Research Data Management

In March 2021, the Tri-Agencies (the Canadian Institutes of Health Research (CIHR), the Natural Sciences and Engineering Research Council of Canada (NSERC), and the Social Sciences and Humanities Research Council of Canada (SSHRC) released the Tri-Agency Research Data Management (RDM) Policy. The policy requires that each postsecondary institution and research hospital eligible to administer Tri-Agency funds, creates an institutional research data management strategy and notify the agencies once completed. It further requires that the strategy is made publicly available on the institutions website with contact information to which inquiries about the strategy can be directed.

Note: please see PDF document below for references

Trillium Health Partners Research Management Strategy (PDF, 427kb)

Research Ethics Board

Institutional Supports

The agencies plan to implement the policy incrementally as outlined below:

  • Data management plans (DMP): By Spring 2022, the agencies will identify an initial set of funding opportunities that will be subject to the data management plan requirement.
  • Institutional strategies: By March 1, 2023, institutions subject to this requirement must post their RDM strategies and notify the agencies when they have done so.
  • Data deposit: After reviewing the institutional RDM strategies, and in line with the readiness of the Canadian research community, the agencies will phase in the deposit requirement.

In response to this requirement Trillium Health Partners (THP)’s RDM strategy describes how the institution does and will provide its researchers with an environment that enables and supports RDM. Further, THP’s Institutional RDM Strategy outlines:

  1. The importance of research data and data management.
  2. How to establish and implement data management practices that are aligned with THP policies & procedures, guidance documents and Tri-Agency policies and requirements which includes the following:
  3. How to properly manage data in accordance with the principles outlined in the Tri-Agency Statement of Principles on Digital Data Management, including the development of data management plans.
  4. Best practices that need to be considered when developing data management plans.
  5. Directions on secure methods for accessing, storing and retaining research data.
  6. Steps to ensure that all research that involves indigenous people or communities is developed and conducted in a way that supports Indigenous data sovereignty and in alignment with community-driven principles (such as CARE and OCAP principles).
  7. Steps to guide the collection, management, analysis, and use of race-based data from Black communities in ways that advance health equity through use of the “Engagement, Governance, Access and Protection (EGAP) Framework” (EGAP – a data governance framework for health data collected from Black communities in Ontario).
  8. Timeline for reviews and revisions of strategy.

Research Data Management Principles

The Tri-Agencies released the Tri-Agency Statement of Principles on Digital Data Management in order to support research data management in Canada. “The objective of this statement of principles is to promote excellence in digital data management practices and data stewardship in agency-funded research. It complements and builds upon existing agency policies, and serves as a guide to assist researchers, research communities and research institutions in adhering to the agencies’ current and future research data management requirements (December 21, 2016)”. The Tri-Agency Research Data Management Policy can be accessed here: Tri-Agency Statement of Principles on Digital Data Management (

THP is in agreement with the Tri-Agencies that research data should be guided by the FAIR (Findable, Accessible, Interoperable, and Reusable) principles for research data management and stewardship and will work with our research community to ensure that research conducted within and/or under the auspices of THP is in alignment with these principles. THP is in the development phases of implementing a system that will support the FAIR principles for research data management and stewardship.

As an associate affiliate academic member hospital of the Toronto Academic Health Sciences Network (TAHSN), which includes the University of Toronto and its full and associate affiliated academic hospitals, the THP Institutional RDM Strategy aligns with the RDM principles established and shared by TAHSN (“TAHSN RDM Principles”). The values reflected in the TAHSN RDM Principles guide institutional strategic directions and form the foundation for responsible research data practices.

The TAHSN RDM Principles include:

  • Promote Research Integrity and Excellence
  • Recognize the Value of Data
  • Encourage the Implementation of Data Management Plans
  • Facilitate Long-Term Access Through Data Deposit
  • Reflect Institutional Practices and Standards
  • Honour Indigenous Community-Driven Principles
  • Foster a Culture of Inclusive Representation and Public Trust
  • Observe Jurisdiction and Legalities
  • Strengthen Partnership and Collaboration
  • Mitigate Risk Related to Confidential Data
  • Safeguard Sensitive Data
  • Integrate Excellence in all Disciplinary Approaches
  • Connect through Communication and Engagement Opportunities
  • Provide Infrastructure that Supports Diverse and Complex Programs of Research
  • Ensure Support Services are Available
  • Commit to Advocacy and Support for Researchers’ Needs

View more details pertaining to the TAHSN RDM Principles

THP’s research and innovation activities are stewarded through its Institute for Better Health (IBH); a research and innovation institute that is embedded and aligned with the strategic goals of THP, the community and our healthcare system. As THP’s research and innovation engine, IBH is a core enabler of THP‘s mission of shaping a healthier tomorrow through the application of scientific expertise, innovative thinking and partnerships. Therefore, THP is committed to providing our research community with the support needed to ensure proper data management and stewardship procedures are in use and research is conducted with integrity to produce the highest quality of research. The THP RDM strategy is our commitment to support our research community by ensuring that our policies, procedures and guidance documents are established using best practices for data management and stewardship, and supporting excellence in research.

What is Research Data?

Research data is defined by the Tri-agencies as “data that are used as primary sources to support technical or scientific enquiry, research, scholarship, or creative practice, and that are used as evidence in the research process and/or are commonly accepted in the research community as necessary to validate research findings and results. Research data may be experimental data, observational data, operational data, third party data, public sector data, monitoring data, processed data, or repurposed data. What is considered relevant research data is often highly contextual, and determining what counts as such should be guided by disciplinary norms” .

What is a Data Management Plan?

A Data Management Plan (DMP) is a formal document that details the strategies and tools you will implement to effectively manage your data during the active phase of your research, and the mechanisms you will use for preserving and appropriately sharing your data at the end of the project. A DMP is a “living” document that can be modified throughout a project to reflect any changes that have occurred.

RDM Guidance document and templates:

What is Research Data Management?

The processes applied throughout the lifecycle of a research project to guide the collection, documentation, storage, sharing, and preservation of research data, and allows researchers to find and access data.

What is Research Data Stewardship?

The responsibility for and practices used to fairly, equitably and appropriately enable research data ownership, sharing, use and retention throughout the lifecycle of a research project, and following the completion of a research project. Research data stewardship is an accountability assumed for the well-being of the organization and the communities it serves in its service to and support of those for whom the data pertains.

The Research Data Lifecycle

Research Data Lifecycle

The research data lifecycle describes the steps that need to be considered throughout the lifecycle of a project for successful research data management.

These include:

  • Planning data collection and data management
  • Generating data through experiments, measurements, interviews, observations, simulations, etc.
  • Processing the acquired data and transferring the data into a suitable form for later evaluation
  • Analysis of the processed data to generate the actual research results
  • Archiving of selected data for long-term preservation
  • Publication of the processed research data in a suitable form
  • Ensuring reusability of the research data through appropriate licensing

FID move Research Data Lifecycle:

Why Is Research Data Management Important?

For the value of data to be fully realized, specific treatment of data is needed both throughout the course of research and beyond. Researchers are encouraged to consider the benefits of creating a DMP to conceptualize and implement systems for organizing and documenting datasets and to align with security best practices. An example of RDM best practice is ensuring supporting datasets are prepared, deposited, and retained in an appropriate repository at the conclusion of a project. Researchers should consider the value of making datasets available for reuse, enabling the recognition of contributors responsible for the data production, and facilitating the further reach and impact of the research investment. Well-managed data that are made available to others allow studies to be replicated and results validated. This supports research findings and can open new channels for discovery, contributing to global understanding, knowledge building, and innovation. This should be balanced with the agreed upon uses of data while respecting data ownership and expectations of partners and their communities.


THP’s RDM strategy was developed to support those who conduct or support research occurring within and/or under the auspices of THP.

Oversight and Review

At THP the RDM Working Group has been responsible for overseeing the implementation of the RDM strategy. The strategy will be reviewed and updated annually and move to a 3-year review cycle once all activities to inform the strategy are fully developed.   Oversight of the RDM strategy will occur through an RDM Committee that will consist of members from the following areas:

  • Privacy and Information Security
  • Library & Knowledge Services
  • The Research Ethics Board
  • IBH Operations
  • Data, Insights & Advanced Analytics
  • Science Portfolio
  • Research Finance

The IBH Senior Leadership Committee will be responsible for reviewing and providing final approval of the RDM strategy, including revisions to the RDM strategy.

How to Properly Manage Data

Researchers are responsible for adopting RDM practices. This includes ensuring the safe handling, secure storage, and appropriate security controls and restrictions around access to information. Research data also needs to be managed in ways that adhere to all legal and ethical requirements and fulfill any sponsor obligations or research partner and/or community expectations.

It is recognized that what constitutes research data will differ by project and that different kinds of data or research methodologies will require distinct practices to make the data most useful. Data management decisions will also be impacted by the characteristics of the individual datasets. Likewise, disciplinary standards and practices may influence the management of data, including approaches to workflows, required documentation, metadata selection, and repository selection for data deposit and sharing. Research involving confidential or sensitive data will need to adhere to legal and ethical frameworks to ensure information is protected and to reduce risk of harm. Researchers working with marginalized communities should follow community-developed principles and engage with members to design research approaches. When working with Indigenous peoples or communities, this involves recognizing the right to Indigenous data sovereignty and the authority and authenticity of Indigenous epistemological approaches to knowledge (Indigenous ways of knowing). When working with Black communities, and engaged in research that seeks to collect race-based data involving Black communities, this involves: (1) recognizing the importance of honoring Black communities right to govern data collection, management, analysis and use as a key part of self-determination; and (2) the importance of Black communities identifying ways to protect and manage the way their data is shared or linked to other systems.

Expectations for Research Data Management Practices

Researchers should treat data with rigour, operate within institutional frameworks in an effective manner and abide by all ethical and legal requirements, sponsor obligations, and partner and community expectations. Research data should also be managed in ways that align with disciplinary best practices and community-driven principles. When using third-party data, researchers must ensure that they abide by licenses and terms of use.

Researchers must ensure security requirements and guidelines are implemented and follow the institutional Data Classification levels and associated actions under the Information Security Standard. The appropriate selection and use of infrastructure should align with best practices and project needs. First, consider the use of approved and vetted resources. If considering the use of other resources, ensure compliance with relevant policies, procedures, and security guidelines. Data should be managed in ways that protect against data corruption and employ appropriate protections to safeguard against economic and geopolitical risks, misuse and the theft of intellectual property.

Researchers should be aware of the supports available through central and divisional services. Researchers should leverage opportunities to increase the understanding of RDM and utilize resources that aid in the implementation of responsible data management practices. Communication channels should also be used to stay abreast of developments, supports, and opportunities for feedback and engagement. All researchers, research team members, and students should be encouraged to build capacity and skills in data management activities and practices, and RDM concepts should be integrated into training and teaching when possible.

Research Data Management Supports

At THP, the Research Data Management Committee and Library Services are available to support our researchers in managing research data, by providing them with the resources and training required for creating an effective data management plan. It is an expectation that all research is done in accordance with the applicable regulations, guidelines and THP policies and procedures.

Supports available in developing a Research Data Management plan that meets the Tri-agency funding requirements:

  • THP Library & Knowledge Services has developed in-person and virtual supports for researchers around training and consultation for RDM, DMP and Data Curation.
  • The THP Library support staff have received training through UTL (University of Toronto Libraries) on how to provide guidance for researchers around the following and will continue to attend any new sessions as they become available to stay current around these areas:
    • Research Data management,
    • Creating a Research Data management plan and,
    • Data deposit
    • Citing data
  • As part of the communication and support services, THP Library & Knowledge Services has developed an online resource guide for immediate staff access to review available tools and supports. The following resources are currently available through the following link:
  • Data Deposit
    • CIHR-funded researchers: Since January 1, 2008, recipients of CIHR funding have had to comply with the limited data deposit requirements included in the Tri-Agency Open Access Policy on Publications. This policy requires that CIHR-funded researchers continue to comply with these requirements, which are specific to bioinformatics, atomic, and molecular coordinate data. The objective of this policy is to improve access to the results of Agency-funded research, and to increase the dissemination and exchange of research results. All researchers, regardless of funding support, are encouraged to adhere to this policy.[1]
    • THP will establish a central data repository for data associated with Tri-Agency funded research studies. In the current state, THP maintains a central listing of the location of all Tri-Agency funded research data and has ensured it is accessible and protected within THP’s Information Security infrastructure (where appropriate).
  • Data Depository training
    • THP will provide institutional specific training on how to manage data appropriately at THP once approved sources and approaches for data storage have been establish.

The following resources are currently available for research data deposits:

  • U of T Dataverse in Borealis
    • U of T Dataverse is the University of Toronto’s institutional data repository in Borealis. It is a free, secure space where U of T researchers can deposit and share their research data. The repository accepts research data from any research discipline that was conducted at or under the auspices of the University of Toronto.
    • The University of Toronto Dataverse is a research data repository for UofT faculty, students, and staff.
    • Researchers can choose to make content available publicly, to specific individuals, or to restrict access.
    • At this time, U of T Dataverse is not an appropriate repository for sensitive or confidential data. Currently, all files must be anonymized or de-identified before being deposited.
  • Home | FRDR-DFDR – Any researcher affiliated with a Canadian institution can deposit data into The Federated Research Data Repository (FRDR)
    • FRDR is a bilingual publishing platform for sharing and preserving Canadian research data. It is a curated, general-purpose repository, custom built for large datasets.
  • THP’s IBH will work with Information Security and Privacy to develop a data deposit.* For research projects occurring under the auspices of THP that include data repositories, IBH will seek review from both Privacy and Information Security prior to THP Research Ethics Board review.

Institutional Policies and Procedures that Guide RDM at THP

THP’s policies and procedures are currently only available to THP staff through Paradigm 3 — Search. THP policies and procedures are adequate in covering the requirements for managing data and meeting the TCPS2, Tri-Agency Framework: Responsible Conduct of Research (2021) and Personal Health Information and Protection Act 2004 (PHIPA) requirements. To ensure compliance with THP’s mandates all research conducted within and/or under the auspices of THP must comply with the following institutional policies and procedures:

  • Privacy – POL INT
    • Safeguards – Individuals must safeguard information that is entrusted to them and not misuse or wrongfully disclose it. THP has a legal obligation to ensure reasonable safeguards are in place to protect Personal Health Information (PHI). THP assures this through effective administrative, physical and technical safeguards to protect information from theft, loss, unauthorized access, use or disclosure, copying, modification or disposal.
    • This policy covers:
      • The conditions and restrictions that THP imposes before permitting the collection, use or disclosure of PHI or personal information by a researcher.
      • Secondary use of PHI or personal information under the custody and control of THP.
      • Requirements research involves multiple institutions and research activity across provincial, territorial or national borders where differing privacy laws and policies may apply to the collection, use and disclosure of PHI or personal information.
      • Privacy and confidentiality around research involving the use of software applications, including mobile applications on smartphones, tablets or wearable technology.
      • Using electronic data capture systems for research.
      • Cloud data storage and/or other technologies which will store or transfer PHI or personal information, or information which could reasonably become PHI or personal information through the re-identification of previously anonymized or de-identified data.
      • Data linkage.
      • Consent requirements for research involving the collection, use, disclosure or retention of PHI or personal information.
      • The requirements of a data management plan.
  • Records Retention and Disposal – POL-PRO INT
      • Appropriate data retention periods vary depending on the research discipline, research purpose and the kind of data involved[2]. THP’s Records Retention and Disposal Policy outlines the minimum retention periods based on applicable statutes, professional regulations, best practices and established Hospital policies. Records are kept for as long as required for the purpose for which the information in the Record was collected.
      • Records (physical and/or electronic or machine-readable) which have reached the minimum retention period must be destroyed in a confidential and secure manner.
  • Information Security – POL INT
      • This document established the information technology principles that govern the key security requirements to be considered when making information management decisions. It provides a framework of enforceable rules and best practices that regulate how THP and its staff manage the enterprise information technology security objectives at all levels in the institution.

Trillium Health Partners is committed to:

  • Protect the confidentiality, integrity and availability of information assets in accordance with legal and regulatory obligations.
  • Hold individual users accountable for their unauthorized access to, use of, disclosure, disposal, modification of confidential information or services.
  • Establish accountabilities and implement processes and controls that ensure alignment and compliance with Personal Health Information Protection Act 2004 (PHIPA), the Public Hospitals Act, and the Personal Information Protection and Electronic Document Act 2004 (PIPEDA).
  • ISO/IEC 27001 Information technology – Security techniques – Information security management systems – Requirements.
  • ISO/IEC 27002 Information technology – Security techniques Code of practice for information security management.
  • Research Conduct and Participation- POL INT
    • This policy outlines the procedural requirements associated with conducting and/or participating in all research at THP and establishes the mandatory rules regarding all research at THP. This policy governs research at THP that involves:
  • Participation of Trillium Staff and/or patients,
  • Collection of Trillium staff and/or patient information/materials i.e. data, and
  • Disclosure of Trillium staff and/or patient information/materials i.e. data.

Trillium Health Partners is committed to ensuring that all researchers, including principal investigators and site investigators, and study staff uphold the high quality scientific merit and conduct of all research project activities to protect the safety, rights and well-being of all human research subjects by adhering to:

  • Agreement on the Administration of Agency Grants and Awards by Research Institutions
  • Canadian Food and Drugs Act and its applicable regulations in particular Part C Division 5,
    • Ontario Personal Health Information Protection Act, 2004 (PHIPA),
    • International Conference on Harmonization (ICH) Good Clinical Practice (GCP) Consolidated Guideline,
    • Tri-Council Policy Statement: Ethical Conduct for Research Involving Humans, December 2022 (TCPS2),
    • Federal Wide Assurance (FWA) for International (non-U.S.) Institutions, as amended from time to time.

Indigenous Data Considerations

Researchers must respect Indigenous cultures and knowledge, as well as recognize Indigenous data sovereignty and jurisdiction over data about Indigenous communities. Any research involving Indigenous communities must adhere to all legal and ethical requirements and be conducted in accordance with community-driven principles (such as the CARE Principles and the OCAP Principles). Indigenous peoples, communities, and organizations must be engaged throughout the research lifecycle and be involved in all key decision-making. This includes co-developing the data management plan and creating written agreements to ensure the incorporation of holistic research approaches, defining responsibilities and expectations related to data, and outlining commitments to minimize harm to Indigenous communities. Outcomes of research should be shared and returned, and data should be used in ways that benefit the communities and promote capacity development and community empowerment.

External Resources to support researchers in conducting research involving indigenous communities:

Black Community Data Considerations

Researchers should recognize that legacy data processes pose many threats to Black communities by failing to focus on their health, their experiences, and their lives. Any research involving Black communities should use the EGAP Framework to guide the collection, management, analysis and use of race-based data from Black communities in ways that advance health equity. Specifically, such research should include:

  • genuine, cyclical, accessible consultation with Black communities regarding data collection, management, analysis and use (engagement);
  • Black community decision-making about engagement processes and data collection, management, analysis, and use, achieved through the establishment of community governance tables (governance);
  • The right of Black communities to access their collective data and to determine who else can access it, along with the capacity building required to enable this right (access);
  • The safeguarding of all individual rights and types of data, including identifiable, de-identified, and anonymized data (protection).

External Resources to Support Researchers in Conducting Research Involving Black Communities and Black Community Data

Whether the data is from a specific or unique community or group where the researchers are required to further consult, seek permissions for depositing the data, respect existing agreements, or follow additional data management principles, TCPS2 Article 2.11, 9.1 and 9.11 on research involving First Nations, Inuit and Métis Peoples of Canada can be applied to other communities when appropriate.

Institutional Readiness and Future State

THP is currently working on future supports for RDM, DMP and Data Curation.  THP is planning to support our researcher community by having a dedicated RDM support service team (which includes the THP Library & Knowledge Services, THP Privacy and THP Information & Security services) that can provide ongoing training and guidance to researchers and research teams and onboarding sessions to new staff engaged in research. This will include focus groups, asynchronous offerings for individual consultations, online guide with links to institutional policies and procedures and coordinated communication and documentation to ensure there is awareness and alignment of these processes to support researchers and their teams in managing research data. We will continue to seek feedback from our research community to understand their needs, enablers and barriers to RDM. THP is updating and developing research policies and procedures that focus specifically on RDM and providing researchers and their teams with support around RDM when conducting research with the indigenous community and with Black communities. In reviewing the data storage needs of the current and anticipated future state, THP is also working towards establishing an appropriate centralized research data repository. This will include a file management service to facilitate fine-grained access control for folder and file specific permissions.


Glossary of Terms for Sensitive Data used for Research Purposes

  • The glossary is intended to provide definitions for a number of common terms used in the discussion of the management of sensitive data in the Canadian context.

Government of Canada. (2016). Tri-Agency Open Access Policy on Publications (2015).  Retrieved from

Government of Canada. (2023). Tri-Agency Research Data Management Policy – Frequently Asked Questions.

Portage Network, (2023). Brief Guide – Data Management Plan. @zenodo_org.

Research Data Lifecycle. (2023).

Research Data Management. (2023).

Sebastian-Coleman, L. (2022). Chapter 8 – The Culture Challenge: Organizational Accountability for Data. In L. Sebastian-Coleman (Ed.), Meeting the Challenges of Data Quality Management (pp. 165-184). Academic Press.

Tri-Council Policy Statement: Ethical Conduct for Research Involving Humans – TCPS 2 (2022) – Chapter 5: Privacy and Confidentiality. (2023, 2023-01-11).

The Black Health Equity Working Group, (2021). Engagement, Governance, Access, and Protection (EGAP): A Data Governance Framework for Health Data Collected from Black Communities.

University of Toronto, (2023). University of Toronto Institutional Research Data Management Strategy.

  • 100 Queensway West

    Clinical and Administrative Building,

    Mississauga, ON

  • (905) 848-7580


Sign up for invitations to upcoming events and to receive our news and updates.