Data Management & Protection
Data management in research covers a wide area from the secure collection of data to the safe storage and stewardship of data (such as field notes, consent forms and audio files) and electronic data (such as audio files), to archiving and open access.
Wherever data exists it needs
to be properly managed. Good data management is extremely important and should
be carefully considered throughout the life of the research and after;
including archiving and timely destruction of data. Poor data management can
undermine the integrity of the research as well as overshadow any benefits
and/or impact that the research may produce.
All those involved with handling data should be aware of the relevant legislation and UCL policies, such as the UCL Research Data Policy. In addition, the Research Data Management webpages provide essential information for the management of research data for the whole research lifecycle.
Areas to consider
The following pages are designed to raise awareness of some areas to consider and to direct you towards further information sources.
- Research Data Management —Things to consider during the research process.
- Data Protection — Information on the Data Protection Legislation 2018.
- Transferring data outside the EEA - Information on transferring data outside of the EEA.
- Freedom of Information — Information on the Freedom of Information Act 2000.
- Intellectual Property — Guidance on copyright.
- Information Security — Information on sources of guidance at UCL relating to information security.
- Open Access — Information about UCL's Open Access policy.
Some general questions to consider with all data are:
- What is the data?
Is it personal, sensitive, confidential? Are individuals named or otherwise easily identifiable? Is it public data or data obtained for private business purposes?
For definitions of personal and sensitive personal data see the key definitions in the Guide to Data Protection from the Information Commissioner’s Office as well as Determining what is personal data.
- What format is the data in?
Is it hard copy, such as printed transcripts, signed consent forms or contracts or photos or drawings? Is it digital, such as audio files, videos, Word documents, online survey responses or emails?
- Where is the data stored?
Are hard copy files stored in desk draws or cabinets? Are they locked? Are they on UCL premises?
Are digital files stored on the UCL server, a personal computer, online storage such as cloud storage e.g. DropBox, or portable devices such as phones, tablets, USB devices? Are digital files and computers encrypted? Is the online storage secure?
Guidance on file sharing and storage is available via the Information Services Division webpage. There is also information and advice on encryption.
- Who has access to the data?
Who will the data be shared with? Will the data be shared with third parties outside the research team, if so for what purpose? Should any data remain confidential to the research team (such as for pseudonymisation/anonymisation purposes)?
How is the data being shared? By email, though portable devices or online file sharing? This includes the transfer of data from participants such as through online surveys.
Could anyone else access the data? Review where the data is held and whether anyone could access it.
- Do you have a clear desk policy? Are files locked away and/or your computer locked when you are away from your desk? Is the room or building secure? Are storage cabinets/offices locked?
- Are digital data and computers/portable devices password protected/encrypted?
- Is online storage secure? What are the terms and conditions of the online storage, file sharing and survey sites? Are they based within the European Economic Area (EEA)?