Data Handling & Security
There should be clarity at the outset of the research programme as to the ownership of, where relevant:
- data and samples used or created in the course of the research;
- the results of the research; and
- any ideas, designs or inventions generated through the research programme.
Researchers should keep clear and accurate records of the procedures followed and the approvals granted during the research process, including records of the interim results obtained as well as of the final outcomes.
All data collected in relation to the research project must be secured at all times to ensure confidentiality. This is especially important during periods when the data or the media on which the data is stored is in transit. Thought should be given to data backup and version control. The principles outlined below give general guidance. Please also refer to the University's Data Protection webpage and the Data Protection Act 2018 (see also Legal Liabilities and Responsibilities section of these Ethical Principles).
Handling personal information
In all research, it is important to ensure that identifying information (e.g. names and addresses) is stored separately from other personal information collected as part of the research (e.g. interview transcripts, questionnaire responses) and securely (e.g. in a locked filing cabinet, password protected computer).
When researchers are collecting data from and about people they know, or live near, it is advisable to be very careful about confidentiality. If someone tells a researcher something that is personally compromising or that they do not wish to be passed on to others, it is important to honour this. It may mean that information cannot be directly used in the research, and should not even be passed on to other members of the research team.
Alternatively, it might mean the information can be used, but people’s names and other identifying features of the situation should be removed. At an early stage it is worth discussing the ways in which using social media (e.g. Facebook or Twitter) affects issues of confidentiality. It is important to be as clear as possible about how confidentiality will be handled in order to avoid causing harm or embarrassment to people. (See also section on Confidentiality of Doctoral Theses)
It is a good idea to discuss in the research team and with others involved in the research the advantages and disadvantages of identifying people, places and organisations (by their real names, appearances or voices in written, visual or audio records or social media) – whether this is in team discussions or dissemination of the research. If research relates to sensitive topics or contexts (e.g. household debt, mental health, domestic violence, public protest, crime), it is often important not to name or give identifying features of individuals.
It may also be advisable to give organisations and places different names, as using real names may help identify people. However, in some cases, individuals and organisations may wish to be named, to have their opinions, achievements or challenges credited or highlighted. Yet naming some people needs to be discussed fully and consideration given to the implications for the anonymity of others.