Research Data
Data Requirements
Researchers should comply with all legal, ethical, funding body and institutional requirements for the generation, collection, use, storage, and security of data, especially personal data, where particular attention should be paid to the requirements of data protection legislation provided in the GDPR by the Information Commissioner’s Office (ICO).
Researchers should consider how data will be gathered, analysed, and managed at an early stage of the design of the project. Researchers should collect data accurately, efficiently, and according to the agreed design of the research project and ensure that it is stored in a secure and accessible form.
Open Access Data
Researchers should ensure that research data relating to publications is available to other researchers, subject to any existing agreements on confidentiality. Use of open access data repositories is encouraged and highly recommended to ensure reproducibility and efficient research on research.
Record Keeping
Researchers should keep clear and accurate records of the procedures followed and the approvals granted during the research process, including records of the interim results obtained as well as of the final research outcomes. This is necessary not only as a means of demonstrating proper research practice, but also in case questions are subsequently asked about either the conduct of the research or the results obtained.
Personal Data
Any research involving personal data must obtain ethical approval where necessary.
Researchers must inform prospective participants of which individuals and organisations, if any, will be permitted access to personal data, and under what circumstances such access will be granted and the purpose for which personal information provided is to be used. Researchers must be aware of the risks to anonymity, confidentiality and privacy posed by all kinds of personal information storage and processing which directly identify a person (e.g. audio and videotapes, electronic and paper-based files, e-mail records) and make provision for secure storage and disposal.
Research participants have the right to withdraw their consent and to require that their data be destroyed, if practicable and researchers should make provision for this in their study design and inform participants of what is practical at the consent stage.
Confidentiality
Research participants should be informed about how far they will be afforded anonymity and confidentiality at the consent stage. Researchers should not breach the 'duty of confidentiality' and not pass on identifiable data to third parties without participants' consent. Guarantees of confidentiality and anonymity given to research participants must be honoured, unless there are clear and overriding reasons to do otherwise.
However, research data given in confidence does not enjoy legal privilege and may be liable to subpoena by a court and research participants should be made aware of this fact in relevant circumstances. Researchers should also guard against giving unrealistic guarantees of confidentiality and anonymity and be aware that it may be necessary to inform research participants of obligations which may require disclosure of confidential information to authorised bodies, especially where there may be risk of harm to the participant or other individuals or evidence of illegal activity.
Data Retention
Data must be retained intact, normally for a period of at least 10 years from the date of any publication which is based upon it. Where funders or professional bodies have specific regulations with regard to the period of data retention or with regards to where to place/publish data (eg specific archives), these regulations should prevail. If research data (and/or materials) is to be deleted or destroyed, it should be done so in accordance with all legal, ethical, research funder and institutional requirements and with particular concern for confidentiality and security.
Researchers who are leaving the University who wish to retain data must obtain written permission prior to leaving from their Head of Department to do so. Where personal data is involved, the request will be refused unless it is clear that future use will be consistent with the terms of the participant’s original consent.
Further University Guidance
Research Data Management Policy
Guidance on Managing Research Data