Transmitting data between locations or within research teams can be a challenge for the data management infrastructure. Data encryption will maintain data security during transmission and should be used when sending disclosive information.

Transferring large files

In an era of large-scale data collection, transferring large files can be a challenge.  Third party commercial file sharing services exist to facilitate the movement of files. However, services such as Google Docs, Dropbox or YouSendIt are not necessarily permanent or secure, and are often located overseas and therefore not covered by UK law.  They may even be in potential violation of UK law, particularly in relation to the UK Data Protection Act (1998) which states data should not be transferred to other countries without adequate protection.

A dropbox service can be a safe solution for transferring large data files, if it is managed and controlled by the responsible institution. For example the UK Data Archive recommends data deposits from researchers are made via the University of Essex ZendTo dropbox service, with data files containing sensitive or personal information encrypted before submission.

Encypting data

Encryption can be used for safely moving or storing files, such as for back-ups or storage on mobile devices. Individual files can be encrypted, as well as entire storage devices or spaces.

Encryption software uses an algorithm to encode information; a key is needed to decrypt the information. The larger the key size, the more secure the encryption. After testing a number of software applications for encrypting data - to enable secure data transmission from government departments to the UK Data Archive -  we recommend the use of Pretty Good Privacy (PGP) standard technology. This is available in open source, e.g. GnuPG or commercial software, e.g. PGP.

Encryption requires the creation of a public and private key pair and a passphrase. The private PGP key and passphrase are used to digitally sign each encrypted file, and thus allow the recipient to validate the sender's identity. The recipient's public PGP key is installed by the sender in order to encrypt files so that only the authorised recipient can decrypt them.

READ MORE ABOUT PGP

Encrypting data files for deposit with the UK Data Archive, using the PGP process

Once only:

• install a PGP encryption software, e.g. GnuPG
• create your own public/private key pair and passphrase
• download the UK Data Archive Public Key and unzip it
• import this Public Key into the PGP software

Every time files need encrypting:

• select files for encryption
• select the UK Data Archive Public Key
• digitally sign the files to be encrypted using your private key and passphrase
• encrypt selected files using the UK Data Archive Public Key
• send files to the UK Data Archive by email or via file transfer protocol

Other encryption software

Another file-based existing encryption software example is Axcrypt.

Software such as SafeHouse, Utimaco or TrueCrypt can be used to create an encrypted storage area on portable devices or to encrypt an entire drive or disc. All files transferred to this area are held securely and can only be accessed via the key.

VIEW AN EXERCISE ON HOW TO CREATE AN ENCRYPTED STORAGE AREA