It might be necessary to store and handle restricted or reserved personal data for the purposes of academic research. The guidance on this page should be read in conjunction with the University Research Code of Practice and the Research Data Management Policy.
Restricted or Reserved personal data must not be stored insecurely or on non-University of Warwick stystems - In these cases, data must be securely stored, for example, on an encrypted laptop or on a secure password protected University of Warwick system.
The table below provides some example Dos and Don'ts for the management of research data relating to living individuals. The Data Protection Act 1998 and the University's Data Protection Policy is not there to obstruct academic research but to ensure the confidentiality of sensitive data about other individuals.
Written consent of each data subject must be sought to confirm that they agree to their personal data being used for the specific purposes of the project and data subjects have a right of access to see what data is held about them.
|Don't randomly collect or keep data on the basis that it might be needed at some point.||Do plan carefully what data should be collected to fufil the research activity.|
Don't collect data that is not necessary to the research activity.
|Do monitor data requirements throughout the activity to ensure that only required data is collected.|
|Don't store data about identifiable indivduals or otherwise sensitive data in or on a non-secure system.||Do make data anonymous so that individuals cannot, by any means, be identified.
Do use encrypted storage or hard drive for storing data (see ITS guidance)
Don't use data for purposes other than that/those for which it was collected.
|Do gain further consent from data subjects if the scope of data collected or purpose changes.
Do delete data once no longer required for the purpose for which it was collected.
|Don't keep data beyond the end of the research activity and ensure that it is disposed of securely or archived in line with any conditions of the funding body (see below)||Do delete data when it is no longer required.|
Don't just assume that research is being conducted in an acceptable manner.
|Do seek advice from the Secretary to Council's Office|
Some of the research funders have data management policies e.g. ESRC http://www.esrc.ac.uk/files/about-us/policies-and-standards/esrc-research-data-policy/ and require data to be submitted to an archive after the end of a project. Data service providers (such as the Economic and Social Data Service, ESDS; http://www.esds.ac.uk/aandp/create/dataman.asp) can provide advice on confidentiality, security and ethics in data sharing.