October 29, 2020
Office of The Director, National Institutes of Health (OD)
This supplemental information is intended to help researchers choose data repositories suitable for the preservation and sharing of data (i.e., scientific data and metadata) resulting from National Institutes of Health (NIH)-funded and conducted research. NIH promotes the use of established data repositories because deposit in a quality data repository generally improves the FAIRness (Findable, Accessible, Interoperable, and Re-usable) of the data.
While NIH supports many data repositories, it will not necessarily provide data repositories to preserve and share all data resulting from the research it funds. The broader repository ecosystem for biomedical data includes data repositories supported by other organizations, both public and private. NIH anticipates that the broader repository ecosystem will continue to evolve over time, providing different options for researchers as their data sharing needs continue to evolve.
Similarly, while discipline or data-type specific repositories may not exist for every type of data resulting from NIH-funded or conducted research, the broader repository ecosystem provides suitable data repositories to accommodate scientific data generated from all of NIH’s funded or conducted research projects. Researchers may wish to consult experts in their own institutions (e.g., librarians, data managers) for assistance in selecting among data repositories.
NIH encourages researchers to select data repositories that exemplify the desired characteristics (see lists I. and II. below relating to data repository characteristics), including when a data repository is supported or provided by a cloud-computing or high-performance computing platform. These desired characteristics aim to ensure that data are managed and shared in ways that are consistent with FAIR data principles.
Selecting a Data Repository
I. Desirable Characteristics for All Data Repositories.
The characteristics in this section are relevant to all repositories that manage and share data resulting from Federally funded research:
A. Unique Persistent Identifiers: Assigns datasets a citable, unique persistent identifier (PID), such as a digital object identifier (DOI) or accession number, to support data discovery, reporting (e.g., of research progress), and research assessment (e.g., identifying the outputs of federally funded research). The unique PID points to a persistent landing page that remains accessible even if the dataset is de-accessioned or no longer available.
B. Long-Term Sustainability: Has a plan for long-term management of data, including maintaining integrity, authenticity, and availability of datasets; building on a stable technical infrastructure and funding plans; and having contingency plans to ensure data are available and maintained during and after unforeseen events.
C. Metadata: Ensures datasets are accompanied by metadata to enable discovery, reuse, and citation of datasets, using schema that are appropriate to, and ideally widely used across, the community(ies) the repository serves. Domain-specific repositories would generally have more detailed metadata than generalist repositories.
D. Curation and Quality Assurance: Provides, or has a mechanism for others to provide, expert curation and quality assurance to improve the accuracy and integrity of datasets and metadata.
E. Free and Easy Access: Provides broad, equitable, and maximally open access to datasets and their metadata free of charge in a timely manner after submission, consistent with legal and ethical limits required to maintain privacy and confidentiality, Tribal sovereignty, and protection of other sensitive data.
F. Broad and Measured Reuse: Makes datasets and their metadata available with broadest possible terms of reuse; and provides the ability to measure attribution, citation, and reuse of data (i.e., through assignment of adequate metadata and unique PIDs).
G. Clear Use Guidance: Provides accompanying documentation describing terms of dataset access and use (e.g., particular licenses, need for approval by a data use committee).
H. Security and Integrity: Has documented measures in place to meet generally accepted criteria for preventing unauthorized access to, modification of, or release of data, with levels of security that are appropriate to the sensitivity of data.
I. Confidentiality: Has documented capabilities for ensuring that administrative, technical, and physical safeguards are employed to comply with applicable confidentiality, risk management, and continuous monitoring requirements for sensitive data.
J. Common Format: Allows datasets and metadata downloaded, accessed, or exported from the repository to be in widely used, preferably non-proprietary, formats consistent with those used in the community(ies) the repository serves.
K. Provenance: Has mechanisms in place to record the origin, chain of custody, and any modifications to submitted datasets and metadata.
L. Retention Policy: Provides documentation on policies for data retention within the repository.
II. Additional Considerations for Repositories Storing Human Data (even if de-identified)
The additional characteristics outlined in this section are intended for repositories storing human data, which are also expected to exhibit the characteristics outlined in Section I, particularly with respect to confidentiality, security, and integrity. These characteristics also apply to repositories that store only de-identified human data, as preventing re-identification is often not possible, thus requiring additional considerations to protect privacy and security.
A. Fidelity to Consent: Employs documented procedures to restrict dataset access and use to those that are consistent with participant consent (such as for use only within the context of research on a specific disease or condition) and changes in consent.
B. Restricted Use Compliant: Employs documented procedures to communicate and enforce data use restrictions, such as preventing reidentification or redistribution to unauthorized users.
C. Privacy: Implements and provides documentation of appropriate approaches (e.g., tiered access, credentialing of data users, security safeguards against potential breaches) to protect human subjects’ data from inappropriate access.
D. Plan for Breach: Has security measures that include a response plan for detected data breaches.
E. Download Control: Controls and audits access to and download of datasets (if download is permitted).
F. Violations: Has procedures for addressing violations of terms-of-use by users and data mismanagement by the repository.
G. Request Review: Makes use of an established and transparent process for reviewing data access requests.
NIH Office of Science Policy