Research Data Access and Ownership

University Policy: 06-210 Research Data Access and Ownership
Last Revised:
Responsible Executive: Vice President for Research
Responsible Office: Research
Download the Policy: (PDF)
**The PDF is the official text of the policy. If there are any incongruities between the text of the HTML version and the text within the PDF file, the PDF will be considered accurate and overriding.**


1.1. Individual researchers and Oregon State University (“university”) have rights and responsibilities associated with research data acquired or developed by the university. This policy describes baseline requirements for retention of, and access to, data and other records of research conducted under the auspices of the university.

1.2. Research agreements may include terms and conditions stricter than this policy. Exceptions to this policy may be made when precluded by law or by specific terms of sponsorship, other agreements, or resolutions, or as otherwise determined and documented by an Authorized Institutional Official.


2.1. As part of its mission, university researchers generate and disseminate significant amounts of research data, and accurate and detailed research records are an essential component of any research project. The long-term integrity of the research record requires that research data be preserved in sufficient detail and for an adequate period of time to enable appropriate responses to questions about accuracy, authenticity, authorship, adherence to funder/sponsor requirements, and compliance with laws and regulations governing the research.

2.2. An effective partnership between researchers, schools, colleges, and university administration is essential to ensuring the integrity of research data from collection through dissemination, as well as long-term use, access, and preservation. As data stewardship is a shared responsibility, it is important that all stakeholders within the university’s research enterprise have a shared understanding of their rights, obligations, and institutional expectations related to research data. This policy facilitates transparency, reinforces principles of open scientific inquiry, provides clarity around collaborative activities and data sharing, and supports compliance with federal regulations.

2.3. The purpose of this policy is to ensure that research data are maintained, archived, and transferred in a manner that facilitates access and review, as needed for university operations and to comply with the expectations put forth by federal regulations and sponsoring agencies.


3.1. This policy applies to all university employees (whether permanent or visiting and regardless of appointment type), students, and any other persons involved in the design, conduct, or reporting of university research. Exceptions related to data generated or acquired by students are noted in later sections of this policy.

3.2. This policy applies to all research data, regardless of funding and funding source. Research data are a subset of university data, which is defined and governed by University Policy 08- 015 University Data Management, Classification, and Incident Response.

3.3. If the research data are generated or acquired through collaborative research, multiple organizations or individuals may share responsibility.


4.1. Authorized institutional official: The vice president for research or designee when authorized to sign agreements on behalf of the university.

4.2. Data management: All actions contributing to the collection, organization, documentation, analysis, integrity, accuracy, security, retention, preservation and sharing of research data.

4.3. Data management plan: A document produced by the PI that captures any associated data restrictions or agreements to a particular research effort and describes data security, data sharing and data destruction requirements for a particular research effort.

4.4. Principal investigator (“PI”): This is a general term for the lead or principal researcher on a given project.

4.5. Project closeout: The time when a project is considered completed, generally, when data analysis is complete and all applicable administrative actions and required work of an award or project have been completed. The precise timing of closeout may vary depending on whether the project was faculty or student-driven, whether the research was funded, and the related terms of the funding award or contract.

4.6. Research data: Broadly, research data consist of records of research that are necessary for the reconstruction and evaluation of research results and the events and processes leading to those results, regardless of the form of the media on which they are recorded.

4.6.1. Examples include, but are not limited to, any primary or secondary data and related documentation (whether analyzed or not), laboratory and field notebooks, images, slides, recordings, data contained in theses and dissertations, consent forms, analyses and results.

4.6.2. Details related to what information or material might constitute research data will depend on the specific federal regulations, sponsor requirements, and field of study applicable to a given research project. It is the responsibility of the PI to be knowledgeable about how research data are defined in the context of their project.


5.1. General Responsibilities

5.1.1. Principal Investigator. Matters of data integrity, accuracy, and security, are the shared responsibility of all individuals involved in a research or sponsored project. The Principal Investigator (PI) has the ultimate responsibility for and authority over, the collection, management, security, access, and retention of research data for the period specified by this policy.

5.1.2. Research Office. The Research Office is responsible for making available, through posted policies, any requirements for retention of research data beyond the minimum period specified by this policy; securing intellectual property rights in research data; approving transfer of research data and associated intellectual property rights; and conducting inquiries and investigations stemming from allegations of scientific misconduct.

5.1.3. Office of Information Security. The Office of Information Security is responsible for providing advice and guidance to the research community to enable the protection of research data and advising the vice president for research on information security as necessary.

5.2. Regulatory Responsibilities

5.2.1. Responsibilities related to research records are based on sound management principles, state laws (ORS 192.410-192.505 Oregon Public Records Law) and federal regulations (2 CFR 215.53 Retention and Access Requirements for Records).

5.2.2. The university’s responsibilities for research data management include, but are not limited to:

a. Complying with the terms of applicable research agreements, such as sponsored project, data use, and material transfer agreements;

b. Ensuring the appropriate use of animal subjects, human subjects, recombinant DNA, biological agents, and radioactive materials;

c. Protecting the rights of faculty, staff, and student access to data from research in which they participated;

d. Providing information security guidance and processes appropriate to protect the research data;

e. Securing the intellectual property rights of the university;

f. Facilitating the management of conflicts of interest; and

g. Handling allegations of research misconduct.

5.3. Management

5.3.1. The PI is responsible for working with their college and the university to comply with this policy and to identify data management requirements that go beyond standard requirements, such as those issued by the funding agency.

5.3.2. All research data must have a named custodian. The PI is the custodian of research data, and therefore the individual ultimately responsible for following best practices in their field of research and for ensuring that research data are managed according to this and other university policies. In the event that a project or team does not have a named PI, the responsibility will default to the college or unit leadership or designee.

5.3.3. The PI is responsible for the collection, management, and retention of research data but may delegate related data management tasks to members of the research team. The PI is responsible for ensuring that designees have the training necessary to maintain the integrity of the data and adhere to this policy.

5.3.4. Research data should be managed, shared, and stored according to best practices during analysis and final storage. This includes:

a. Adopting an orderly system of data organization and communicating the chosen system to all members of a research group and applicable administrative personnel.

b. Utilizing current best practices for appropriate storage options. Researchers can obtain more information from their unit’s IT leaders.

c. Archiving the data in a good quality repository (e.g., the institutional repository ScholarsArchive@OSU). Providing ample documentation that will enable reuse, a unique identifier to facilitate citation, and a license when required.

5.3.5. Data should be made publicly available, when appropriate and as permitted by law and the relevant oversight committees.

5.3.6. PIs are responsible for establishing procedures for the protection of records in the event of a natural disaster or other emergency.

5.4. Data Retention

5.4.1. Unless a longer period is specified, university research data should be archived for a minimum of five years after the final project closeout. Typically, state laws, federal regulations, and sponsored agreements require that records be maintained for three to seven years, depending on the governmental organization. Any of the following circumstances may justify longer periods of retention:

a. If the terms of a sponsored research agreement administered by the Office of Sponsored Research and Award Administration (“OSRAA”) or other university unit requires a longer retention period;

b. If protection of intellectual property resulting from the work is necessary;

c. If any allegations regarding the research arise, such as research misconduct or undisclosed conflict of interest, data must be retained for a minimum of seven years after the resolution of the matter, or as required by other applicable university policies or sponsored agreements;

d. If a student is involved in generating or acquiring data, that data must be retained until the degree is awarded or until it is clear that the student has abandoned the work.

5.4.2. Exceptions to data retention determinations may be considered and granted in writing by an Authorized Institutional Official.

5.4.3. Beyond the period of retention specified here, the destruction of research records must comply with University Policy 04-010 Records Retention.

5.4.4. Retention alone does not convey permission or rights to access for reasons other than audit or investigation.

5.5. Data Security

5.5.1. Research data that include confidential information, proprietary university information, controlled unclassified information, proprietary commercial information, or export-controlled information, must have adequate security protections. It is the responsibility of the PI to identify the classification of their data and to provide appropriate protections in accordance with the University Policy 08-015 Data Management, Classification, and Incident Response, as well as any additional data security that may be specifically required under the law or terms of a sponsored agreement.

5.5.2. It is the responsibility of the PI to immediately report any suspected or proven disclosure or exposure of individually identifiable information or other restricted data in the custody of the PI to the Office of Information Security.

5.6. Access Control

5.6.1. The University is responsible for the integrity of research data for the retention period specified in this policy, even after the PI has left the university. Therefore, the research data must remain at the university, subject to previous agreements or legal requirements.

5.6.2. Consistent with the precepts of academic freedom and intellectual integrity, researchers will be permitted to retain copies of the records and materials they created unless a prior agreement impacts such retention.

5.6.3. When all or part of a collaborative team is dissolved, each member of the team (OSU-affiliated or not) shall have reasonable access to the data and materials with which they had been working, unless some other agreement was established prior to the dissolution.

a. A student typically owns the copyrights to materials the student generates in the course of their studies, including their thesis or dissertation. Additional factors may impact the copyright, such as the inclusion of materials that were created by others (“third party materials”) or joint authorship. Students must observe the data practices and policies established for the lab and other curricular environments in which they pursue scholarly activity.

b. Students leaving the university or remaining at the university but changing advisors may retain control of data they generate or acquire in their individual academic work (separate and apart from the work of the research team), unless an agreement between the student and the PI, or a funding or other agreement assigns that control differently.

c. The university has the right to access all research records, as specified in this policy, whether or not an agreement includes provisions for this access and irrespective of whether the records are located on university-owned or personally controlled equipment or devices. The university may take custody of the primary data or of all research records to ensure needed and appropriate access as needed, including for example, to facilitate a response to an allegation of research misconduct.

d. Federal agencies have the right to timely and unrestricted access to the federally sponsored research data (2 CFR 215.53).

5.7. Transfer of Records and Data

5.7.1. When the PI or other key personnel leave the university, they may obtain permission to transfer the research data associated with projects on which they have worked.

5.7.2. A written agreement on the transfer of primary research data must be negotiated by the PI and the department or unit head and signed by an Authorized Institutional Official prior to the transfer of primary research data. Without a written agreement in place, departing researchers are limited to the access described in Section 5.6 of this policy.

5.7.3. In the event that the PI leaves the university prior to the end of the record retention period, it is the responsibility of the unit head to identify to whom the ongoing custodial responsibilities will be transferred.

5.7.4. In the event that a transfer of primary data is permitted, a written agreement must include:

a. Adoption by the new institution or party of all custodial responsibilities for the data;

b. Recognition of the university’s continued ownership of the data, when applicable; and,

c. Guaranteed access by the university to that data, should such access become necessary.

5.8. Dispute Procedures

5.8.1. College leadership should facilitate resolution of disputes concerning access and ownership of research data.

5.8.2. When disputes involve a graduate student, post-doctoral fellow, or post-doctoral scholar, college leadership should work to resolve them in collaboration with the Graduate School.

5.8.3. Unresolved disputes should be referred to the vice president for research.

5.8.4. Disputes regarding authorship as an academic issue are outside the scope of this policy.


6.1. None.


7.1. None.


8.1. Support

8.1.1. Assistance with data management OSU Valley Library:

8.1.2. Assistance and guidance regarding measures to protect research data Office of Information Security:

8.1.3. Requests for transfer of research data can be directed to the Research Office and the Office for Commercialization and Corporate Development

8.2. State Laws and Federal Regulations

8.2.1. Oregon Revised Statutes Chapter 192 – Records; Public Reports and Meetings (ORS 192.410-192.505)

8.2.2. 2 CFR 215.53 Retention and access requirements for records…- part215-subpartC.xml.

8.2.3. Office of Laboratory Animal Welfare (OLAW)

8.2.4. 9 CFR 2: Animals and Animal Products Chapter I, Subchapter A, Part 2, Subpart C2.35 Recordkeeping requirements and 45 CFR 46.115 IRB Records

8.3. Related University Policies

8.3.1. All university policies may be found within the University Policy and Standards Manual ( 08-005 Acceptable Use of Computing Resources; 580-043 Inventions, Licenses, Materials Development, Patents and Copyright; 04-010 Records Retention; 08-015 University Data Management, Classification, and Incident Response.

8.3.2. Human Research Protection Program (unit-level policy)…

8.4. Additional Information

8.4.1. Acknowledgements. This policy reflects guidance published by the Department of Health and Human Services and the Council on Governmental Relations, borrows extensively from the best practices of a variety of universities, and is the result of a collaborative effort by faculty and staff across the OSU community including the Research Office, the Graduate School, the Valley Library, and the Office of Information Security. This policy builds on ideas freely shared between universities and exists because of the generosity and collegiality demonstrated by the community of professionals throughout higher education who endeavor to advance research.

8.4.2. Additional Sources of Information

a. National Institutes of Health, NOT-OD-21-013 – Final NIH Policy for Data Management and Sharing….

b. U.S. Department of Health and Human Services, Office of Research Integrity RCR Resources, Data Management

c. Council on Government Relations Access to, sharing and retention of research data: Rights and Responsibilities (03/01/2012)… earch_data-_rights_%26_responsibilities.pdf.

d. Wilkinson, M., Dumontier, M., Aalbersberg, I. et al. The FAIR Guiding Principles for scientific data management and stewardship. Sci Data 3, 160018 (2016).


9.1. Adopted as unit rule: The Oregon State University Research Office adopted unit rule Research Data Access and Ownership on November 11, 2021.

9.2. Revised: Research Office unit rule Research Data Access and Ownership was revised, renumbered, and adopted as University Policy 06-210 Research Data Access and Ownership on August 26, 2022.

9.3. Next scheduled review date: August 2027.




Program for Responsible Research Practices