This guide is an overview of tools available at NTNU for collection of data, focused on collection of personal data, sound and video recordings. The overview will help you make correct choices for managing data in your research or student project.

This data collection guide is an updated overview, showing the digital tools for data collection that are approved by NTNU, for what purposes these can be used, and information on how to start using them. Additionally, this data collection guide and the storage guide have information that is relevant for setting up a data management plan for your project.

Norsk versjon: Datainnsamling

Information security and classification

The NTNU guidelines state that information must be classified in order to determine the value and identify the need for security and protection. As the one collecting and managing data, you are responsible for being familiar with or evaluating the level of information security of the data.

Read more about:

• Classification of information (Norwegian)
• Classification of files and documents
• Collection of personal data for research projects

Classification of personal data

Research data is usually classified as internal (yellow) or confidential (red), and this also applies to research data containing personal data. Personal data is information and assessments that can be related to individual persons, either directly or indirectly. Examples include names, ID-numbers, e-mail, IP-addresses, photos, videos, interview recordings and transcribed interviews.

Some types of personal information are known as special categories of personal data (often called sensitive data). These types of data require additional protection and will usually fall in the confidential category. The same apples to data regarding criminal offenses or information about vulnerable groups or vulnerable situations.

How to collect sound and image digitally

To ensure that you collect data in a safe and responsible way, we recommend that you follow the steps described below.

Step 1 – Assess level of information security and approvals

When you collect and process personal data several things must be in place before you can start the collection. All the following bullet points must be addressed before the collection starts!

• Reuse: Do I really need to collect new data, or could I reuse existing data collected by someone else? Read more about searching for data.
• Data minimation: What data do I actually need to conduct the project? Do I need to record sound and/or image? Remember the principle of data minimation. Read more (Norwegian).
• Classification: You have to be confident whether the data you are collecting are public, internal or confidential data.
  NB! If you consider that you might be processing highly confidential data, this should not be done digitally without a special review. Contact Digital Security (NTNU SOC) for further guidance.
• Notification: Should NSD be notified about the project? Most likely: Yes. Read more and notify here.
• Notification about changes: For projects where NSD already has been notified, but the data collection method will be changed, you should notify NSD about the alterations. Use the message dialogue in the existing project on the NSD web page.

Step 2 – Choice of tools for collecting personal data

Students and employees have access to different tools, and you should follow the recommendations below to choose the appropriate tool for you projects and method of collecting data. As a rule, private equipment should not be used to collect and store personal data. There are however specific expections, like installation of the Nettskjema-Dictaphone app on your private mobile phone, or use of an external dictaphone with routines for transfer and deletion of files.

The NTNU recommendation is that you should not use tools that are not found in the tables below. Tools like Facetime, Google hangout, Skype (private), Messenger, Snapchat or similar must not be used to collect data in affiliation with NTNU. NTNU does not have a data processor agreement with Google, and this means that researchers and students at NTNU can not use software and tools from Google when collecting personal data.

See the comments below the tables for additional information.

Interview with recording of sound and/or video

(X) UiO has previously reported technical unstability related to storage of the recordings. We therefore recommend that you do atest recording, and check after each recording to make sure that is is saved.

(1) You can use the integrated record function, but you have to make sure that the recorded file is stored and processed according to the relevant guidelines. See also the Data Storage Guide.

(2) The Dictaphone app has to be set up to collect and store data directly in TSD (Services for sensitive data).

(3) Requires good procedures for transfer of recordings to secure storage and deletion of files from the dictaphone.

(4) A complete classification of information security has not been completed, contact the Digital Security Section.

Survey tools

For collection of data with digital surveys for research and student projects, the tool Nettskjema is recommended. For collection of confidential (data), Nettskjema must be set up to collect and store data directly in TSD. UiO provides user guides for Nettskjema, and Research Data @NTNU can also offer advice, guidance and help.

Additional information

• Sound recordings with confidential information (red data): You can conduct an interview by telephone, Teams, Zoom or Skype and record the conversation with an external recorder/dictaphone. The file has to be transferred to secure storage for further processing. Alternatively you can use the Nettskjema-dictaphone app with transfer and storage directly in TSD.
• Video recordings with confidential information (red data): At the moment NTNU does not offer any digital tools that fulfil the requirements for information security when recording videos that contains confidential information. Digital security is currently reviewing which tools and procedures can be used and these will be announced when ready.

Step 3 – Protect and transfer data to storage location for further use

After you have collected your data, you have to make sure that you store and protect them. You can use the Storage guide to find the correct storage solution for your data. Remember:

• Can you collect data directly to the storage location you are using? If data has to be transferred from one storage location to another, this has to be done in a safe and secure manner, see more information on the Norwegian page Sikker sending og mottak av filer og dokumenter. Confidential data must be encrypted prior to transfer. Read more about encryption.
• Delete copies of collected data. If you use the storage solutions provided by NTNU, these in general have automatic backup, and you do not need to make your own copies. The Storage guide has updated information about backup services.

Step 4 – Completing the processing of personal data

When you are done with the processing, personal data (i.e., data that could identify a specific person) should as a rule be deleted. Anonymized data should be archived or published, and there are separate guidelines for how this is done. See Research Data Repository wiki for more information.

See also

• Research data support topic page
• Data storage and collaboration guide

Contact

Contact research-data@ntnu.no if you have questions regarding the data collection guide or suggestions for how the guide could be further improved.