Research Data Management (RDM)

Managing research data requires specific measures to ensure data security and integrity. This is necessary to protect your data from unauthorized access, changes, or loss, but also to protect the privacy of your research participants.

If you have sensitive data, you will face additional requirements for storing and sharing your data. In particular sensitive information should be password protected and encrypted whenever on a device with internet access or stored online. 

The POPI Act

The Protection of Personal Information (POPI) Act (No. 4 of 2013) is a governmental regulation designed to protect the personal information of South African citizens, similar to the General Data Protection Regulation (GDPR) in Europe. If you are collecting personal information of SA citizens (for instance, through interviews or focus groups, or surveys that collect identifiers such as names, contact information, etc.), you need to ensure compliance with the POPI Act.

The core focus of POPI in a research context: 

• Ensures that if personal identifiers must be collected, they need to be stored in a secure, access-controlled location to prevent the data being harvested and used by third parties
• Does not prevent open data sharing - in fact, open data sharing, by virtue of the need to remove personal identifiers from shared datasets, complies entirely with POPI
• Strategic in storing only de-identified datasets on cloud storage, and ensuring that on-site storage (personal harddrives, external harddrives, the University network) is strictly access-controlled to named and designated individuals to ensure data protection