Bridging the Divide: Reimagining Research Data Management in a Regulatory and Security-Driven Era

Abstract

This paper advocates a fundamental rethinking of how Higher Education (HE) researchers conduct their research - specifically their Research Data Management (RDM) practices. New regulatory requirements, research security threats, and evolving expectations of research transparency and reproducibility warrant a new and fresh approach. Drawing from practitioner insights and recent developments, it makes the case for increased collaboration with commercial RDM platforms, highlights the challenges of research data management budgeting and institutional alignment, and proposes a forward-looking model for Research Security Offices to support this transition.

Introduction

The management of research data has become a critical concern for Higher Education (HE) research institutions. The increasing complexity of research projects because of more interdisciplinary or cross-jurisdictional collaboration, coupled with stringent regulatory requirements has highlighted the limitations of traditional Research Data Management (RDM) practices.

Several government reports have pointed to the fact that research laboratories are an attractive target for cyberthreat actors (Canadian Centre for Cyber Security. 2023, 2-11). Emerging technologies and ground-breaking research are the most attractive targets (Federal Bureau of Investigation 2024). Funding organizations requirements have emphasized the need for more robust research data management plans DMPs and RDM platforms that can support data sovereignty, facilitate international collaborations, and ensure compliance with various regulations (National Science Foundation 2023) (Canadian Institutes of Health Research et al. 2022). These platforms must not only provide secure and scalable storage solutions but also integrate features that support the FAIR (Findable, Accessible, Interoperable, Reusable) and Open Science principles, thereby enhancing the overall quality and reproducibility of research.

But this is all happening in a resource-constrained environment where HE research funds are being constrained because of government budgetary cuts. A recent study conducted by the Association of Research Libraries shows that researchers spend between 6-15% of their grant funding on research data management services (Mohr et al. 2024, 4-22). So, the financial aspects of RDM cannot be overlooked and effective budgeting for data management is essential to ensure sustainability and compliance. At a minimum, institutions are encouraged to plan early for costs associated with storage, curation, repository fees, and compliance, integrating these into grant budgets to meet funder and regulatory expectations. But more importantly, these institutions must pursue greater efficiencies through the conduct of research.

Traditionally, researchers have relied on home grown or institution-provided infrastructure and tools to address their RDM needs or merely relegated these responsibilities to a member of the research team who was likely less well-equipped to address all these needs. Yet new cybersecurity and regulatory requirements have outgrown these methods and simple data storage tools (Flagg and Arnold 2021, 2–4). Many researchers store and manage their data using various commercial products and personal devices, such as Dropbox, OneDrive, or hard drives, rather than institutional systems (Ashiq et al. 2022, 649). Commercial RDM providers are coming into the market to fill that void.

However, the cultural divide between academia and commercial RDM providers presents another challenge. Higher education institutions often harbor concerns about engaging with commercial solutions, fearing issues like vendor lock-in and data ownership. But collaboration between these sectors is crucial to address shared goals in security, collaboration, and regulatory compliance.

The greatest obstacle to effectively addressing these issues is the current fragmented structure of Research Security Offices (RSOs) in HE institutions that are not equipped to handle the multifaceted challenges of today’s research environment. A reimagined RSO framework that integrates cybersecurity, data privacy, ethics, export controls, and research data integrity is proposed to support secure, ethical, and collaborative research across diverse domains.

This paper addresses these aspects of RDM and advocates for a comprehensive approach that encompasses technological, financial, cultural, and structural considerations. We propose strategic collaborations and frameworks that could provide a roadmap for institutions to enhance their RDM practices in an increasingly complex research environment.

The Case for Commercial RDM Platforms

Historically, research data management (RDM) practices evolved organically within HE institutions. They reflected the nature of the research undertaken by these institutions, the departments that undertook that research and the operational structures that were in existence in these institutions - often falling under the purview of the Vice Presidents of Research (VPRs) and institutional IT departments to provide a variety of tools and platforms to support these needs. Even worse, some researchers were left to their own devices to establish their own RDM practices using everything from institutional High-Performance Compute (HPC) resources, available institutional subscription services and technology, lab servers, or worse personal laptops and servers in their home basements.

These constructs are now being substantially impacted by external forces such as funding organizations imposing new standards for research repeatability and publication, concerns regarding IP theft and cybersecurity, and governmental regulatory requirements regarding participant data privacy. These data security, compliance, and accessibility challenges are magnified by the unique needs of different research disciplines in light of increases in cross-jurisdictional and inter-disciplinary research. 

Under-resourced institutional IT resources are slow to quickly respond to these needs. Interestingly, new commercial RDM platforms are emerging as viable solutions to address these challenges, offering robust infrastructures tailored to the complex needs of academic research, facilitating global interdisciplinary and cross jurisdictional collaboration and addressing data sovereignty concerns, compliance, cybersecurity, data privacy, and Indigenous data sovereignty requirements (Global Indigenous Data Alliance 2019).

Available Tools & Infrastructure

There are many enterprise data management platforms and services as well as cloud-based data warehousing and analytics platforms out there that are being used in support of all kinds of research. Many of these tools can be adapted to support research data management in an enterprise context but are limited to specific roles such as data storage, search, movement, or translation tasks with appropriate security and access controls. However, none delivers comprehensive support of the full RDM lifecycle - from data collection through to archiving and publication. None deliver the operational control of research projects with the appropriate interdisciplinary, cross jurisdictional, data sovereignty, security or compliance controls required of researchers today.

Specialized RDM platforms and services such as Dataverse in the US or Borealis in Canada are merely data deposit, sharing, and preservation repositories to allow for compliance with academic or funder policies at the conclusion of a research study to publish their research and assign a PID (Persistent Identifier). This often means that researchers are having to use a combination of cloud storage providers, data management planning, and analytical tools and services to support their research efforts. This complicates a research team’s collaboration efforts and adherence to a high standard of data security and integrity. And the use of cloud services complicates adherence to data sovereignty and collaboration requirements creating tremendous operational inefficiencies and additional costs. When that research involves Indigenous communities or Indigenous data the issues of Indigenous data sovereignty must also be addressed.

New commercial RDM platforms are emerging that are providing scalable solutions that can accommodate the growing complexities of today’s research requirements. These platforms were designed for and by Principal Investigators (PIs), their team members, and representatives of research legal services, librarians, and IT professionals. As a result, they support the full RDM lifecycle including data collection, global team management and collaboration with role-based access controls, agreement and participant consent forms leveraging eSignature capabilities, robust research data set management with the ability to use third-party analytical tools, audit trails and research ethics board and publication features. These types of platforms offer more complete, integrated, and secure paradigms for researchers and research-intensive institutions.

Enhanced Data Security and Compliance

Institutional Research Ethics Boards (REBs) must ensure that research conducted at their institutions complies with relevant jurisdictional regulations covering data privacy, security and other requirements such as GDPR, HIPAA, PHIPA, PIPEDA, NIST SP 800-171, GCP, and 21 CFR Part 11 depending on the nature of the research, where it’s being conducted, and how the data is collected. Commercial RDM solutions are now equipped with integrated institutional REB modules with advanced security features, including encryption, role-based access controls, and audit trails, to protect sensitive research data. These features assist researchers and their institutions in meeting compliance requirements and safeguarding against data breaches or IP theft. Indeed, the mere use of these tools substantially addresses most data security and privacy requirements.

While Principal Investigators (PIs) will always retain responsibility for the establishment of proper research protocols and methodologies (e.g., participant management including screening, consent, etc.), these platforms address a substantial subset of requirements.

Streamlined Collaboration and Data Sharing

Facilitating collaboration is one of the most challenging aspects of interdisciplinary and cross jurisdictional research. New commercial RDM platforms often include tools that enable seamless data sharing and collaborative workflows, both within and between institutions. These capabilities must include role-based access controls, audit trails, and recycle bin features that allow the PI to restore data that may have been inadvertently deleted by another team member. These capabilities alone deliver significant operational efficiencies which result in an acceleration of innovation by allowing researchers to focus on breakthroughs and not administrative bureaucracy. New RDM paradigms should alleviate research teams from dedicating graduate student time to addressing these shortcomings of the research environment.

Integration with Institutional Systems

New RDM platforms must leverage open-source tools to easily integrate with existing institutional systems, such as authentication services, grant management or contract management tools, and library services. The ability to integrate would ensure a cohesive research infrastructure, reducing redundancies, improving workflow efficiencies and cycle times for REB approvals and time to publication.

Addressing Misconceptions and Building Trust

Despite the advantages, HE institutions and researchers remain hesitant to adopt commercial RDM solutions due to concerns about vendor lock-in and data sovereignty. However, commercial providers now offer flexible contracts and data portability options, addressing these concerns and building trust with academic partners. There are many other ways for institutions to begin to collaborate with emerging commercial RDM solution providers and explore some of the benefits of healthy collaboration. These can be in the form of proof-of-concept demonstrations, small-scale trials or pilots, limited integration, researcher-led usability studies and focus groups or joint grant funding proposal pursuits.

Budgeting Realities and Missed Opportunities

Research Data Management (RDM) is often underfunded, under-resourced, and treated as an institutional support function rather than as critical infrastructure. However, the growing costs of non-compliance, data loss, security breaches, and duplication of research are proving that the old paradigm is no longer sustainable. In 2023, 954 breaches were reported in U.S. educational institutions—the most in nearly two decades—up sharply from 139 in 2022 and 783 in 2021, impacting roughly 4.3 million records. Colleges and universities represented 60% of breaches, and 83% of exposed records came from post-secondary institutions (Viano 2024). A recent study funded by the US National Science Foundation and conducted by the Association of Research Libraries shows that researchers spend between 6-15% of their grant funding on research data management services (Mohr et al. 2024, 4-22).

The Cost of Inaction Going Forward

Failure or hesitation to properly invest in RDM can lead to tangible consequences. Institutions risk failing audits, losing research funding, and undermining the integrity of their scholarly outputs. Without reliable RDM infrastructure, researchers may store sensitive data on personal laptops or insecure lab computers, overlook compliance obligations, or duplicate efforts due to inaccessible data, a scenario that’s both expensive and reputationally damaging for researchers and their institutions (Deloitte 2024).

Moreover, inadequate RDM practices increase the likelihood of violating national and international data protection regulations such as PIPEDA, HIPAA, or GDPR. These violations can result in significant fines, reputational damage, and disruptions to international research collaborations such as those available through Horizon Europe.

RDM as Core Infrastructure

To address these risks, institutions must treat RDM as essential research infrastructure, akin to labs, networks, and research computing. This requires coordinated budgeting across the research office, library, IT, and security units, and an acknowledgment that RDM investments are cost avoidant in nature i.e., they prevent higher costs later.

Strategically, budgeting for RDM should start at the grant application stage. Many funding agencies already require a data management plan (DMP), and some allow for RDM costs to be built into budgets (Wellcome Trust 2017) (National Institutes of Health n.d.) (National Science Foundation n.d.). However, there is still a widespread lack of literacy around what constitutes legitimate RDM expenses and how to articulate their value. PIs are not equipped or supported to quantify these costs. Their institutions must provide adequate support through the grant submission process to adequately account for RDM costs for the full lifecycle of the research effort. 

Cost-Sharing and Platform Models

One promising approach involves cost-sharing models, such as:

• Institution-wide subscriptions to commercial RDM platforms that support compliance, collaboration, and data deposit in trusted repositories.

• Consortia approaches, where several institutions jointly procure or develop infrastructure.

• Tiered service offerings, where the institution supports a baseline RDM service, with additional services recoverable through internal grants or project-specific fees.

All these models require RDM advocates to educate leadership on the tangible and intangible benefits of investment: risk mitigation, increased research impact, and institutional competitiveness.

Librarians and RDM Professionals as Budget Advocates

Research libraries and RDM professionals must be empowered to advocate for the value of RDM services in budgetary discussions. They can make a compelling case by tracking service usage, connecting RDM activities to grant success rates, and demonstrating how good data stewardship enhances institutional prestige and compliance readiness.

Bridging Cultural Barriers Between Academia and Industry

Despite clear benefits, collaboration between academic institutions and commercial Research Data Management (RDM) providers is often hampered by cultural and historical divides. These gaps manifest as skepticism, misaligned incentives, and a persistent sense that external platforms threaten institutional autonomy. Overcoming these barriers is critical to achieving the kind of scalable, secure, and compliant RDM ecosystem demanded by today’s research environment. A few good examples of this include Drexel University Libraries’ partnership with industry (Ex Libris) to co-develop the Esploro research information management system. This initiative integrates FAIR data principles into researchers' workflows, reducing manual overhead while scaling institutional support (Drexel University Libraries with Ex Libris n.d).

Mistrust of Commercial Solutions

Many academic stakeholders remain wary of partnering with commercial RDM vendors. Concerns include:

• Vendor lock-in, where institutions fear losing control over their data or being unable to migrate to alternative systems.

• Data sovereignty, especially in contexts where research involves Indigenous data, sensitive health data, or international collaborations subject to export controls.

• Perceived misalignment between academic values and commercial motives, with worries that vendors prioritize profit over openness or community governance.

While these concerns are valid, they can often be addressed through thoughtful contract design, open standards, and co-development models. Moreover, many commercial platforms now prioritize transparency, interoperability, and ethical data stewardship as part of their core offerings.

The Limits of “Build It Ourselves” Thinking

Academic institutions have a long-standing preference for building or customizing their own RDM tools (Jones 2013) (Wilson et al. n.d.). While this can foster innovation, it often leads to fragmented solutions, limited scalability, and challenges in maintaining security and compliance across systems.

In contrast, commercial platforms bring production-grade security, 24/7 support, and compliance frameworks that would be cost-prohibitive for most institutions to build and maintain internally in any kind of timely manner. By leveraging these capabilities, institutions can focus their internal expertise on stewardship, training, and data curation rather than infrastructure management.

Toward a Partnership Model

The relationship between academia and commercial providers should shift from transactional to collaborative:

• Co-design initiatives, where institutions and vendors shape platform features based on actual research workflows and compliance needs.

• Joint pilots or sandboxes, allowing stakeholders to test integrations, assess governance models, and surface discipline-specific requirements.

• Embedded liaison roles, where vendor teams work closely with institutional libraries, IT, and research offices to support adoption and evolution of services.

These partnership models foster mutual understanding, build trust, and result in more robust and context-aware RDM solutions.

Elevating the Role of Librarians and RDM Specialists

Librarians and RDM professionals are ideally positioned to mediate this partnership. They understand both institutional priorities and the technical requirements of compliant data stewardship. By serving as bridges between research teams, administrative leadership, and vendors, they can facilitate smoother integration, appropriate contracts, and effective service design and support paradigms.

The Research Security Office of the Future

As research becomes increasingly international, interdisciplinary, and digital, traditional Research Security Offices (RSOs) must evolve. Originally focused on export control and access to physical infrastructure, RSOs are now being called upon to manage a broader range of data-related threats, from cyber intrusions and insider risks to ethical breaches in data sharing and compliance failures with global privacy laws.

Expanding the Mandate

The contemporary research threat landscape is shaped by:

• Nation-state espionage, particularly targeting sensitive health, defense, and AI-related research (Office of the Director of National Intelligence 2025) (Canadian Security Intelligence Service 2025, 34-42, 54-57) (Foreign Malign Influence Center. n.d.);

• Insider risks, often stemming from a lack of awareness or training around data governance;

• Compliance complexity, with regulations such as GDPR, HIPAA, NIST 800-171, and PIPEDA impose overlapping obligations on data handling, storage, and access;

• Ethical and sovereignty concerns, especially when research involves Indigenous communities or marginalized populations.

An effective RSO must broaden its scope beyond traditional compliance to address these multidimensional risks through policy, infrastructure, training, and continuous monitoring.

A New Institutional Structure Is Required

Modern RSOs should be restructured to include cross-functional expertise in:

• Cybersecurity and IT governance

• Legal and regulatory affairs

• Research ethics and integrity

• Librarianship and data curation

• Privacy and data protection

Such a team can ensure that risk assessments, access controls, data classification, and retention policies are tailored to the diverse data assets and research contexts an institution manages.

This integrated RSO must be empowered to shape institutional strategy, advise on vendor procurement, and participate in infrastructure decisions, particularly those involving third-party RDM platforms. The structured approach that Monash University undertook back in 2012 to establish a full lifecycle RDM capability is instructive in this regard. (Jones 2013).

Librarians as Security Stewards

Academic librarians and RDM professionals have long operated at the intersection of access and stewardship. Their roles are uniquely aligned with the future of research security, where data discoverability, reproducibility, and compliance must be balanced with privacy and protection.

Rather than seeing security as an IT-only domain, institutions should recognize that library professionals are already deeply engaged in many policy and practice decisions that underpin secure and ethical research.

From Policing to Partnership

Lastly, the modern RSO must embrace a culture of collaboration over compliance policing. By working proactively with researchers, IT teams, librarians, and external vendors, RSOs can foster a security culture grounded in shared accountability, research integrity, and operational resilience.

Navigating a Maze of Regulatory Requirements

Research institutions today must navigate an increasingly dense web of national and international regulations governing the management, sharing, and protection of research data. From privacy frameworks like GDPR and PIPEDA, to cybersecurity controls like NIST 800-171, to sector-specific mandates such as HIPAA, compliance is no longer optional, it is essential to research continuity, funding eligibility, and institutional reputation.

Understanding the Regulatory Landscape

Each regulatory framework brings its own scope and complexity:

• GDPR (European Union 2016, 32-65). (General Data Protection Regulation): Mandates lawful, transparent processing of personal data for EU residents, with strict data minimization and consent requirements, even for non-EU institutions if they handle data originating from the EU.

• PIPEDA (Government of Canada 2000). (Personal Information Protection and Electronic Documents Act): Canada’s federal privacy law requires organizations to obtain meaningful consent, protect personal data, and report breaches. New updates via Bill C-27 may increase enforcement powers and introduce algorithmic transparency rules (Government of Canada 2022).

• HIPAA (HHS 1996). (Health Insurance Portability and Accountability Act): Applies to any institution handling protected health information (PHI) in the U.S., including international collaborators. It mandates access controls, audit trails, and breach notification protocols.

• NIST SP 800-171 (National Institute of Standards and Technology 2021). U.S. government contractors, including academic researchers receiving DoD funds, must protect Controlled Unclassified Information (CUI) with specific technical and procedural safeguards.

These frameworks are not only geographically overlapping but also philosophically distinct, forcing institutions to rethink how policies, systems, and services are aligned across compliance regimes.

Compliance-by-Design in RDM Platforms

Modern RDM platforms must adopt a “compliance-by-design” approach, integrating privacy, access control, auditability, and data retention policies into their core architecture (Cavoukian 2009). Institutions cannot rely on add-on modules or after-the-fact governance; compliance needs to be baked into workflows from data collection to archiving.

This includes features such as:

• Role-based access control (RBAC)

• Encryption at rest and in transit

• Data residency options to meet sovereignty requirements

• Consent management and anonymization tools

• Metadata tracking for data lineage and sharing logs

• PID integration (ORCID, DOI, RaID, RoR) (Research Organization Registry n.d.) (Australian Research Data Commons 2025.) (International DOI Foundation n.d.) (ORCID. n.d. “ORCID: Connecting Research and Researchers.)

By choosing or building RDM platforms with compliance features at the forefront, institutions reduce operational risk and improve their ability to collaborate internationally.

Librarians and RDM Staff as Compliance Allies

While legal and IT departments often lead regulatory interpretation, librarians and RDM staff are essential partners in operationalizing compliance. They are often the ones creating workflows, advising on data collection and deposit, and working with researchers on DMPs (Data Management Plans).

Empowering them with up-to-date regulatory training and giving them a seat at institutional governance tables ensures that compliance is not just reactive but proactively supported throughout the research lifecycle.

Harmonizing Compliance and Open Science

Perhaps the greatest challenge is harmonizing compliance obligations with the values of open science. Researchers are encouraged to share data widely but they must also protect privacy, IP, and national interests.

This balancing act demands infrastructure and policy that supports both openness and safeguards. Librarians, again, are key navigators of this dual mandate: promoting discoverability while managing risk.

A New Institutional RDM Ecosystem is Required

Despite billions being spent on research funding, many inefficiencies in how research data is handled exist. Despite decades of investment in infrastructure and policy, Research Data Management (RDM) has not been able to keep pace with the needs of today’s research teams. There are initiatives in every major research ecosystem (U.S., Canada, EU) such as EDUCAUSE, EOSC, FORCE11 and many others struggling to address the fragmentation of standards, the lack of integrated toolsets, and the complete disconnection from the research ‘workflow’ (Directorate-General for Research and Innovation 2019, 4-12) (Druskat et al. 2023) (EDUCAUSE 2025). And yet, the core issues repeat - this is a systemic failure.

A Focus on the Research Team Experience is Required

The missing piece of the puzzle is the research team experience. We need platforms and tools that are focused on the day-to-day reality of PIs and their teams. We need to have a multi-disciplinary and cross-jurisdiction lens, facilitate global collaboration, regulatory compliance, variability in data types, collection protocols, data sovereignty and cybersecurity.

The Repository Illusion

And while we must acknowledge the strong efforts of institutional repositories and other GREI repositories, we must understand that these are merely islands of excellence and not systemic solutions. Repository-focused thinking doesn't solve upstream problems such as data collection, collaboration, protocol diversity, etc. Repositories are necessary but not sufficient.

Traditional Approaches Will Continue to Fall Short

HE institutions will continue to fall short due to their inherent structural inertia - governance by consensus, long decision-making processes, and limited incentives for operational innovation with limited spending on enabling technologies.

Emerging RDM Providers Will Usher in the Change

But change will come. It will come from emerging RDM technology companies. They will bring the technical acumen to solve interoperability and integration problems as well as the agility to move fast and adapt to researcher needs. They will bring a deep understanding of cybersecurity, access control, and compliance needs. Those that are built with researchers, not just for administrators, will ultimately thrive.

New RDM Rules Will Apply

New platforms will be aligned to some self-evident truths including:

• Researcher-first design.

• Standards-aware, not standards-bound.

• Built-in security and regulatory compliance.

• API-first and integration-ready.

• Support for research collaboration, not just preservation.

Conclusion

We need a new RDM paradigm for the next century and to do so, we must shift the focus from institutional preservation to a more holistic support for the entire RDM lifecycle and all stakeholders involved in that undertaking. Research can’t afford to wait for institutional consensus—commercial RDM technology vendors are leading, and research will benefit.

Acknowledgements

The author acknowledges the contributions of many Higher Education researchers, and administration staff at Queen’s University at Kingston who contributed to the shaping of the points of view shared in this article through years of collaboration to deliver a robust generalist RDM platform for researchers that enables them to collaborate with colleagues globally, and conduct their research in a secure and regulatory-compliant manner.

__________________________________

Ash Bassili (article author) is the CEO of myLaminin, a compliance-first Research Data Management platform for regulated cross-institution research. He holds a BSc Hons Life Sciences from Queen’s University, a MSc in Information Technology from Johns Hopkins University, and a Certificate in Blockchain Technologies from MIT Sloan School of Management.

https://doi.org/10.5281/zenodo.19439811

References

Ashiq, Muhammad, Mohammed H. Usmani, and Muhammad Naeem. 2022. “A Systematic Literature Review on Research Data Management Practices and Services.” Global Knowledge, Memory and Communication 71 (nos. 8–9): 649–671. https://doi.org/10.1108/GKMC-07-2020-0103.

Australian Research Data Commons. 2025. “How an Australian Idea Is Shining New Light on Research Projects Through Global Collaborations.” 2025. https://ardc.edu.au/article/how-an-australian-idea-is-shining-new-light-on-research-projects-through-global-collaborations.

Canadian Centre for Cyber Security. 2023. The Cyber Threat to Research Laboratories. Ottawa: Government of Canada: 1-11. https://www.cyber.gc.ca/sites/default/files/cyber-threat-research-laboratories-e.pdf.

Canadian Institutes of Health Research, Natural Sciences and Engineering Research Council of Canada, and Social Sciences and Humanities Research Council of Canada. 2022. Tri-Agency Research Data Management Policy (Policy Requiring DMPs for Certain Funding Competitions). Ottawa: Government of Canada. https://science.gc.ca/site/science/en/interagency-research-funding/policies-and-guidelines/research-data-management/funding-opportunities-requiring-data-management-plans.

Canadian Security Intelligence Service. 2025. CSIS Public Report 2024 (Catalogue No. PS71E PDF) [Public report]. Ottawa: Government of Canada. https://www.canada.ca/en/security-intelligence-service/corporate/publications/csis-public-report-2024.html.

Cavoukian, Ann. 2009. Privacy by Design: The Seven Foundational Principles. Toronto: Office of the Information and Privacy Commissioner of Ontario. https://www.ipc.on.ca/en/media/1826/download?attachment.

Deloitte. 2024. “Risk Management in Higher Ed: Back to the Drawing Board?” Deloitte Insights. https://action.deloitte.com/insight/3350/risk-management-in-higher-ed-back-to-the-drawing-board.

Directorate-General for Research and Innovation. 2019. European Open Science Cloud (EOSC): Strategic Implementation Plan. Luxembourg: Publications Office of the European Union https://doi.org/10.2777/202370.

Drexel University Libraries (with Ex Libris). n.d. “How University–Industry Collaboration Supports FAIR Research Data Principles.” Ex Libris Group Blog. Accessed July 2025. https://exlibrisgroup.com/blog/how-university-industry-collaboration-supports-fair-research-data-principles.

Druskat, Simon, et al. 2023. Interoperable Infrastructure for Software and Data Publishing. Washington, DC: FORCE11. https://doi.org/10.54900/e21jg-1b369.

EDUCAUSE. 2025. “EDUCAUSE QuickPoll Results: Data Modernization and Management.” EDUCAUSE Review, June 2025. https://er.educause.edu/articles/2025/6/educause-quickpoll-results-data-modernization-and-management.

European Union. 2016. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data (General Data Protection Regulation). Official Journal of the European Union L 119: 1–88. https://eur-lex.europa.eu/eli/reg/2016/679/oj/eng.

Federal Bureau of Investigation. 2024. Protecting Quantum Science and Technology: Foreign Adversaries Are Increasingly Targeting a Wide Range of U.S. Quantum Companies, Universities, and Government Labs. Washington, DC: U.S. Department of Justice, Federal Bureau of Investigation. https://www.fbi.gov/news/stories/protecting-quantum-science-and-technology.

Flagg, Mary, and Zachary Arnold. 2021. A New Institutional Approach to Research Security in the United States. Washington, DC: Center for Security and Emerging Technology, Georgetown University. https://doi.org/10.51593/20200051.

Foreign Malign Influence Center. n.d. “Foreign Malign Influence Center.” Office of the Director of National Intelligence. Accessed July 2025. https://www.dni.gov/index.php/who-we-are

Global Indigenous Data Alliance. 2019. CARE Principles for Indigenous Data Governance. Washington, DC: Global Indigenous Data Alliance. https://www.gida-global.org/care.

Government of Canada. 2000. Personal Information Protection and Electronic Documents Act, S.C. 2000, c. 5. Ottawa: Government of Canada. https://laws-lois.justice.gc.ca/eng/acts/p-8.6/.

Government of Canada. 2022. Digital Charter Implementation Act, Bill C-27, 44th Parliament, 1st Session (2022–2025): An Act to Enact the Consumer Privacy Protection Act, the Personal Information and Data Protection Tribunal Act and the Artificial Intelligence and Data Act. Ottawa: Government of Canada. https://www.parl.ca/legisinfo/en/bill/44-1/c-27.

International DOI Foundation. n.d. “The DOI® System.” International DOI Foundation. Accessed July 2025. https://www.doi.org.

Jones, Sarah. 2013. Bringing it all together: a case study on the improvement of research data management at Monash University. DCC RDM Services case studies. Edinburgh: Digital Curation Centre. https://doi.org/10.5281/zenodo.17359225.

Mohr, Alicia H., Jake Carlson, Lizhao Ge, Joel Herndon, Wendy Kozlowski, Jennifer Moore, Jonathan Petters, Shawna Taylor, and Cynthia Hudson Vitale. 2024. Making Research Data Publicly Accessible: Estimates of Institutional & Researcher Expenses. Washington, DC: Association of Research Libraries: 1-29. https://doi.org/10.29242/report.radsexpense2024.

National Institute of Standards and Technology. 2021. Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations (NIST Special Publication 800-171 Rev. 2). Washington, DC: U.S. Department of Commerce. https://doi.org/10.6028/NIST.SP.800-171r2.

National Institutes of Health. n.d. “Budgeting for Data Management and Sharing: NIH Data Management and Sharing Policy Guidance.” NIH Data Management and Sharing Policy Guidance. Accessed July 2025. https://grants.nih.gov/policy-and-compliance/policy-topics/sharing-policies.

National Science Foundation. n.d. “Preparing Your Data Management and Sharing Plan: Data Management and Sharing (DMS) Plan Guidance.” National Science Foundation. Accessed July 2025. https://www.nsf.gov/funding/data-management-plan.

National Science Foundation. 2023. Preparing Your Data Management and Sharing Plan. Alexandria, VA: National Science Foundation. https://www.nsf.gov/funding/data-management-plan.

Office of the Director of National Intelligence. 2025. 2025 Annual Threat Assessment of the U.S. Intelligence Community [Unclassified report]. Washington, DC: Office of the Director of National Intelligence. https://www.odni.gov/files/ODNI/documents/assessments/ATA-2025-Unclassified-Report.pdf.

ORCID. n.d. “ORCID: Connecting Research and Researchers.” ORCID. Accessed July 2025. https://orcid.org.

Research Organization Registry (ROR). n.d. “The Research Organization Registry.” Research Organization Registry. Accessed July 2025. https://ror.org.

U.S. Department of Health and Human Services (HHS). 1996. Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law 104–191. https://www.hhs.gov/hipaa/index.html.

Viano, Adrianna. 2024. “Cyberattacks on Higher Ed Rose Dramatically Last Year, Report Shows.” EdTech Magazine: Higher Education, March 15. https://edtechmagazine.com/higher/article/2024/03/cyberattacks-higher-ed-rose-dramatically-last-year-report-shows.

Wellcome Trust. 2017. Policy on Data Management and Sharing. London: Wellcome Trust. Accessed July 2025. https://wellcome.org/research-funding/guidance/policies-grant-conditions/data-software-materials-management-and-sharing-policy.

Wilson, Julia A. J., Melissa A. Fraser, Luisa Martinez Uribe, Peter Jeffreys, Melanie Patrick, Asif Akram, and Tynan Mansoori. n.d. “Developing Infrastructure for Research Data Management at the University of Oxford.” Ariadne. Accessed July 2025. https://www.ariadne.ac.uk/issue/65/wilson-et-al.