UCL Library Services


Handling sensitive & personal information

Handling sensitive & personal information

Research data may contain information about living, identifiable individuals, or other information that is sensitive, for example about criminal justice or national security. You are responsible for ensuring your handling of all this information is secure and complies with the law.

You will find useful information about keeping your data secure in our guide on Storing and preserving data. Information on research integrity and on research ethics is also available.

Using personal data in research

All research data containing personal data is subject to the Data Protection Act 1998. The Act, which is enforced by the Information Commissioner's Office, outlines organisations’ responsibilities with regard to personal data and gives individuals rights over their data. The UCL Data Protection Office offers essential information about the Data Protection Act, including the General Data Protection Regulation (GDPR) reform.

Ethical approval and registration
What data to use
Anonymising data
Protecting NHS data

Guidance is available to understand all legal requirements, including

  • the duty of confidentiality
  • the Data Protection Act
  • the Freedom of Information Act
  • the Mental Capacity Act
  • the article 8 of the Human Rights Act
  • the Statistics and Registration Services Act

Professional bodies’ ethics codes should also be taken into account in your research project. See the useful ESRC list of ethics codes and guidelines produced by professional bodies such as the British Educational Research Association, the British Psychological Society, the British Society of Criminology, the British Society of Gerontology and many more.