Research issues

If you are storing sensitive data about identifiable people, that data must be securely stored, for example, on an encrypted laptop or on a secure, password protected UOB system. Sensitive data must not be stored insecurely or on non-UOB systems. See the University Secretary's research pages for further information. See also further information about encryption.

The list below is not exhaustive, but is a call to adopting a common-sense approach to your research. See the University Secretary's Data Protection Act guidance for further information and to see where data security sits within the overall management of research data see the University's Research Data Management website.

Don'tDo
  • Don't randomly accrue data on the basis that it might be useful sometime.
  • Don't collect data that you do not need.
  • Do plan carefully what data you need to collect.
  • Do monitor data requirements throughout your research project to ensure that you are only collecting required data.
  • Don't store data about identifiable individuals or otherwise sensitive data on a non-secure computer.
  • Do make data anonymous so that individuals cannot, by any means, be identified. 
  • Do use encrypted storage media or hard drive for storing any sensitive data - contact the IT Service Desk for further information.
  • Don't reuse data for other purposes other than those for which you have permission.
  • Do delete data once it is not longer required. However, make sure you've considered any external requirements to preserve or share research data before deleting it.
  • Don't keep sensitive data for any longer than is necessary (please refer to your funder's requirements).
  • Do delete sensitive data when you don't need it anymore.
  • Do remember that the data subjects have a right of access to see what data is being held about them.
  • Don't  just assume that the way you are conducting your research is ok.
  • Do gain the consent of data subjects to hold personal data.
  • Do seek advice from the Information Rights Officer based in the University Secretary’s Office.
Many research funders and several academic publishers require research data to be preserved and shared. If there is nothing sensitive in it that isn't a problem. Where sensitive research data is involved, anonymisation or access control may be called for. (Note that if data is considered 'sensitive' then by the terms of the Data Protection Act it cannot be keep it indefinitely; however, if it is truly anonymised then it would be outside the scope of the Act.)