Researchers have a duty to consider carefully the risks and consequences associated with their research. Research that is classed as 'sensitive' carries with it particular risks that need to be managed, with particular consideration being given to the potential consequences of these risks. This includes risks and consequences for;
- individual researchers;
- research participants;
- individuals, groups, communities connected either with the research participants or the research topic/focus;
- the reputation of UCL and its researchers.
It is important therefore that, in order to minimise the impact/consequences for the individuals/groups concerned, researchers undertaking sensitive research consider beforehand what potential risks may arise from the research, to whom and how these risks could be removed, reduced or best managed. UCL considers the following to be classed as 'sensitive research' (this list is not definitive).
- Definition of sensitive research
1. Research, consultancy or teaching whereby the researcher/consultant/teacher could be put at risk of personal harm or made complicit to an illegal act. For example, research into areas that could make the researcher a focus of activist or 'hate' groups, or personal risk resulting from the chosen methods of data collection.
2. Research involving primary data collection (this includes public sources such as Twitter) into terrorist activities or other activities that could pose a threat to national security, or impact upon the researchers' academic freedom.
3. Research that involves accessing materials that would normally be prohibited by the UCL Computing Regulations (Acceptable Use Policy): www.ucl.ac.uk/informationsecurity/policy
4. Overseas research involving primary data collection into activities that are considered illegal and/or immoral within the country/community/participant group in which the research is taking place.
5. Overseas research into topics that, though may not be considered illegal or particularly sensitive in the country in which the research is taking place, would be considered highly sensitive and/or illegal in the UK, such as female genital mutilation, forced marriage or child abuse.
6. Research into areas that would be considered a breach of human rights, such as human trafficking, slavery and torture.
7. Overseas research into political areas/issues in countries where free speech is prohibited or limited or where criticism of government and/or their policies is prohibited or strictly limited.
8. Research that involves the collection, storage, processing or dissemination of information including research findings which, if released, would significantly harm the University as a result of contractual penalties, or of reputational damage incurred as a result of breach of contract.
9. Research involving or generating materials, methods, technologies or knowledge that has potential to harm humans, animals or the environment. This includes 'dual use' goods, services or technology, as defined on UK export control list: www.gov.uk/guidance/export-military-or-dual-use-goods-services-or-technology-special-rules. For more information contact us at email@example.com.
10. Research that would not normally be classed as 'sensitive' according to the above items within the definition, but that due to its nature could be reasonable to assume that potential harm would arise as a consequence of the research (beyond that of mere controversy), including as a consequence of publication.
Assessing potential risks
The first thing to consider is what the potential risks might be, how they could arise and who they would or could affect. Risks can arise as a natural result or as a consequence of the research. Risks arising as a direct result of the research can include;
- Risk of harm to researchers due to the location the research is being undertaken in (unsafe locations, lone working, etc.) or due to the research methods being used or topic being researched.
- Risk of harm (physical, physiological or emotional) to participants during data collection (being interviewed about past or current traumatic events), or the risk could arise after they have finished their participation in the research.
- Risk to individuals, groups or communities not participating in the research, but who could be impacted due to the topic being researched, or because of information provided by research participants/through data collection; for example risk of persecution or harm to reputation.
Risks can also arise as a consequence of the research being undertaken and/or published. Consequential risks can be harder to manage as they relate to the actions or reactions of the outside world, however, it is important that these potential risks are identified and planned for at an early stage, in order that the risks of harm can be managed and mitigated properly. For example;
- After a paper on a highly emotive or political topic is published, the authors could be at risk of a backlash or personal attack from individuals or groups, such as activists or 'hate' groups.
- The results of research could be taken and used by others with the intent of causing harm, e.g. biolomedical research being used to create biological weapons. This is often referred to as dual use - see misuse of research below.
Likelihood & Impact
The next stage is to consider what the likelihood is of the risk occurring and how serious the impact could be. The aim of research is to be of benefit to society, with the benefit outweighing any risks associated with the research. It is important therefore, to consider and to plan for any potential risks, even if the potential for the risk occurring is small; especially if the resulting impact of the risk is severe. It also helps to ensure that any risks can be manged appropriately should they arise.
Things to consider
- Misuse of research
Misuse of research, also referred to as 'dual use', occurs when the results of research are used by others with the intention of causing harm. This could include misusing the results of research into improving security or safety to plan attacks, or using the results from biomedical research to create biological weapons. Though it may not be possible to remove any possibility of misuse occurring, a management plan can be put in place to minimise this potential. Therefore, it is essential that these risks are thought through before the research commences.
The Medical Research Council, Biotechnology and Biological Sciences Research Council and the Wellcome Trust have produced a joint policy statement on managing the risks of research misuse. The principles have application across all disciplines and it is advised that researchers read this document and consider the advice contained within.
The European Commission has also produced a Guidance Note on Potential Misuse of Research, which provides guidance on identifying and managing the risks of research misuse.
- Information Security
Information Security Website contains the Information Security Policy and supporting/related policies, as well as the Information Security Principles. These Principles relate to information risk management and apply to all information handling in UCL. The Principles are there to guide and inform individuals to ensure that information is handled in a suitably secure fashion. For instance, Principle 14 states that 'No individual security measure should be relied upon in isolation to protect information.'
You can contact the Information Security Group for advice and guidance via email (isg(at)ucl.ac.uk) or telephone (44 (0)20 7679 7338 / internal 37338).
- Data Protection
The Data Protection website contains information and guidance for researchers on current data protection legislation, as well as the incoming General Data Protection Regulation. You can also access the UCL Data Protection Policy.
- Data Safe Haven
The SLMS Data Safe Haven is available for use by all UCL faculties and provides a technical solution for storing, handling and analysing identifiable data. It has been certified to the ISO27001 information security standard and conforms to NHS Digital's Information Governance Toolkit.
Information and guidance on using the Data Safe Haven is available on the link below.
- Ethical Approval
When applying for ethical approval researchers should identify the risks involved in/occurring from the research, and how the risks will be removed, reduced or managed.
Research that is defined as sensitive is likely to be considered as higher risk and therefore require ethical approval from the UCL Research Ethics Committee.
- UCL Safety Services
Information on UCL's insurance policies is available on the insurance page of the Finance and Business Affairs website. You can also download the fieldwork risk assessment form, as well as find guidance on overseas travel and working.
Additional information can be found on the insurance page of the Research Ethics website.