Types of Risks Relevant to Research Data

Incidental exposure or loss of data may cause severe consequences on several fronts. Understanding and identifying the potential personal, environmental, commercial, institutional, or state security risks, classifying them, and responding by using adequate controls that mitigate these risks is fundamental to research data management as well as compliance. 

Security Protocols 

Where once security protocols related to research data involved securing data in a locked cabinet in the secured office of the researcher, data stored and transmitted in digital formats has created a much more challenging landscape for securing one’s research data. Once the security implications associated with a particular dataset have been identified and a risk classification assigned to reflect these security implications, UBC’s Advanced Research Computing team can help ensure that the storage and transmission infrastructure you use for your data are compliant with the above assessments. 

Security Risks 

Security risks from the mishandling of research data may impact participants or other data subjects, individual researchers and collaborators, their institution(s), and in some cases, the security of the state. UBC and its affiliated research ethics boards, the Research Security team, and the Advanced Research Computing team can help identify potential risks. 

Risks to Participants and Data Subjects 

Once any data or information is exposed—especially online—it is often impossible to fully retract. Even seemingly innocuous information can carry significant personal value and, if compromised, may lead to psychological distress, reputational damage, or financial loss. While physical harm is often top-of-mind, researchers must also account for these other, less visible but equally important, risks.  

Risks to Researchers and Collaborators 

Consider the nature of your research and whether any risks could expose members of your team to personal or professional consequences. Could the subject matter attract unwanted attention, harassment, or threats? Risk to individuals includes not only participants but also the researchers themselves, whose safety and wellbeing are integral to the ethical conduct of research. 

Furthermore, the risk of exposure or loss of data can prevent researchers or their partners from establishing intellectual property rights, thereby limiting the ability to commercialize the work and damaging relations. Even when there is not a commercial interest in the project, a data breach could harm the relationship between the researcher(s) and partners, limiting or preventing them from being able to collaborate on new work. 

Ethical Risks  

Considering ethical risks is essential to maintaining research integrity, ensuring compliance with ethical standards, and fostering responsible, respectful scholarship. The impact of research extends beyond the university—it can affect individuals, communities, and society at large. Recognizing these risks helps researchers make informed decisions that uphold trust and accountability. The UBC Office of Research Ethics supports researchers in identifying and addressing risks associated with human and animal research, ensuring that ethical considerations are embedded throughout the research lifecycle. 

Institutional Risk 

It’s easy to assume that certain research areas are not valuable enough to attract attention from malicious actors—but every project carries some level of risk to the institution itself. Regardless of discipline, an information security breach—whether accidental or malicious—can have far-reaching consequences, including:  

  • Reputational damage to individual researchers, collaborators, and the university;
  • Financial losses, including remediation costs, penalties, or loss of funding;  
  • Legal or regulatory consequences, such as litigation;  
  • Operational disruptions, including impacts on staffing, infrastructure, and continuity of research. 

National Security Risk 

In an increasingly competitive research ecosystem, certain research data and information can be highly valuable in the hands of those who might wish to harm Canada’s national security. 

Researchers should take care to ensure that research data is not transferred to or from unauthorized or illegal entities, including those subject to sanctions or listed on the Government of Canada’s list of Named Research Organizations

Data involving work in certain research areas, especially those on the Government of Canada’s list of Sensitive Technology Research Areas, or those involving critical minerals and infrastructure, may be at higher risk to be compromised by unwanted or unauthorized data transfer. Other kinds of data may be considered a controlled good and should be treated with additional safeguards to prevent it from falling into the wrong hands. 

Find Support   

 

Private-sector partners and risks in the context of national security

UBC Research Security 

Request a Consultation  

Research involving human subjects

UBC Office of Research Ethics  

Request a Consultation   

Research involving non-human (animal) subjects

UBC Animal Care and Use Program

Contact

Compliance with standards/requirements and identifying technical solutions

UBC Advanced Research Computing

Request A Consultation

Resources 

Planning Research with Security and Privacy in Mind: UBC ARC

A high-level approach to cybersecurity, privacy and compliance at every step of the research lifecycle.   

Information Security Compliance Checklist
UBC ARC  

Ensure your technical environment meets institutional requirements by completing the ARC Information Security Compliance Checklist.   

Security Threat Risk Assessment: UBC ARC  

Evaluate the security posture of your research environment, identify potential risks and ensure compliance is met by conducting a Security Threat Risk Assessment.   

UBC Privacy Matters  

Learn how to protect yourself, your colleagues and the institution from common cyberthreats, and learn best practices for security and privacy.   

UBC Office of the CIO  

Learn about UBC Information Security requirements such as data classification, device and storage protection, encryption, vulnerability management and more.   

  

 

UBC's RDM STRATEGY

Learn more

 

 

DATA MANAGEMENT PLANS

Learn more

 

 

WORKSHOPS & TRAINING 

Learn more

 

First Nations land acknowledegement

We acknowledge that UBC's two main campuses are located on the traditional, ancestral and unceded territories of the xwmə0– kwəyˇəm (Musqueam) and Syilx (Okanagan) peoples, and that UBC’s activities take place on Indigenous lands throughout British Columbia and beyond.

Research Data Management @ UBC

UBC Vancouver & UBC Okanagan
UBC Library | Office of the Chief Information Officer | Vice-President, Research and Innovation,
Website rdm.ubc.ca

UBC receives support for managing its research enterprise from the federal Research Support Fund.

UBC Crest The official logo of the University of British Columbia. Urgent Message An exclamation mark in a speech bubble. Caret An arrowhead indicating direction. Arrow An arrow indicating direction. Arrow in Circle An arrow indicating direction. Arrow in Circle An arrow indicating direction. Chats Two speech clouds. Facebook The logo for the Facebook social media service. Information The letter 'i' in a circle. Instagram The logo for the Instagram social media service. External Link An arrow entering a square. Linkedin The logo for the LinkedIn social media service. Location Pin A map location pin. Mail An envelope. Menu Three horizontal lines indicating a menu. Minus A minus sign. Telephone An antique telephone. Plus A plus symbol indicating more or the ability to add. Search A magnifying glass. Twitter The logo for the Twitter social media service. Youtube The logo for the YouTube video sharing service.