Here is a list of topics and thoughts that I considered adding to it.
- Responsibility / liability:
- Describe in detail what is our infrastructure in terms of security of the data: RAID redundancy, off-site backup,…
- Define what would be the responsibility in case of data loss (in our case, I guess none)
- Remind that the use of the database is subject too to the institutional terms. That covers a lot of the basics (no password sharing, no right to use someone else’s data,…)
- Who owns the data: essentially clarifying that we do not own the data
- In which context to keep the data: Data in the default group must be moved to a group within X months. We want to avoid group / PI orphaned data.
- How long do we keep the data:
- My idea would be, non annotated data must be removed after x years. Annotated data must be associated to a DMP (data management plan) and we would comply with that.
- What do we consider ‘annotated’? I was thinking to base this on the requirements of IDR, as a reference.
- Cost: We are currently not charging for the storage but, unfortunately we might have to one day. Two thoughts on this:
- I’d like to open the door to this possibility saying something like ‘We might charge in the future’ and limit this to the price that academic institutions charge for this.
- Unfortunately, making users pay is a efficient way to get them to clean up unnecessary data.
I wondered if anyone had something like that in place. I’d be happy with any resource, comment, idea, opinion,… about this. I tag this with omero, but of course the principles are going to be the same independently of the database used.