Access to data
The use of privately owned computers a.k.a. the BYOD (Bring Your Own Device) principle, is rather commonly tolerated at OSR as in other research institutions, especially within the Early Stage Researcher8 and Post-Doctoral groups. It is acknowledged that it poses significant issues in terms of RDM including avoiding merging work data with personal data, non-employee use of the computer or other device, gaining access to work data and other OSR resources, and for example, dealing with device misplacement and employee resignation9.
Nevertheless, diligent compliance with the present OSR guidelines on RDM, will go a long way in ensuring immediate retrievability and appropriate storage of original data. Ultimately, and as mentioned above, a personal or otherwise non-OSR-owned device should not be, at any time, the exclusive repository of original data or experimental description.
The Chief Operating Officer for Research, the Scientific Director or their representatives or by delegation the RIO Head have the right to inspect original research data without advance notice in case of alleged RM or other proceeding. The procedures and technical means to exercise this right are already in place care of the IT, HR and Legal Offices.
Investigators may be required to comply with additional RDM measures established by their funding agencies/sponsors (e.g. ERC, Horizon 2020, NIH, industry, etc.).
OSR facilities shall also develop specific RDM protocols to ensure effective storage and conservation of data, but also to avoid liability in case of data manipulation allegations.
The RIO, in accord with the Organisation and Quality Management Office, will carry out routine exploratory audits to verify best RDM practice and with the main goal to provide advice and training.
8 Early Stage Researchers (ESR) are those who are in the first four years (full-time equivalent) of their research careers and have not yet been awarded a doctoral degree.
9 A BYOD policy is being designed to identify objectives and benefits as well as taking into account RDM issues including security, audit and data protection requirements.