When a research project formally concludes, the final phase of the data lifecycle begins, which centers on deciding the long-term fate of the generated data. This involves careful planning for both preservation (keeping data) and disposal (deleting data), all in compliance with legal, ethical, and institutional requirements.
Preservation: Long-term access
Not all data can or should be kept, but data mandated for retention must be moved into a long-term, secure home. This process is called preservation.
Data selected for preservation must be transferred from the active project storage to a secure, designated data repository or institutional archive. This ensures the data remains accessible and usable over many years.
Disposal: Secure and compliant deletion
Just as important as keeping required data is securely and compliantly destroying data that is no longer needed or is explicitly required to be destroyed.
- Requirement review: The first step is to check all relevant policies to determine if a specific piece of data must be destroyed (e.g., highly sensitive personal data after a retention period).
- Secure deletion: Data must not just be “deleted” in the usual sense (which often leaves recoverable files). Instead, it must be securely destroyed using methods that make it technically impossible to recover, especially if it contains confidential or sensitive information.
- Documentation of destruction: Maintaining a record of destruction is critical for demonstrating compliance. This documentation confirms what data was destroyed, when it was destroyed, and how the destruction was performed.