The management of research data is regulated by law, in particular in relation to confidential, sensitive and/or personal data.
The management of confidential, sensitive and/or personal data has ethical as well as legal implications. The core principle underpinning the University's Code of practice and principles for good ethical governance is that of avoidance of harm. This includes harm to the welfare and interests of human participants (whether participating actively or through observation/use of their data) and harm to the welfare and interests of the wider community. Two key considerations when managing your research data are:
Further detail can be found in the Code of practice and principles for good ethical governance.
For further guidance on the ethics of research data management, speak to a member of your departmental/subject level ethics committee in the first instance.
All research undertaken in the University's name or on its behalf which falls within the University's framework of ethical principles, regardless of funding source, should undergo review by a University ethics sub-committee, and have been signed off by the sub-committee before the research commences, even where ethical scrutiny is also undertaken by an outside body.
The review process will include addressing the above considerations where they apply. Details of the University's procedures for conducting ethical review are set out in the Code.
Your funder and/or your professional body may also have requirements and/or guidance relating to the ethical management of research data, which you will need to take into account when addressing the above considerations.
Many research funders now require the researchers they fund to share and preserve their research data. Writing a Data Management Plan at the start of your research project will help you to consider these issues and how you might produce a version of your data that you can share.
Click on the one of the options below to read the University's guidance on Data Protection, Freedom of Information or Intellectual Property Rights.
If your research involves working with people, be it through surveys, interviews, trials, experiments, focus groups or other methods, then it is important to know the legal and ethical obligations you have towards research participants.
Ethical guidelines issued by funders and the University cover how you can create and store data. In addition, statutory requirements such as the General Data Protection Regulation (GDPR) and the UK's Data Protection Act 2018 govern the processing of personal data.
When gaining consent from participants for gathering personal data you need to include a Privacy Notice with your ethical consent material. This is not a new requirement under data protection legislation. However, the GDPR does introduce more granular requirements for notices.
All Ethics Chairs have been issued with a standard GDPR compliant Participant Information Sheet. These templates have been amended by individual departments to better reflect departmental need and can be made available, on request, for reuse. For further information contact your department’s ethics committee.
For help with data protection compliance, contact email@example.com
The Freedom of Information Act and Environmental Information Regulations provide members of the public with a general right of access to the recorded information held by the University. The legislation works to promote openness across the public sector. So you could be required to release information about your research based on FOI and EIR requests.
Freedom of Information information on FOI provided by the University Information Governance Officer. It includes the University’s Freedom of Information Policy and guidance to staff on enquiry handling.
Freedom of information and research guidance to staff relating to research data and publications. Included in this information is a link to Jisc's FOI and research data: questions and answers, a useful FAQs on how researchers should respond if faced with FOI or EIR requests.
For FOI advice, contact firstname.lastname@example.org
Intellectual Property Rights (IPR), for example copyright or patents, affect and may limit the way you and others can use the outputs of your research. It's therefore important to clarify copyright and intellectual property ownership of any data that you will create or use before your research begins.
If you agree or purchase licences to reuse third party data, be aware of any restrictions this places on what the data can be used for in the future. You should read carefully the terms and conditions associated with the use of third party data as it's probable that copyright and/or licensing issues are associated.
Research funders may expect you to clarify IPR ownership in your Data Management Plan.
Intellectual property guidance provided by the University Intellectual Property and Legal Manager.
University policy on intellectual property outlines the ownership of IP (including copyright) for research materials and procedures for commercialisation.
Copyright: a practical guide practical advice to help you stay legal when reusing copyright material in your research. Read the University's position on Copyright law and associated licences. For advice about copyright compliance, contact the Copyright Advisor: email@example.com.
For advice on IPR, contact the IP & Legal team
UK Data Service Rights relating to research data
Information on the implications of copyright ownership when creating, sharing and reusing data. The pages include IP example cases illustrating where issues may arise.
University of Edinburgh, Research Data MANTRA Data protection, rights and access
A training module from the MANTRA research data management online course. This module covers ethical obligations, data confidentiality and disclosure, data protection and anonymisation.