View Current

Research Data Management Procedure

This is the current version of this document. To view historic versions, click the link in the document's navigation bar.

Section 1 - Preamble

(1) Charles Darwin University (‘the University’, ‘CDU’) is committed to research excellence and integrity, and to providing a research environment that will promote both a high standard of professional conduct by its researchers, and a culture of research practice that is ethical, competent, safe and accountable.

(2) The responsible management of research data and primary materials by the University and its researchers is a requirement of the Australian Code for the Responsible Conduct of Research, 2018 (the Code), of Northern Territory and Commonwealth legislation, and of research funding bodies such as the Australian Research Council (ARC) and the National Health and Medical Research Council (NHMRC).

(3) To optimise research outcomes and their validity, research data, records and primary research materials must be stored, retained, documented and/or described, made accessible for use and reuse, and/or disposed of, according to legal, statutory, ethical and funding body requirements.

Top of Page

Section 2 - Purpose

(4) This procedure outlines:

  1. the University’s requirements for managing research data and primary research materials in accordance with the Code, University policies and procedures, and relevant legal, statutory, ethical and funding body requirements; and
  2. the responsibilities of the University, its researchers (staff and visitors) and research students regarding the management of research data. This includes the generation, collection, access, use, analysis, disclosure, storage, retention, disposal, sharing and re-use of research data, primary materials and records.
Top of Page

Section 3 - Scope

(5) This procedure applies to

  1. all staff, students and visitors undertaking or supporting research at all University research locations, and any research the University is obliged to consider; and
  2. all research data, including associated records or notes and primary materials in some form, that are created or generated for approved research conducted at or on behalf of the University.
Top of Page

Section 4 - Procedure

Research data planning and management

(6) The University recognises that the different types of outputs arising from research are valuable assets and must be managed to realise the greatest benefits for the University community, including researchers and research participants and agencies from whom research data are drawn. Outputs arising from research include research data.

(7) The appropriate creation, processing, analysis and preservation of research data supports the future accessibility of that data and its reuse for and by the research community and society. The research community includes research participants from whom research data is drawn. Research participants have a legitimate interest in the responsible management of research data.

(8) Research data management is a shared responsibility to implement good practice compatible with the University’s commitment to the highest ethical standards in research, protecting the rights, dignity, health, safety and privacy of the community, including research subjects, to the welfare of animals, and to the integrity of the environment.

(9) All researchers and research administrators are required to develop a research data management plan at the commencement of each research project to formalise decisions relating to ownership, custodianship, retention, storage and disposal of research data.

(10) A research data management plan should include, but not be limited to, details prescribed in the Code and in this procedure.

(11) All researchers and research administrators must:

  1. actively maintain research data management plans that address data capture, management, integrity, confidentiality, retention, sharing and publication for all research from grant proposal to the conclusion of the research; and
  2. review and update research data management plans to reflect changing circumstances.

(12) Research data management plans must be kept with, and/or clearly linked to, other research project documentation, and with the primary materials and research data. This will ensure that data is only used in accordance with legal and ethical requirements, that data can be understood during research projects, that researchers continue to understand data in the longer term, and that re-users of data are able to interpret the data.

(13) Library Services provides a Research Data Management Guide to assist in planning and implementing good research data management practice throughout the research lifecycle.

(14) All researchers, research students and research administrators, who collect, create and/or generate research data must:

  1. document how data will be created, stored and managed, and the provisions for access to data from creation to disposal or permanent preservation;
  2. store and maintain data securely in a method appropriate for the format of the data and with appropriate metadata and/or documentation;
  3. identify non-digital data that is not suitable for digitisation and organise storage in a secure environment in accordance with the University’s Records and Information Management Policy and Procedure;
  4. store master copies of digital data in a manner that is secure and backed up, and ensure that any arrangements for master copies of data stored externally to the University are documented in writing at the commencement of the research and that external storage providers comply with the University’s Governing documents;
  5. ensure all research data, records and primary research material and sufficient documentation are stored and managed to allow appropriate access, use and validation of research outcomes;
  6. make data available for use via open or negotiated access, considering constraints which may arise from ethical, privacy, confidentiality, cultural and intellectual property and the requirements of the University’s Open Access Policy and research funding bodies such as the ARC and the NHMRC;
  7. facilitate long term access and preservation by using durable formats to create and store digital and non-digital data;
  8. comply with discipline requirements for quality research, the University’s governing documents and relevant legislation in relation to, safety, privacy, records management, risk management, financial management and ethical acceptability;
  9. notify the Privacy Officer and appropriate parties if there is a breach of confidentiality or privacy, in accordance with the Privacy Policy; and
  10. establish detailed Collaborative Research Agreements for all cross-collaborative projects and research.


The University

(15) The University will ensure that:

  1. policies, facilities and processes for the safe and secure storage and management of research data and primary materials in order to allow for the justification and verification of the outcomes of research, maximise the potential for future research, and minimise waste of resources of value to researchers and the wider community;
  2. there are mechanisms and services for the storage, backup, registration, deposit and retention of research data and research data assets which support current and future access, during and after completion of research;
  3. templates, systems and training are available for those required to complete research data management plans;
  4. research data is securely stored in accordance with Territory and Commonwealth legislation and the University’s policies and procedures;
  5. the period for which data will be retained beyond the defined minimum period according to legislative, funding, administrative and other relevant factors is defined;
  6. advice is available on appropriate potential agreements and licences for research data use and reuse;
  7. there is ongoing training and education that promotes and supports responsible research conduct and assists all researchers and those in other relevant roles to follow the University’s data management policies and other discipline-specific policies; and
  8. ensure research supervisors, including supervisors of research higher degree students and other research trainees have the appropriate skills, qualifications and resources for their roles and responsibilities.

Senior Managers

(16) Senior managers are responsible for:

  1. the conduct of research within their Faculty, Research Institute or Centre;
  2. ensuring researchers are inducted and aware of their obligations relating to research data management, with reference to the relevant research discipline(s) and specialisation(s);
  3. providing appropriate access and facilities for the safe and secure storage of primary materials, research data and records; and
  4. ensuring research data management plans and research data are forwarded to the appropriate units for storage and retention.

Researchers (staff and visitors)

(17) The Principal Investigator of a research project has primary responsibility for ensuring that data and materials are managed correctly, and appropriate records are maintained for that project.

(18) Staff and visiting researchers are responsible for:

  1. completing a research data management plan, including in instances where another institution is the custodian of the data, in which case the researcher must agree what research data are to be copied for University purposes;
  2. retaining clear and accurate records of their research protocols, methods and research data sources;
  3. retaining and producing on request all relevant approvals, authorisations and other administrative documents, such as ethics and financial approvals, receipts and consent forms;
  4. respecting any project-specific conditions of consent and protecting the confidentiality and privacy of data by complying with relevant legislation, the Code and University policies and procedures;
  5. managing research data according to ethical protocols and agreements, relevant University policies and any relevant contractual obligations,
  6. taking all reasonable steps to keep research data secure as prescribed by the Code and University policies and procedures;
  7. reporting any inappropriate use of or access to or loss of data immediately and in accordance with the University’s policies and procedures and, where relevant, other reporting schemes such as the Notifiable Data Breaches Scheme;
  8. making research data available for use by other researchers and interested persons for further research in accordance with the Code, the requirements of relevant third parties such as the ARC and NHMRC, and relevant University policies and procedures;
  9. ensuring that agreements are in place to govern circumstances in which researchers leave the project or move from one institution to another during the course of the project; and
  10. ensuring that agreements are in place between institutions for managing responsibities prescribed in the Code and the University’s policies and procedures for data and information in multicentre or collaborative projects.

Research supervisors

(19) Research supervisors are responsible for:

  1. ensuring that a research data management plan is developed for each approved research project prior to its commencement;
  2. ensuring that research higher degree students are inducted and aware of their obligations relating to research data management, with reference to the relevant research discipline(s) and specialisation(s); and
  3. ensuring research data management plans and research data are forwarded to the appropriate units for storage and retention.

Research students

(20) Students and research candidates and their supervisors are responsible for the collection, storage, security and use of research data and records, including confidential research data and records.

(21) Candidates must establish collection and storage procedures for research data and records that are acceptable to the supervisor and recorded in a Research Data Management Plan.

(22) Appropriate arrangements must be negotiated with the supervisor for the security of research data and records involving human participants. These arrangements must be outlined in the candidate’s application for ethics clearance.

(23) Upon submission of their thesis, candidates must deposit research data and records associated with the thesis with the relevant Faculty, Research Institute or Centre and provide the supervisor with full details regarding the location to ensure they are managed appropriately over time.


(24) Library Services, in partnership with Research and Innovation, is responsible for the development and maintenance of the University’s online research repository and related software databases. This includes provision of open and/or controlled access to metadata records describing and providing access to the University’s collection of research datasets and providing training and support relating to research data management.

Information Technology Management and Support

(25) Information Technology Management and Support is responsible for:

  1. providing research data management storage infrastructure and services based at the University; and
  2. providing support to researchers relating to research data storage.

Director Research

(26) The Director of Research is responsible for:

  1. overseeing the management of research data across the University; and
  2. compliance with this procedure.

Ownership, intellectual property and copyright

(27) Researchers must ensure that ownership, and where relevant intellectual property and copyright, of primary materials and research data is identified and documented at the start of a research project and reviewed and updated as appropriate and as required by the University’s Intellectual Property Policy and other related policies and procedures.

(28) Research Data Management Plans must detail how ownership and storage of data and materials will be affected by researchers changing institutions, or withdrawing from collaborative projects.

(29) In the absence of any licence or agreement governing the use of third-party content, or other express permission, researchers must use third-party research data in accordance with the Copyright Act 1968.

(30) Where no licence agreement is in force and the intended use of third-party copyright material extends beyond what the Copyright Act 1968 allows, researchers must obtain written permission on behalf of the University from the copyright holder. Researchers must store permission documentation in such a way as to ensure that the University can access that documentation and that any subsequent use of the material complies with the terms and conditions of the permission granted.

Legal, contractual and ethical requirements

(31) Access to research data should be considered in the context of ethical, privacy, confidentiality, cultural and intellectual property requirements.

(32) Confidential research data must be managed in accordance with any contractual or funding agreements and legislation, including the Privacy Act 1988 and the Information Act 2002.

(33) It is the responsibility of all researchers and research administrators to ascertain and comply with any legal, ethical or contractual confidentiality conditions relating to primary materials, research data and related records, such as:

  1. respecting any confidentiality agreement about stored data that has been made with participants and ensuring documentation of same for the awareness of future users;
  2. considering appropriate ways of collecting, storing and accessing data, and communicating with research participants about these issues;
  3. establishing consent processes that include information about the form in which the data will be stored, indexed and the purposes for which the data will be used and/or disclosed;
  4. retaining records of confidentiality agreements and consents;
  5. securing data so that it is not available for uses to which subjects did not consent;
  6. applying the AIATSIS Code of Ethics for Aboriginal and Torres Strait Islander Research and NHMRC’s Ethical conduct in research with Aboriginal and Torres Strait Islander Peoples and any equivalent guidelines in local jurisdictions when conducting research involving First Nations people;
  7. considering First Nations intellectual and cultural property rights, in addition to other copyright and intellectual property requirements as required by the Intellectual Property Policy; and
  8. documenting any special data management arrangements made with other types of communities that are participating in research, in accordance with approved human research ethics protocols, research agreements and research data management plans.

(34) If there is any doubt about confidentiality and consent, researchers must consult the NHMRC’s National Statement on Ethical Conduct in Human Research 2018, particularly Section 2: Themes in research ethics: Risk and benefit, consent and Section 3: Ethical considerations in the design, development, review and conduct of research, and seek advice from the University’s Human Research Ethics Committee.

(35) Intellectual property must be managed in accordance with the Code and the Responsible Conduct of Research Policy, Intellectual Property Policy and other relevant policies and procedures.

(36) Funding agencies and other stakeholders, for example, research collaborators and research participants, may also have intellectual property requirements and these must be considered when drawing up a Research Data Management Plan. All collaborative research projects that engage personnel external to the University are required to establish a collaborative research agreement in accordance with the Code and the University’s Responsible Conduct of Research Policy, Intellectual Property Policy and other relevant policies and procedures.

Data retention and transfer

(37) Research data, primary materials and associated records are considered University records and must be stored, retained, disposed of or transferred in accordance with the University’s Records and Information Management Policy and Procedure, Research Data Management Procedure, Responsible Conduct of Research Policy and any additional legislative or contractual requirements.

(38) Retention periods and/or disposal actions should be determined according to the University's Retention & Disposal Schedule - Research Management. Records are subject to further appraisal and may be retained for longer than the minimum retention period specified if considered necessary for research or business requirements.

(39) Specified periods may vary depending upon the local jurisdiction, the discipline and type of research, other governing documents, and the requirements of bodies such as funding agencies and commercial sponsors.

(40) Longer term and permanent retention of data is recommended where the outcomes of research may be of high public interest or contention, or may substantially shift the paradigm for the field of enquiry, or may have resulted in the identification, registration and use of intellectual property.

(41) In the event that results from research are challenged, all associated research data and materials and related records must be retained until the matter is resolved. Research data and materials and related records that may be subject to allegations of research misconduct must not be destroyed.

Data storage

(42) All primary materials, research data and records must be stored in an institutional repository or archive for the long-term storage period for purposes of validating the research, furthering knowledge and to aid preservation and access. It may be necessary to convert data into newer or more accessible formats over time, and therefore researchers and research administrators must ensure data is appropriately stored in either:

  1. a Faculty, Research Institute or Centre data storage facility provided by the University; or
  2. a central University institutional repository; or
  3. during the active research phase, a research support partner’s institutional repository.

(43) Where University researchers collaborate with researchers from other institutions, it is expected that the Faculty, Institute or Centre data storage facility would normally house a copy of the portions of research data created by the University or using University resources.

(44) Other storage options include:

  1. University provided data storage facility - University supplied data storage services and servers must be used for University related data storage. The University provides personal file storage space on the network file server. Staff members and students are allocated approximately 500mb of hard disk space, and additional space may be assigned to researchers or access provided to Faculty specific research storage drives;
  2. research data repositories - including the University’s Research Information System;
  3. the University’s approved Electronic Document Records Management System; or
  4. cloud data storage services - These services are becoming increasingly available; however, there are issues of concern relating to security, reliability and data ownership. In relation to data ownership, a service may advertise as being in a specific country but the reality is that data may be stored anywhere in the world which creates the problem of data ownership and privacy laws and protection in those countries. If researchers are considering using these services, the End User License Agreement needs to be read carefully and understood.

(45) Portable media such as external hard drives, CDs, DVDs, and USB devices are not suitable for long term storage of primary materials, research data and records as they can be easily misplaced or corrupted due to damage.

Data access, safety, and security

(46) Researchers will take all reasonable steps to ensure that research data subject to legislative or security requirements are managed appropriately to mitigate any risks to the University, the research team, and any human participants involved in the research. Researchers will also take all reasonable steps to ensure that such data are not vulnerable to unauthorised access and stored securely.

Data management

(47) Research information needs to be created or captured in a manner that ensures its integrity, quality and security. It is the responsibility of the researcher creating, collecting and reporting on research information and datasets to include any information unique to the data (i.e. metadata) that will assist in searching, verification and provenance.

(48) Unless otherwise required by legislation, contractual obligations, or cultural property considerations research metadata will be made publicly available.

(49) Data documentation explains how data was created or digitised, what data means, what its content and structure is, and any manipulations that may have taken place. This ensures that data can be understood during research projects, that researchers continue to understand data in the longer term and that re-users of data are able to interpret the data. Good documentation is also vital for successful data preservation.

(50) Metadata is typically used for resource discovery, providing searchable information that helps users to find existing data, as a bibliographic record for citation, or for online data browsing.

(51) Researchers and research administrators must plan and record a process for recording data in the Research Data Management Plan before data collection begins. This will make data documentation easier and reduce the likelihood that aspects of the data are forgotten later in the research project.

Data destruction

(52) Researchers must establish data ownership and destruction requirements, including methods, timelines and decision-making processes in the planning stage of the project. Projects using third-party data must be established and provide a process for individuals (or groups) to exit. These must be documented in each researcher’s Research Data Management Plan, and stored with other project documentation such as initial agreements on the use of the data.

(53) Researchers who leave the University during the retention period of data and materials for which they are responsible and to which they have intellectual property rights, unless otherwise specified by contract, may transfer a copy of the materials or data to a new secure storage location for their own use.

(54) The destruction of primary materials, research data and records must be planned and deliberate and may only be destroyed according to the University’s Retention & Disposal Schedule - Research Management, and Commonwealth and Northern Territory Government legislation. Appropriate disposal mechanisms, such as using a professional data erasing service to remove data on hard disk drives, must be used to prevent unauthorised re-use.

(55) Research data that is scheduled to be destroyed must be reviewed and authorised for destruction by the data owner, where the data is not owned by the University or the relevant Senior Manager (or delegate) responsible for managing the data. Data must not be destroyed without written authorisation and documentation of the data and the destruction processes used.

(56) The reviewer of the data must confirm that the data is not:

  1. of archival value and does not need to be permanently retained;
  2. required to carry out the business of a Faculty, Institute, or Centre; and
  3. subject to any open research enquiries, outstanding legal or ethical requirements, challenges of the research results or allegations, including suspected allegations, of research misconduct.

(57) In the event of research being challenged or of an allegation or suspected allegation of research misconduct, all research data must be retained until the matter is resolved.

Access and re-use

(58) Appropriate access to research data should be considered within the Research Data Management Plan.

(59) Research data where permitted must be made available under open access licence (such as a Creative Commons licence) or by negotiated or controlled access through a system of permissions and authentication in accordance with any legal, contractual or ethical requirements.

(60) Research data from publicly funded research projects such as by the ARC or the NHMRC must be placed into an institutional repository managed by Library Services, within six months of publication.

(61) When using, re-using or sharing research data researchers must comply with the University copyright and intellectual property policies, confidentiality and licence agreements and ethical requirements, and include cultural property considerations. Where appropriate, the dataset should be cited in the same way as researchers routinely provide bibliographic references. Citation of datasets promotes recognition of the value as research outputs as well as greater re-use.

(62) Research datasets must be made available via open access or controlled access with research partners, collaborators or requestors, for re-use by other researchers, unless a case based on specific and valid reasons is made for not doing so.

Research Data Australia

(63) Unless otherwise consented, notice of the existence, location and relevant contacts for all publicly funded University datasets, collected and managed by both students and staff members, must be made available nationally and internationally via the Australian Research Data Commons and Research Data Australia.

(64) Library Services will gather information regarding the researcher from the researcher and/or the researcher’s Faculty, Research Institute or Centre and facilitate the import of this information into Research Data Australia.

Top of Page

Section 5 - Non-Compliance

(65) Non-compliance with Governance Documents is considered a breach of the Code of Conduct – Staff or the Code of Conduct – Students, as applicable, and is treated seriously by the University. Reports of concerns about non-compliance will be managed in accordance with the applicable disciplinary procedures outlined in the Charles Darwin University and Union Enterprise Agreement 2022 and the Code of Conduct – Students.

(66) Complaints may be raised in accordance with the Code of Conduct – Staff and Code of Conduct - Students.

(67) All staff members have an individual responsibility to raise any suspicion, allegation or report of fraud or corruption in accordance with the Fraud and Corruption Control Policy and Whistleblower Reporting (Improper Conduct) Procedure.

(68) Failure to adhere to these procedures, the Responsible Conduct of Research Policy and the Australian Code for the Responsible Conduct of Research, 2018 is a serious matter that may be grounds for disciplinary action. The University’s Responsible Conduct of Research Procedure outlines how to make, receive and report allegations and complaints about suspected research breaches or misconduct.