Services like Dropbox and Google Drive can be very useful for researchers conducting research across institutions to share their files and work on projects together. They are easy to use, are low cost, or even free but some of the security aspects are overlooked. Some people keep their whole lives on one or another of these services.
I've written before about the practical pitfalls of using the free services for collaborative projects (2GB+2GB does not equal 4GB but 2GB). Sharing your dropbox with others is more like moving extra people into your house rather than building extension.
Researchers working for universities and other institutions make strong commitments to participants about the security of their data, but we rarely stop to think about the security of the data we use. Electronic data security is much more complex than the days of locking up the data in a secure filing cabinet. There are obvious advantages of electronic data shortage, mostly notably that the data is unlikely to be wiped out by an catastrophic event such as a fire.
A few months ago I ran a session with a few colleagues on data security. I'm not a data security expert, but I know that security is important and the consequences of a breach can be serious. In my session I asked my colleagues to look on the internet and find out the answers to each of these questions about a cloud storage service or any other service which relies on large amount of your data.
All you have to do for this activity is allocate each person or group a service: For example one group could look at Dropbox, another at Google Drive etc. and then answer the questions about each one. As well as cloud services we also looked at services such as the questionnaire service surveymonkey and Wordle, a service which produces pretty word frequency pictures.
These are my questions if you wish to use them yourself (no special expertise required).
Why might you choose this program/service?
Where (geographical location) is your data actually saved?
How/ how often is the data backed up?
Under what legal jurisdiction is your data held?
What are the risks of using this program/ service to maintain data?
What steps can be taken to mitigate these risks?
What are the risks of using this program/ service to participants in our research?
Are there different risks for a free service compared to a paid service from the same provider?
How easy was it to find the answers to these questions?
Any other comments or questions?
Websites you can look at include:
Other stuff: Wordle
No solution is going to be perfect on all counts, but knowledge about the various services is surely an ethicalnecessity as much as it is a practical problem.
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.