University’s “M” drive [then insert details from IT services about the provisions of this]. A final copy will be stored in the Crashplan backup system.”) If encryption is needed, then you must consider whether the backups are also encrypted and where you will lodge a backup copy of the encryption keys.

  5. Publication. Will the data be made public when the project is complete? Does any form of anonymisation need to be done?

  6. Archiving. What will be done for the long-term storage of the data? A deposit in your institutional data repository if you have one would be a good idea.