scRNAseq of colonic organoids derived from biopsies taken from healthy human individuals treated with IL22

Policy for Research Data Management at the University of Copenhagen.

UNIVERSITY OF COPENHAGEN 1. Preface 1.1 Introduction Research data management is a collective term for the planning, collection, storage, sharing and preservation of research data, and it therefore covers the entire research data lifecycle (Figure 1). Good management of research data contributes to improved efficiency and transparency of research processes, and to increased reliability and reproducibility of research results. Thorough planning can ensure compliance with legislation, promote a clear division of responsibilities between collaborators, and safeguard secure storage and handling of data to prevent loss or misuse. For the individual researcher, good data management can lead to improved visibility and impact of their research, for example by facilitating the reuse of their data sets by others. 1.2 Purpose The policy’s objective is to outline requirements for the management of research data, and enable researchers and students to follow good scientific practice within their discipline, while adhering to laws covering research data management. The University of Copenhagen (UCPH) is committed to the highest standards of excellence in research and will support the competences necessary to adhere to this policy through training, support, advice, guidelines, tools and templates for research data management, where appropriate. 1.3 Scope 1.3.1 This policy is relevant to anyone conducting or supporting research activities at the University of Copenhagen. Among others, this includes scientific staff, PhD students, visiting and affiliate researchers, collectively referred to as researchers. It includes research support staff, such as laboratory technicians and data managers, when they manage research data as part of research projects at UCPH. Lastly, it includes students in the following situations: 1) when they carry out their own research projects as part of their Bachelor’s or Master’s degree programmes and 2) when they contribute to research projects at UCPH, for example in the role of project member or employed student assistant. 1.3.2 The policy covers physical material and digital data collected, observed, generated, created or reused as part of research activities conducted at UCPH, collectively referred to as Policy for Research Data Management Figure 1. An illustration of a research data lifecycle UCPH Policy for Research Data Management V1 2022 2 research data in this policy unless specifically stated otherwise. This includes any physical material and digital data that form the basis of the research, such as specimens, notebooks, interviews, texts and literature, digital raw data, recordings and computer code, as well as the detailed records of these materials and data that comprise the basis for the analysis underlying the results. This policy applies to all research data collected, observed, generated, created or reused after 11 January 2022 (the publication date of this policy). It does not cover data collected and used solely for teaching activities1. 1.3.3 The policy adheres to the relevant legislation and follows the Danish Code of Conduct for Research Integrity, the UCPH Code of Conduct for Responsible Research as well as other university policies, such as the Information Security Policy and the Policy on Research Planning and Conduct. 1.3.4 In relation to the specific research area and the individual research project, it must be assessed whether and to what extent the data management policy, or parts of the policy, are relevant. 1.4 Faculty implementation The faculties (deans) are responsible for the implementation of this policy at the faculties. Deans must ensure that a plan and a timeline for the implementation of this policy are developed at their faculty (also see 3.5). Where necessary, faculties, departments, research groups, PhD schools, etc. may introduce more specific requirements, procedures and guidelines for the implementation of the policy according to local practice. 2. Principles 2.1 Data management plans 2.1.1 The management of research data must be thoroughly considered before physical materials and digital data are collected, observed, generated, created or reused. Data management plans (DMP) must be developed and documented, preferably in electronic format. As a minimum, the topics addressed in this policy (clauses 2.2-2.7) must be reviewed, for example by using the DMP template provided at UCPH. DMPs should be updated when significant changes to the management of research data occur and (references to) the DMP should be stored with the corresponding research data as long as they exist. 2.1.2 The DMP should be discussed with project collaborators, research managers and supervisors (if any), ensuring that agreements are reached regarding responsibilities for different research data management activities during and after research projects. 2.2 Rights to research data 2.2.1 Rights to research data must be clarified at the start of research projects. Unless legislation states otherwise, or agreements have been made to determine otherwise, the following is the default at UCPH: 1 In this policy, the data collected as part of projects carried out during Bachelor’s and Master’s degree programmes, where students address a research question under supervision, are considered research data and are thus governed by this policy. Likewise, the policy applies to data sets that were produced in a research project and are reused for teaching. UCPH Policy for Research Data Management V1 2022 3 a. In accordance with the general rules of copyright during employment, researchers hold the copyright to books and articles they publish as a result of research projects carried out at UCPH. b. UCPH holds the copyright to software created by employees during the performance of their work. c. UCPH holds the rights to research data in the shape of physical objects collected by researchers during their employment at UCPH, such as biological and geological samples, notebooks, paper interviews and books. These objects may not be removed without permission. d. A copy of digital data sets and associated metadata must remain at UCPH when employment ceases. As a minimum, this applies to data sets underlying publications. e. In accordance with the Danish Act on Inventions at Public Research Institutions, UCPH has the right to acquire researchers’ inventions and to ask researchers to postpone publication of such inventions for a short time period. In addition, the following should be clarified: f. To what extent research data can be accessed in the project. For example, in projects involving personal data, it must be clarified to what extent rules of data confidentiality impose limits on data access, and how these limits will be upheld. g. Who can access and manage the research data, and within which timeframe. h. When and to what extent research data may be used for other purposes, for example in other research projects. It should be determined what rules apply if a project member leaves the project and/or UCPH. i. Whether research data can be shared after project end, and if so, what the terms of data reuse by others will be. j. Intellectual property rights, including whether the research project makes use of material that interferes with the rights of others, and how the necessary approvals should be obtained to clear these rights. k. The legislation, policies or agreements governing the above, including whether there are special loyalty or confidentiality obligations. l. Any research data management requirements by research funders, partner organisations, etc. 2.2.2 The University’s Tech Transfer Office must be involved as early as possible in the negotiation of all third-party contracts containing provisions on intellectual property rights, such as non-disclosure agreements, material transfer agreements and collaboration agreements. Patentable inventions must be reported to the Tech Transfer Office in accordance with the Act on Inventions at Public Research Institutions. 2.3 Ethical and legal approvals 2.3.1 It should be ensured that the appropriate ethical and legal approvals are obtained before the start of a project, and (references to) the approvals should be stored along with the research data, as long as they exist. 2.3.2 Strict legal and local requirements exist for projects involving personal data. Among others, projects in which personal data are being processed (including biobanks) must be registered at UCPH, and approvals to process personal data must as a minimum be filed in the University’s archiving system. Conditions for transfer of personal data and material between UCPH and external collaborators or a third party must be captured into agreements. UCPH Policy for Research Data Management V1 2022 4 2.4 Collection, processing and documentation 2.4.1 Research data should be collected and processed in line with best practice in the research discipline. Research projects should be documented in a way that allows them to be repeated by others. Among other things, this includes clearly and accurately describing project methodology and any equipment, software or code used. 2.4.2 Research data should be described using appropriate metadata to facilitate searching for, the identification of, and the interpretation of the research data. Metadata should be linked to the research data as long as they exist, unless legislation or agreements state otherwise. 2.5 Storage and security 2.5.1 Research data must be classified at the start of a research project on the basis of the level of sensitivity and the impact to the University if data are disclosed, altered or destroyed without authorisation. Risks to data security and of data loss should be assessed in relation to the data classification. This includes evaluating: a. Physical and digital access to research data b. Risks associated with data management procedures c. Backup requirements and backup procedures d. External and internal threats to data confidentiality, integrity and accessibility e. Financial, regulatory and technical consequences of working with data, data storage and data preservation. 2.5.2 Risks to data subjects’ rights and freedom must be assessed in projects involving personal data and a risk assessment must be conducted and recorded when registering projects at UCPH. In some cases with a high risk for the data subjects, a Data Protection Impact Assessment (DPIA) must also be carried out as part of the registration process. 2.5.3 Infrastructure for storing and processing research data, and for collaborating in research projects, must be chosen in accordance with the identified risks, and in compliance with UCPH’s Information Security Policy and the legal requirements for processing personal data. 2.6 Data sharing 2.6.1 Legislation or agreements may preclude research data sharing or impose conditions for sharing. Before sharing research data, the relevant approvals need to be obtained and, if necessary, the appropriate agreements set up to allow data and material sharing. 2.6.2 By default, research data should be made openly available after project end, as a minimum for data sets underlying research publications. Concerns relating to intellectual property rights, personal data protection, information security as well as commercial and national interests and legislation must be taken into account in accordance with the principle of ‘as open as possible, as closed as necessary’. If the research data cannot be made available, sharing the metadata associated with the research data should be considered. 2.6.3 The FAIR principles (for findable, accessible, interoperable and reusable research objects) should be followed as much as possible when preparing digital data sets that can be shared. This includes as a minimum: a. Providing open access to data (Open Data) by depositing data in a data repository, or by providing access to information on whether, when, how, and to what extent data can be accessed if data sets cannot be made openly available. b. As much as possible using persistent identifiers (PID) and metadata (such as descriptive keywords) that help locate the data set. UCPH Policy for Research Data Management V1 2022 5 c. Communicating terms and conditions for data reuse by others, for example by attaching a data licence. d. Providing the information necessary to understand how data sets were created and structured, and for what purpose. The level of compliance with the FAIR principles, in addition to the minimum requirements described above, is defined by the individual research discipline in relation to international norms and standards in that discipline. 2.7 Long term preservation 2.7.1 Appropriate arrangements for the long-term preservation of digital data, physical material and associated metadata must be made, adhering to legislation and/or agreements. This should include: a. Deciding which research data will be preserved. As a minimum, data sets underlying published research results must be preserved so that any objections or criticisms can be addressed. b. Deciding how long research data will be preserved. Data sets underlying research publications should be retained for at least five years after project completion or date of publication, whichever comes last. c. Choosing a format and location in which research data should be preserved, and deciding what metadata should be associated with the preserved data and material. d. Deleting/destructing research data if legislation or agreements exclude preservation, or when researchers and their managers determine that preservation is not required (for example when research data can easily be reproduced) or not possible (for example when research data are too costly to store or when material quality will deteriorate over time). e. Assigning a person, persons or role(s) responsible for the research data after project end. Responsibilities include safeguarding the long-term integrity of data sets. f. Determining rights, for example, of access to and use of preserved data sets. 2.7.2 A copy of data sets and associated metadata must remain at UCPH after project end and/or when employment with the University ceases, in a way in which they are accessible to research managers and understandable for research managers and peers, unless legislation or agreements determine otherwise. As a minimum, this applies to data sets underlying publications. Responsibilities for and rights to these data sets must be agreed upon. 2.7.3 Digital research data sets must be registered at project end if the research falls within the scope of the Executive Order on the Registration of Digital Research Data created by State Authorities, so that the Danish National Archives can assess the data sets’ potential for longterm preservation. The National Archives may subsequently request a copy of the data to be transferred to the archives. Data in these projects can only be destructed if the National Archives issue a disposal provision after their assessment. 2.7.4 Personal data can only be preserved a. if anonymised b. at the Danish National Archives c. when there is a legal basis for the long term preservation of personal data in a secure database, biobank or other collection for research purposes. 2.7.5 A plan for research data preservation and/or destruction must be developed, in alignment with legislation, (local) guidelines and agreements (if any), and the continued need for preservation should be reviewed on a regular basis. UCPH Policy for Research Data Management V1 2022 6 3. Roles and Responsibilities UCPH acknowledges the importance of ensuring that all research data are well managed, so that they are secure, accessible and reusable where appropriate, and so that ethical, confidentiality, privacy and data protection requirements are respected. This responsibility is shared between various parties. 3.1 Students Students are responsible for: a. Adhering to this policy in the following situations: 1) when they carry out their own research projects during their Bachelor’s or Master’s degree programme and 2) when they contribute to research projects at UCPH, for example in the role of project member or employed student assistant. It is the responsibility of supervisors to support students in adhering to the policy (3.4). 3.2 Research support staff Research support staff are responsible for: a. Adhering to this policy when they manage research data as part of a research project at UCPH. 3.3 Researchers Researchers are defined as anyone conducting or supporting research activities at the University of Copenhagen, among others including scientific staff, PhD students, visiting and affiliate researchers. Researchers are responsible for: a. Adhering to this policy and other UCPH policies. b. Ensuring that expectations for the management of research data are aligned between themselves and their research managers, supervisors and collaborators (if any). c. Ensuring that research data are managed in line with best practice in their field, and in accordance with legislation, policies and agreements. d. Ensuring that research data are managed in accordance with any legislation, policies and agreements applicable to, and with the security requirements necessary for, that data when they reuse research data in teaching. For personal data, this must include obtaining informed consent from data subjects, when research data are reused for teaching purposes1. e. Considering the appropriate allocation of resources for research data management in funding proposals and recovering the costs for the management and sharing of research data from research funders when possible. 3.4 Supervisors Supervisors are defined as experienced researchers who provide guidance to less experienced researchers or students. Supervisors are responsible for: 1 Anonymized and aggregated data are not considered personal data. Therefore, no informed consent is required when anonymized and aggregated data are reused for teaching purposes. UCPH Policy for Research Data Management V1 2022 7 a. Ensuring that the researchers and students under their supervision are aware of the legislation, policies and agreements relevant for their research, including this policy and other UCPH policies. b. Ensuring that researchers and students obtain the necessary knowledge to enable good management of research data, through supervision and/or mentoring. c. Reviewing the data management activities of the students and researchers they supervise, among other things by discussing their data management plan at the start of research projects. 3.5 Research managers For the purpose of this policy, a research manager is defined as a researcher who is the lead researcher on a research project (principal investigator), and/or heads a research unit, and/or by delegation has been given similar responsibilities. Research managers are responsible for: a. Ensuring that all members in the projects or the research units that they lead, are aware of the legislation, policies and agreements relevant for their research, including this policy and other UCPH policies. b. Ensuring that conclusions regarding rights to research data are in line with university policy, local guidelines, as well as with legal, ethical and contractual obligations, and for identifying when conclusions need to be captured into written agreements. c. Ensuring that projects in which personal data are being processed (including biobanks) are registered at UCPH, and that conditions for transfer of personal data and/or human biological material between UCPH and research collaborators or third parties are captured into agreements. d. Ensuring that data are classified at the start of research projects, that risks to data confidentiality, integrity and accessibility are assessed, and that infrastructure is chosen accordingly. 3.6 Deans (and/or Department Heads) The deans, possibly through delegation to the heads of departments or centres, are responsible for: a. Ensuring that a plan and a timeline for the implementation of this policy are developed at their faculty. b. Further clarifying the roles and responsibilities for research data management at their faculties. c. Ensuring that discipline and/or data type specific guidelines and procedures to supplement this policy are developed where necessary. As a minimum, local guidelines for the long-term preservation of digital data and physical material should be developed. d. Ensuring that researchers, supervisors and research managers are aware of the costs and legal obligations associated with research data management as well as of possible consequences in case of security and confidentiality breaches and data loss, particularly for projects involving confidential data, including personal data and human biological material. e. Ensuring that researchers, research support staff, supervisors, and research managers have access to the necessary knowledge about research data management where necessary. f. Providing cost-efficient infrastructure and support necessary to enable good research data management within the available resources, and to facilitate adherence to this policy, seeking collaboration with other faculties and the central administration where relevant. UCPH Policy for Research Data Management V1 2022 8 3.7 Rector The Rector is responsible for: a. Ensuring that the infrastructure necessary to enable good research data management and to facilitate adherence to this policy is available at UCPH. b. Ensuring that guidelines on, and support in, research data management are available at UCPH. c. Ensuring that relevant training opportunities are offered. d. Ensuring that sufficient expertise and resources are available at UCPH for legal counselling related to research data management and to the negotiation of contracts. e. Ensuring that data management expenses are reasonable in relation to the aims of the data management policy and the University’s legal obligations, and that funds are available on all levels of the organisation to realise these aims. 4. Policy process and contact information The policy has been prepared at the request of the Rector and the UCPH steering group for information security. It was approved by the Rector on 11 January 2022, and replaces the 2014 University of Copenhagen policy on research data. Questions about this policy can be directed to datamanagement@ku.dk. Information about the topics addressed in this policy and contact details for research data management support can be found on the research data management pages on the Research Portal (KUnet). UCPH Policy for Research Data Management V1 2022 9 Appendix 1: Definitions Affiliate researcher A researcher not paid by the University, but engaged by the University or a research group to perform duties or functions. Biobank A structured collection of human biological material accessible according to certain criteria, and where the information bound in the biological material can be attributed to individuals. According to Danish legal practice, biobanks are regarded as manual registers and as such are included in the EU- and Danish data protection legislation. Copyright A legal right giving the creator the exclusive rights to control their work, for example to make copies of the work or to publish, distribute, reproduce, modify, adapt, transform, publicly display and perform the work. In order to obtain copyright protection, the work must be original and in a fixed form. Examples of research outputs that can be protected by copyright: • Writings and texts such as articles, monographs, contribution to books and anthologies • Images and visuals such as figures, graphs, diagrams, drawings, photographs, maps, PowerPoint presentations, software, movies • Audio and sound such as music, recordings of interviews, sound recordings Confidential data Information that by law or by contract must be protected from unauthorized access, use, disclosure, modification or destruction. This includes personal data, confidential business information and classified information. Data classification Ordering data types according to the consequence it would have for the University and the researcher if these data were lost or compromised. Data classification is the first step in making a risk assessment and determining appropriate security measures to safeguard data. Data licence A legal instrument that communicates the terms and conditions for the reuse of data by others. Examples are Creative Commons licences, or Open Source Software licences. Data Management Plan (DMP) A plan that is typically drafted at project start and that describes the actions to be taken in order to collect, process, store, secure, share, preserve, and possibly reuse, research data in a research project. DMPs are good tools to align expectations between researchers and are increasingly required by funders and institutions. Researchers can draft their own plan or use existing templates, such as those provided by their research funder or institution. Data set A structured collection of research data. FAIR principles A set of guiding principles to make research data findable, accessible, interoperable and reusable (Wilkinson et al., 2016, DOI:10.1038/sdata.2016.18). Researchers must follow the FAIR principles for data to be shared with others within the framework of their research disciplines (‘as FAIR as possible’). This will help maximise data reuse across technical, geographical and disciplinary boundaries, facilitate collaborative research and positively influence research impact. UCPH Policy for Research Data Management V1 2022 10 • F for Findable implies providing searchable evidence that a data set exists, even if the data set is not openly accessible. • A for Accessible means giving information on how access can be given to data sets that can be shared through open access repositories or other methods. • I for Interoperable implies as far as possible using common standards and/or vocabularies for file formats, metadata and data documentation, so that others can open the data sets, work with them, and combine data from similar projects. • R for Reusable means providing the necessary information to allow the context in which a data set was produced to be understood, as well as to communicate terms for its reuse. Intellectual Property Rights Legal rights existing or granted with the intention of safeguarding creations of the intellect. Among other things, this includes copyright, patent rights, design rights and trademark rights. Metadata Information describing the attributes of an item or data set, which enables identification, retrieval and management of that item or data set in the future, for example sample name, units of measure, dates, contact information, etc. Metadata can take many forms, from free text to structured machinereadable content. Some disciplines or data repositories may have specific requirements for the format and content of metadata, possibly using a formal standard. Open Access Free, unrestricted online access to research outputs such as journal articles, books and data sets. In this policy, Open Access refers to data sets only (Open Data). Open Data Data sets that can be freely used, re-used and redistributed by anyone. Open Data are typically deposited in online data repositories where they can be accessed without restrictions on reuse, possibly subject only to requirements to attribute (cite/provide credit to the data set creators) or share alike. Persistent identifier (PID) A long-lasting reference to a document, file, web page, or other object. In the context of FAIR data, a persistent identifier is an unbreakable and actionable link associated with a digital object on the internet. Examples of persistent identifiers are Digital Object Identifiers (DOIs) typically used for journal articles and data sets, and Open Researcher and Contributor IDs (ORCIDs) to identify authors of scholarly work. Personal data Data relating to persons, who can be identified directly or indirectly using those data. Examples are images, names or references to CPR numbers or economic, social, cultural, physical, physiological or mental characteristics. Principal investigator The lead researcher on a research project. Project members Researchers and students who contribute to the research conducted in a project. Researcher Anyone conducting or supporting research activities at the University of Copenhagen, among others including scientific staff, PhD students, visiting and affiliate researchers. UCPH Policy for Research Data Management V1 2022 11 Research data Physical material and digital data collected, observed, generated, created or reused as part of research activities conducted at UCPH. This includes any material and data that form the basis of the research, such as specimens, laboratory notebooks, interviews, texts and literature, digital raw data, audio/video recordings and computer code, as well as the detailed records of these materials and data that comprise the basis for the analysis underlying the results, such as clinical records, sequence data, spreadsheets, interview files etc. Research data management A collective term for the planning, collecting, processing, storing, securing, sharing and archiving of primary material and research data. Research manager For the purpose of this policy, a research manager is defined as a researcher who is the lead researcher on a research project (principal investigator) and/or heads a research unit and/or has been given similar responsibilities by delegation. Research project A project in which a researcher/student or a team of researchers/ students pursue answers to research questions by collecting information after which they analyse the information and draw conclusions from the processed information. Research results Conclusions made from research data. Risk assessment An analysis to assess risks to data confidentiality, integrity and accessibility. The risk assessment can be used to map which safety requirements must be complied with and which precautions must be taken to prevent breaches in confidentiality and loss of data (integrity). For personal data, a GDPR-risk assessment in particular assesses the risks to the rights and freedoms of data subjects. If the GDPR risk assessment reveals a high risk for the data subjects, a Data Processing Impact Assessment (DPIA) must also be concluded along with the GDPR-risk assessment. Supervisor An experienced researcher providing guidance to a less experienced researcher or student. Third party An individual, company or public body who is not employed at UCPH, and who has not entered into a collaboration agreement in which UCPH takes part. Visiting researchers A researcher employed by another institution or company, who visits UCPH for a limited amount of time. When visiting researchers carry out research projects and/or manage research data at UCPH, they must adhere to the UCPH policy for research data management as well as to any other University policies, legislation and agreements applicable to research at UCPH (for example legislation governing personal data).