Data Management and Sharing Policy

Institute of Applied Artificial Intelligence and Robotics (IAAIR)
Last updated: 06/17/2025

1. Purpose

This policy defines the principles, responsibilities, and practices for managing, storing, and sharing research data at the Institute of Applied Artificial Intelligence and Robotics (IAAIR). It ensures that all data collected, generated, or used in IAAIR-affiliated research is handled in a manner that promotes transparency, reproducibility, compliance, and ethical responsibility.

Effective data management enhances research quality, protects sensitive information, and enables meaningful data sharing with collaborators, funders, and the broader public.

2. Scope

This policy applies to all individuals conducting research at or on behalf of IAAIR, including:

  • Faculty, researchers, and postdocs

  • Research fellows, interns, and students

  • Engineers, data scientists, and lab technicians

  • Contractors, consultants, and external collaborators

It applies to all forms of research data, including:

  • Quantitative and qualitative data

  • Experimental and observational datasets

  • Model training and output data

  • Survey results and interview transcripts

  • Code, scripts, and configurations

  • Metadata and documentation

3. Core Principles

IAAIR’s approach to data management is based on the following principles:

3.1 Integrity

Data must be collected, stored, and analyzed in a manner that maintains its accuracy, completeness, and authenticity.

3.2 Accessibility

Data should be made available to others whenever possible, in alignment with open science practices and funder mandates, while respecting privacy and confidentiality.

3.3 Security

Sensitive or proprietary data must be stored and transmitted securely, in compliance with institutional, legal, and ethical requirements.

3.4 Compliance

All data-related activities must adhere to applicable laws, including but not limited to:

  • General Data Protection Regulation (GDPR)

  • Health Insurance Portability and Accountability Act (HIPAA)

  • U.S. federal and state data protection regulations

  • Contractual and grant-specific data requirements

4. Data Management Plans (DMPs)

All research projects must develop a Data Management Plan (DMP) during the planning phase, especially when:

  • Required by a funding agency

  • Involving human subjects or sensitive information

  • Anticipating publication, licensing, or third-party data sharing

The DMP must address:

  • Types of data to be collected or created

  • Data formats and standards

  • Storage, backup, and retention procedures

  • Plans for access, sharing, and reuse

  • Metadata and documentation standards

  • Roles and responsibilities within the research team

DMPs should be submitted to the Office of Research Data and Infrastructure and updated as the project evolves.

5. Data Storage and Security

All research data must be stored in approved, secure environments, such as:

  • Institutional servers or cloud-based research drives

  • Encrypted local storage (only when permitted)

  • Secure collaboration platforms with access controls

Backup procedures must follow IAAIR’s disaster recovery and data protection protocols. Access to sensitive data must be limited to authorized personnel, with audit trails and usage logs where applicable.

Researchers working with high-risk data (e.g., health, biometric, or geolocation data) must consult the Data Privacy and Compliance Team prior to collection.

6. Data Sharing and Access

IAAIR encourages the open sharing of research data whenever possible to support reproducibility, transparency, and societal benefit. However, sharing must not compromise:

  • Personal privacy

  • Participant consent

  • Intellectual property rights

  • National security or contractual obligations

Data should be shared through recognized repositories (e.g., Zenodo, OSF, Dryad) with appropriate licensing (e.g., CC-BY, CC0) and documentation. When data sharing is not feasible, researchers must provide a justification in the final publication or technical report.

All shared data must be accompanied by:

  • A clear data dictionary or schema

  • Description of collection methods

  • Citation instructions

  • Any access restrictions or embargo terms

7. Retention and Archiving

Research data must be retained for a minimum of five years after project completion or final publication, unless a funder or institutional policy specifies otherwise.

Data eligible for archiving should be deposited into the IAAIR Institutional Research Repository or another long-term storage solution managed by the Data Infrastructure Team.

In cases involving minors, clinical data, or regulatory filings, retention may be extended per applicable guidelines.

8. Ethical and Legal Considerations

Before collecting or using data, researchers must ensure:

  • Informed consent is obtained from participants (if applicable)

  • Ethics committee or IRB approval has been secured

  • Usage complies with license terms, data-sharing agreements, and attribution requirements

  • Sensitive or personally identifiable data is de-identified or anonymized when shared

Researchers must not use datasets obtained from questionable or unauthorized sources.

9. Data Ownership and Licensing

Unless otherwise defined by a funding agreement or partnership contract, research data generated by IAAIR staff using IAAIR resources is considered institutional property.

Licensing terms must be approved by the Legal and Innovation Office and align with IAAIR’s commitment to ethical and responsible data use. Open data is encouraged, but sensitive data may require restricted or conditional licenses.

10. Training and Responsibilities

All IAAIR-affiliated researchers must complete annual training on:

  • Data ethics and integrity

  • Secure data handling

  • FAIR (Findable, Accessible, Interoperable, Reusable) data principles

  • Data privacy and compliance

Principal investigators (PIs) are responsible for ensuring their teams comply with this policy. Data stewards or project managers may be appointed to oversee implementation at the project level.

11. Noncompliance and Breaches

Failure to adhere to this policy may result in:

  • Suspension of research approvals or funding

  • Removal of access to institutional storage or infrastructure

  • Retraction of publications or public statements

  • Disciplinary action, including possible termination

  • Notification to external funders or regulatory authorities

In cases of data breach, theft, or accidental exposure, the Data Incident Response Team must be notified within 24 hours.

12. Contact and Support

For guidance, reviews, or DMP consultations, please contact:

Office of Research Data and Infrastructure
📧 hello@iaair.ai