• Section 1 - Purpose
• Background
• Scope
• Section 2 - Policy
• Part A - General Principles
• Research Data Management Responsibilities
• Data Ownership
• Supervising Research Trainees
• Part B - Roles and Responsibilities
• Researchers
• Research Data Custodian
• Research Data Steward
• Authorised User
• Principal Investigator
• Research Integrity Advisor
• Section 3 - Procedures
• Section 4 - Guidelines
• Section 5 - Definitions

Section 1 - Purpose

(1) This Policy outlines how the principles and responsibilities of the Macquarie University Code for the Responsible Conduct of Research (the Macquarie Research Code) must be applied to the management of Research Data at Macquarie University.

(2) This Policy outlines the expected approach to the collection, storage, sharing, and dissemination of Research Data or information that facilitates reuse of Data by the research community, while honouring ethics or confidentiality requirements and any contractual obligations imposed on Macquarie University by its sponsors, collaborators, partners, third-party providers, or funding bodies.

Background

(3) Research Data and Primary Materials are a valuable product of research activity which can assist in promoting open inquiry and debate, complementing other Research Outputs and publications, providing research transparency, and justifying research outcomes.

(4) Following the Management of Data and Information in Research: A guide supporting the Australian Code for the Responsible Conduct of Research, issued by the National Health and Medical Research Council, the Australian Research Council and Universities Australia 2019, this Policy guides researchers to comply with their responsibility to “retain clear, accurate, secure and complete records of all research including Research Data. Where possible and appropriate, allow access and reference to these by interested parties”.

Scope

(5) This Policy applies to anyone who conducts Research or research support under the auspices of Macquarie University, in accordance with the Macquarie Research Code.

(6) The expected practices are described for all Macquarie University Researchers, but additional requirements may be imposed on those involved with external/overseas institutions, or where required by local legislation (for example, in the case of Graduate Research Students subject to cotutelle or joint PhD agreements, or Researchers with a conjoint appointment). Researchers must comply with and disclose all relevant legal and regulatory requirements that pertain to their Data or information collected, used or disclosed (refer to the Research Data Management Procedure regarding data governance documentation).

(7) Researchers may consult with a Research Data Steward for advice in relation to the implementation of this Policy.

(8) This Policy adheres to and complements the Macquarie University Cyber Security Policy (and associated information) and will be reviewed periodically, following changes to those policies, to the Australian Code for the Responsible Conduct of Research 2018 or related policies or when new data infrastructure is available to support Researchers to manage their Data.

Section 2 - Policy

Part A - General Principles

Research Data Management Responsibilities

(9) Researchers must adhere to the following Research Data management obligations:

1. Data creation, collection, storage and management, and the provisions for its access from its creation or collection to its preservation must be documented early in the research process (via a Data Management Plan);
2. appropriate records of relevant approvals, protocols, authorisations and other administrative documents such as ethics and financial approvals, receipts, and consent forms must be retained;
3. Data must be accurate, secure, complete, and documented with enough detail to enable verification of research results and to reflect what was communicated, decided, or done throughout the research process;
4. where possible, Data, Primary Materials, and records should be digitised, recorded in a durable and retrievable form, stored in institutionally sanctioned infrastructure (refer to the Research Data Sensitivity, Security and Storage Guideline), appropriately indexed and described by Metadata, and backed up. Where appropriate, Metadata should contain the location of any physical object being digitised. Data should conform to disciplinary standards and protocols, comply with relevant laws and regulations, and meet publisher and funder requirements;
5. Data and any digital research objects must be retained to substantiate research results and published claims. Researchers should determine what Data and materials need to be retained based on legislative requirements, conditions imposed by publishers or funders and best practice conditions in a discipline;
6. Data Security and Data access arrangements for Data or materials must be implemented in proportion to the sensitivity of the information to protect it from inappropriate access and use (a Data Breach). Minimum security considerations to be applied to Data containing Sensitive Information are outlined in the Research Data Sensitivity, Security and Storage Guideline;
7. where possible and appropriate, Data and materials must be collected or generated, stored, and shared under a License in a way which incorporates the Findable, Accessible, Interoperable, and Reusable (FAIR) Data Principles, with access allowed to interested parties, thereby enabling its reuse in future research;
8. arrangements for Research involving Indigenous peoples and communities must reflect the considerations of the Australian Institute of Aboriginal and Torres Strait Islander Studies (AIATSIS) Code of Ethics for Aboriginal and Torres Strait Islander Research and Community benefit, Authority to control, Responsibility, and Ethics (CARE) Principles;
9. plans for end-of-project publication of Data Outputs or Data Archiving/accession to appropriate Data Repository must be documented and be based on the principle of ‘As open as possible, as closed as necessary’ (EU Horizon2020). In the absence of justifiable reasons such as respect for cultural sensitivity (see for example 9.e) or unmanageable risks regarding Sensitive or Highly Sensitive Information (8.f), Researchers should lodge Data Outputs publicly within a Data Repository, without mediation, under an open license. Data that cannot be exposed without mediation should be lodged in a repository supporting Mediated Access with clear instructions describing Data Access Conditions. Valid reasons must be articulated explicitly for mediating or restricting Data access or for more restrictive licensing;
10. Data management for all projects involving human research must comply with the National Statement on Ethical Conduct in Human Research (2025). In the case of identifiable (or plausibly re-identifiable) personal data or data from human research participants, the consent obtained must be adhered to. Such consent must clearly state proposed Data Retention, confidentiality, access, Data Dissemination and reuse conditions;
11. Data management for all projects involving animal research must adhere to protocols approved by an Animal Ethics Committee as per the Animal Research Act 1985 and the principles of the Australian Code for the care and use of animals for scientific purposes (2013) including the 3Rs (Replacement, Reduction and Refinement) by making data re-usable where possible;
12. project-specific protocols must be articulated and followed when they require measures that are beyond those outlined in this document or the associated Procedure or Guideline, relevant University Policies, discipline-specific practices, or relevant laws, regulations, and guidelines. For example, Data collected from other countries must comply with relevant foreign legislation of that country;
13. inappropriate actual or potential use of, access to, or loss of sensitive data, must be reported in accordance with the Cyber Security Policy. Reportable incidents could include incidents that have implications on personal security, commercial-in-confidence data, work health and safety, privacy or security matters involving trade, defence or the environment. Privacy and Data Breaches must be reported as outlined respectively in the Privacy Policy and the Data Breach Policy and to the appropriate Human Research Ethics Committee (or other committee if applicable) for appropriate management; and
14. while all Researchers are responsible for Data and materials management, the Principal (lead) Investigator of a research project is ultimately responsible for ensuring that Data is managed in accordance with this Policy, or for ensuring their assigned Research Data Custodian has the authority and the relevant training and experience to do so.

Data Ownership

(10) This clause outlines data governance and ownership standards for Macquarie University research staff and students and must be read in conjunction with the University’s Intellectual Property Policy:

1. subject to the Intellectual Property Policy and any third-party agreement, Macquarie University may assert ownership of all Data and the Intellectual Property (IP) created during the collection or use of the Data;
2. the assertion of University ownership of the Data does not preclude further research use of the Data by former Researchers as long as such use adheres to the provisions of this Policy and the Macquarie University Code for the Responsible Conduct of Research. Subject to any existing obligations or agreements, Researchers may be permitted to retain copies of their Data for their continued research use. In instances where the Data has been collaboratively created, an agreement regarding data sharing must be established with co-creators, who may also hold copies of the Data;
3. for Macquarie University owned IP, Graduate Research Students or Macquarie University staff may request to retain a copy of the Data collected or created during their research. The request must be made by referring to the relevant Intellectual Property Procedure;
4. where a research project involves multiple institutions, an agreement must be reached at the outset of the project that covers the management, custodianship, storage, retention, disposal and dissemination of the Data at each institution (following the Research Collaboration with Third Parties Procedure); and
5. with respect to the ownership of the data used in or generated by Research involving Indigenous peoples and communities, data governance should reflect the considerations of the AIATSIS Code of Ethics for Aboriginal and Torres Strait Islander Research, Indigenous Cultural and Intellectual Property (ICIP) Principles (e.g. True Track Principles) and the Maiam nayri Wingara Indigenous Data Sovereignty principles. In general, Macquarie University or its Researchers may hold Data or information but should not make decisions about the access to or reuse of this data or information without proper consultation with its Indigenous owners, if any.

Supervising Research Trainees

(11) Research mentors and supervisors have a responsibility to help Researchers under their supervision develop the necessary skills for appropriate Data management, understand their obligations, and meet Data management requirements.

Part B - Roles and Responsibilities

Researchers

(12) Researchers must:

1. ensure their conduct reflects the principles and responsibilities in the Macquarie University Code for the Responsible Conduct of Research and the practices described in this Policy;
2. implement the requirements of the Research Data Management Procedure;
3. report potential Breaches of the Macquarie University Code for the Responsible Conduct of Research or Data Breaches in a timely manner in accordance with the Data Breach Policy and the Cyber Security Policy; and
4. undertake training and/or seek advice as required to implement this Policy and FAIR and CARE Data Principles.

Research Data Custodian

(13) The Research Data Custodian of a given project is an authorised person (either the Principal Investigator or another investigator nominated by the Principal Investigator) responsible for the collection, storage, or transmittal of data, ensuring the implementation of this Policy, including developing and maintaining a Data Management Plan (DMP).

(14) The Research Data Custodian will be the administrative point of contact for queries regarding the Data, including for access to Data which is classed as Mediated Access (restricted or special) for a given research project. This will often, but not always, be the Principal Investigator on a project. Research Data Custodians may change over time.

Research Data Steward

(15) The Research Data Stewards are designated by the Deputy Vice-Chancellor (Research) or their nominee to help ensure that Data are classified appropriately and managed in accordance with their sensitivity. They also help provide appropriate training to users who interact with Data. To accomplish these tasks, Research Data Stewards will collaborate with IT, Library, Legal, Research Ethics and Integrity, and Risk Management teams.

(16) Research Data Stewards may:

1. review and provide advice on Data Management Plans regarding compliance with Policy or audit selected projects for compliance;
2. assist the University in the event of an external audit;
3. review requests for or assist with bespoke Data management or curation arrangements; and
4. provide support to Researchers with Data management, curation, or access queries.

Authorised User

(17) An Authorised User is a person who is authorised by the Research Data Custodian to access and use the Data as specified in the applicable Data Management Plan (DMP).

(18) Authorised Users must:

1. use the Data only for the purpose specified in the DMP; and
2. comply with controls established by the Research Data Custodian, outlined in the DMP.

Principal Investigator

(19) The Principal Investigator of a research project is chiefly responsible for:

1. ensuring that Data and materials management for any project under their lead is undertaken in accordance with the Macquarie University Code for the Responsible Conduct of Research;
2. clearly articulating governance, ownership, custodianship and intended use of any data collected, generated or collated as part of their research at the start of a research project;
3. creating a research Data Management Plan, nominating Research Data Custodians, ensuring relevant members of the project team are granted appropriate access to the active Data (at appropriate times) as Authorised Users, and that all Authorised Users are equipped with the knowledge and skills to implement this Policy;
4. ensuring that adequate controls are in place to ensure the accuracy, authenticity, and integrity of the Data; and
5. ensuring that clear, accurate and complete records and Research Data are stored, retained or archived as appropriate for the discipline and in accordance with legislative requirements at key stages of the research project (e.g. publication, grant or ethics closure) or upon operational cessation of the research project.

(20) The Principal Investigator of a project may assign some of the above responsibilities to a Research Data Custodian.

Research Integrity Advisor

(21) Research Integrity Advisors must have a good knowledge of the Macquarie University Code for the Responsible Conduct of Research, accompanying procedures, policies and processes and provide advice to those with concerns or complaints about potential Breaches of the Macquarie University Code for the Responsible Conduct of Research.

Section 3 - Procedures

(22) Refer to the Research Data Management Procedure.

Section 4 - Guidelines

(23) Refer to the Research Data Sensitivity, Security and Storage Guideline.

Section 5 - Definitions

(24) The following definitions apply for the purpose of this Policy. These definitions have been adapted and modified from the Australian Code for the Responsible Conduct of Research, 2018, the Management of Data and Information in Research: A guide supporting the Australian Code for the Responsible Conduct of Research, the National Statement on Ethical Conduct in Human Research (2023), and from other resources noted in the associated information section of this Policy (including the Australian Data Archive):

1. Breach means a failure to meet the principles and responsibilities of the Macquarie Research Code (including failing to meet the standards or Policies accompanying the Macquarie Research Code). Breaches occur on a spectrum from minor to more serious Breaches. A serious Breach of the Macquarie Research Code which is also intentional or reckless or negligent constitutes research misconduct.
2. CARE Principles address and ensure that Indigenous rights are enacted in the use of Indigenous Data and uphold the knowledge authority of the Indigenous peoples and the purpose behind the Data.  The term 'CARE' stands for Collective benefit, Authority to control, Responsibility, and Ethics.
3. Data or Research Data may differ from discipline to discipline. Data means any information, sources, facts, observations, experiences, measurements, or materials that are generated, collected, collated or used in the conduct of research for purposes of substantiating research scholarship and findings. This may include, but is not limited to, information or primary (see 25(x)) and secondary (see 25(ac)) materials held in any digital format or media, or anything that can be digitised, on which an argument, theory, test or hypothesis, or another Research Output is based. Data may also include other ‘digital research objects’ such as analytical code that support research outcomes. Research data may be in the form of facts, observations, images, computer program results, recordings, questionnaires/surveys, biographies, audio files, physical specimens or artefacts, measurements, experiences or various other forms. Data may be numerical, descriptive, visual or tactile and could be raw, cleaned or analysed.
4. Data referred to in this Policy does not include the information about research performance or statistical research data which is used by Macquarie University for planning and budget purposes or that which is reported to government agencies, e.g., Excellence in Research for Australia (ERA).
5. Data Access Conditions may include specific restrictions on how people can gain access to the Data Output and should be determined by the sensitivity of the information.
6. Data Archiving involves the long-term preservation and storage of research data for future reference. It typically occurs at key stages of a research project (publication, grant or ethics closure) or upon operational cessation of a research project. Archiving ensures data remains available even after the project concludes. 
7. Data Breach is the accidental or deliberate access or exposure of Macquarie University information (including research data) to unauthorised parties. Potential or actual Data Breaches must be reported appropriately in accordance with the Data Breach Policy and the Cyber Security Policy.
8. Data Dissemination refers to making data available to a wider audience through traditional (e.g., publishing in a trusted Data Repository) or non-traditional (e.g., database, collection, registry, exhibition, social media, website) methods. Ultimately, Data is shared so it can be reused. 
9. Data Lifecycle refers to the various stages that Data goes through from initial creation or capture to eventual archiving, publishing and/or re-using. Data have a longer lifespan than the project that creates them, and there is a need for all stages of the Data Lifecycle to be planned.
10. Data Management Plan describes the management of data through all stages of its lifecycle and includes documentation of how data will be created, collected, stored, and managed, and the provisions for access to data from its creation or collection to its preservation (refer to the Research Data Management Procedure).
11. Data Output refers to any output that communicates, disseminates, or makes available the research data to the public or to other researchers. Data Outputs may include digital data assets, techniques, algorithms, and software. Data Outputs should be deposited in a Data Repository with appropriate Data Access Agreement and terms of use.
12. Data Repository is information infrastructure, which may also be known as a data library or data archive. A Data Repository is used to store Data for the long term and often supports data sharing or publication (open or mediated access) and Data reuse reporting. Data Outputs should be deposited in a domain-specific, domain-general, or institutional Data Repository. The submission of a Data Output into a Data Repository is often a requirement for publication or funding. Data repositories differ in their ability to offer users the ability to set Mediated Access conditions. Research Data containing Sensitive Information that is being deposited into an online repository should have appropriate Mediated Access conditions assigned to it (refer to ‘Mediated Access’ or ’Specialised Access’ in the Research Data Sensitivity, Security and Storage Guideline. A restrictive license is also applied that limits redistribution of the Data.
13. Data Retention refers to the length of time that Data and records are kept after research project completion for the purpose of meeting legislations, funders, organisation, and other requirements.
14. Data Security refers to the process of protecting Data from unauthorised access and Data corruption throughout all stages of its lifecycle. This may include practices such as: data encryption, two factor authentication, backup and other key management practices that protect data across all applications and platforms. Refer to the Research Data Sensitivity, Security and Storage Guideline.
15. Data Sensitivity Categories ensure that research data at Macquarie University are grouped according to the level of sensitivity of the information in that Data. The categories are: General, Sensitive, and Highly Sensitive. The level of sensitivity determines the minimum security and safety measures that should be applied to the data throughout its lifecycle and helps determine the access conditions that can be applied to any Data Output being generated and disseminated. Data Outputs being generated from data classed as General, can usually have Unmediated or Open access and be liberally licensed. Data Outputs being generated from data classed as Sensitive or Highly Sensitive would generally have Mediated Access (Restricted or Specialised) conditions applied - with varying degrees of Mediated Access and more restrictive licensing. Refer to the Research Data Sensitivity, Security and Storage Guideline for more details.
16. FAIR Data Principles are implemented to enhance and improve the findability, accessibility, interoperability, and reusability of Data and relate to the machine-actionability of the Data (i.e., the capacity of computational systems to find, access, interoperate, and reuse data with none or minimal human intervention). They should be considered and reflected in the management of data.
17. Indigenous Data encompasses information or knowledge, including Data on Indigenous lands, resources and environment, Data about Indigenous peoples, Data about Indigenous languages, cultural practices and cultural heritage and Data from Indigenous peoples or communities, in any form, that pertains to and may impact Indigenous peoples both collectively and individually.
18. Intellectual Property (IP) includes all copyright and all rights in relation to inventions (including patent rights), registered and unregistered trademarks (including service marks), registered and unregistered designs, confidential information, and circuit layouts and all other intellectual property rights resulting from intellectual activity in the academic, industrial, scientific, literary, and artistic fields recognised in domestic law anywhere in the world.
19. License offers researchers and institutions a standardised way of sharing Data Outputs with others and understanding their rights to use a Data Output generated by other researchers without infringing copyright. When a Data Output is being produced at Macquarie University, a licence (such as one that is defined by the Creative Commons) should be assigned, which sets out the uses that may lawfully be made of the Data Output, and specifies the conditions under which its future use must comply.
20. Macquarie Research Code (Macquarie University Code for the Responsible Conduct of Research) sets out the principles that underpin an honest, ethical, and conscientious research culture and the expectations for the conduct of research under the auspices of Macquarie University.
21. Macquarie Research Code Procedure (Macquarie University Research Code Complaints, Breaches and Investigation Procedure) outlines the process for managing complaints, concerns or allegations regarding the conduct of research and describes how potential or actual departures from the principles and responsibilities outlined in the Macquarie University Code for the Responsible Conduct of Research should be reported, assessed, investigated and managed.
22. Mediated Access data has been deposited in a repository but requires a request from any would-be user, followed by the granting of permission for the use of the data either from a representative of the repository (e.g., ‘restricted access' data in the Macquarie Research Data Repository) or from the researcher(s) who produced the data, typically the designated Data Custodian (e.g., 'special access' data in the Macquarie Research Data Repository).
23. Metadata refers to documentation that is created throughout the Data Lifecycle. Metadata is essential information describing Data, providing the context for a Data Output, and making the data discoverable and reusable.
24. Primary Materials refer to Data, information, or physical materials (see Data definition) generated, created or collected by researchers in the course of research conducted during study, project, employment, or appointment with Macquarie University.  
25. Research can be defined as the creation of new knowledge and/or the use of existing knowledge in a new and creative way to generate new concepts, methodologies, inventions and understandings. This could include synthesis and analysis of previous research to the extent that it is new and creative.
26. Researcher is any person (or persons) who conducts or assists with the conduct of research under the auspices of Macquarie University - may include staff members (academic and professional), visiting students, visiting fellows, volunteers, honorary and adjunct title holders, Emerita/us Professors, occupational trainees, and any student in any course at the University who conducts or assists with the conduct of research at or on behalf of the University.
27. Research Data - see Data.
28. Research Output refers to any output that communicates, disseminates, or makes available the products of research. A Research Output may include any form (hardcopy, electronic, creative work or other) of academic or public communication of the research from any stage of the research process (e.g., a professional blog, web-based publications, books, performances, book chapters, conference papers, journal articles or Data Outputs).
29. Secondary Materials refer to any existing Data, information, or physical materials (see Data definition) created, generated, or collected for another purpose other than for the current project that is obtained from a third party or accessed through paid or publicly available publications, repositories, databases, or other available resources.
30. Sensitive or Highly Sensitive Information refers to information of a personal or sensitive nature that must be protected against unwarranted disclosure. Refer to the Research Data Sensitivity, Security and Storage Guideline for guidance in assessing the sensitivity of Data and appropriate security measures to be applied. Sensitive Information may include, but is not limited to, health-related Data; personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs; financial information; genetic Data or biometric data processed solely to identify a human being. Sensitive Information may also relate to heritage or cultural information or information that may pose a risk to the environment or animals (such as the location of endangered species). Sensitive Information must be safeguarded with appropriate Data security practices following the Research Data Sensitivity, Security and Storage Guideline. Protection of Sensitive Information may be required for legal or ethical reasons, for issues pertaining to personal privacy (refer Privacy Policy), for the protection of animals or the environment or for proprietary considerations.