Skip to Main Content

Research Data Management

Research Ethics

When conducting research with human subjects, Research Ethics Board approval is necessary. Although there is no specific section for data, several sections of the REB request form require researchers to provide information on their data collection processes, data storage and data security. Here are some examples of questions with regards to research data management that researchers can expect when requesting REB approval .


Provide a sequential description of the methods and procedures to be followed to obtain data. Describe all methods that will be used.

Privacy and Confidentiality

a) Describe the degree to which the anonymity of participants and the confidentiality of data and other identifiable study materials will be assured and the specific methods to be used for this, both during the research and in the release of findings.

b) Describe the use of data identification coding systems and how and where data will be stored. Describe any potential use of the data by others.

c) Who will have access to identifiable data?

d) What will happen to the identifiable data after the study is finished?

For more information on research ethics at McGill, consult the Research Ethics Board website.

Sensitive Data

Not all data can or need to be open.

Sensitive data/propietary data include: 

• Personal data which contain identifiers such as name, age, gender, physical traits, genetic information
• Confidential data such as trade secrets, financial information, intellectual property rights 
• Biological data such as location data of endangered species 


Portage has released a series of documents (October 2020) as part of a toolkit for researchers working with sensitive data in the Canadian research context (see below, available in French and English).

The Data Curation Network (US-based) has also released a comprehensive Primer on Human Subjects Data Essentials

The Finnish Social Science Data Archive hosts a guide on methods for anonymizing and de-identifying human subjects data, including both qualitative and quantitative approaches

OpenAire Sensitive Data Guide (Europe)

Quick Guide to HIPAA (Stanford University)

Guidance on the HIPAA Privacy Rule, includes a definition of Protected Health Information (US Department of Health and Human Services)

Harvard's DataTags project is working on secure transfer and storage solutions for publishing sensitive data to Dataverse

Further Reading:

Samarati, P., & Sweeney, L. (1998). Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression.

Sweeney, L. (2000). Simple demographics often identify people uniquelyHealth (San Francisco)671(2000), 1-34.

Licenses and Terms

For a general overview on copyright issues related to data, please see this Guide to Licensing Open Data from the Open Knowledge Foundation.

The following are typical Creative Commons license templates that are applied to data:

  • CC 0 (public domain, unambiguously waive all copyright control over your data in all jurisdictions worldwide. Data released with CC0 can be freely copied, modified, and distributed, even for commercial purposes, without violating copyright). This is the default license in Dataverse, as one goal of the project is to promote open science best practices.
  • CC BY (This license lets others distribute, remix, adapt, and build upon your work, even commercially, as long as they credit you for the original creation.)
  • CC BY-NC (This license lets others remix, adapt, and build upon your work non-commercially, and although their new works must also acknowledge you and be non-commercial, they don’t have to license their derivative works on the same terms.)
  • CC BY-SA (This license lets others remix, adapt, and build upon your work even for commercial purposes, as long as they credit you and license their new creations under the identical terms)
  • CC BY-NC-SA (This license lets others remix, adapt, and build upon your work non-commercially, as long as they credit you and license their new creations under the identical terms.)

Not sure what license to select? Creative Commons has a neat tool to help.

Granting Agencies' Requirements

Tri-Agency Statement of Principle on Digital Data Management
  • An official policy is expected but has been delayed until further notice
  • A Research Data Management plan will be expected for grant applications for CIHR, NSERC, SSHRC
  • First step toward a Data Management Policy
  • Policy is expected in Fall 2020
  • Main requirement
  • Research Data Management Plan
    • Metadata
    • Preservation, retention and sharing
    • Timeliness
    • Acknowledgement and citation
U.S Funding Agencies Data Management Requirements
European Funding Agencies Data Management Requirements


Profile Photo
Alisa Rod
McGill University Library
Digital Initiatives
550 Sherbrooke West, West Tower
Montreal, QC H3A 1B9

Research Data Management Specialist

McGill LibraryQuestions? Ask us!
Privacy notice