Collaborators can play a large part in studies that handle confidential information. This page explains how this can be done properly.
Most commonly, a study's academic partners will not want to access identifiable personal data. This means that adequate steps must be taken to anonymise the data before sharing. If you obtained personal data directly rather than from a third party, adequately anonymised data is usually, although not always, OK to share with a study partner provided this is done within SLMS policies and procedures; when you obtain data from a third party, even if you deem it to be anonymised, you need to get permission from the provider in the first instance (it will not be your decision to determine whether the data are anonymised as you will be working with data obtained indirectly from another Data Controller). An example where it may not be appropriate to determine yourself whether data have been adequately anonymised before sharing data obtained directly would be when your organisation is a Joint Data Controller or a Data Controller in Common with another organisation and the terms of the Controllers' agreement define what are 'adequately anonymised' data and you have not applied this correctly.
Equally when you share data with a collaborator, it is the information asset owner's responsibility to ensure they work in line with UCL's information security policy and that the collaborator does not onwardly share the data you provide them to someone else without seeking permission first.
Where collaborators wish to use potentially identifiable data see our guide on working with third parties.
For assistance with data sharing (or ‘data transfer’) associated with sponsored research please see the UCL Material Transfer Agreements (MTA) guidance and policy, owned by Research and Innovation Services.