Ethical considerations in making research data publicly available If your research involves human participants, you need to consider ethical issues regarding data sharing throughout the entire data cycle. You must ensure that you always comply with the Data Protection Act 1998. Some of the ethical issues you need to consider are as follows. You need to ensure that you have obtained informed consent from all participants for their data to be shared/made publicly available. It is important to establish to what extent the data will be shared. The fact that data will be shared/made publicly available must be clearly stated at the outset (before any data is gathered) on the participant information sheet and consent form and discussed with participants during the consent process. You need to provide participants with sufficient information in order for them to make an informed decision whether they are happy for their data to be shared/made publicly available (for example; how the data will be stored, where the data will be stored, how long it will be stored for and who will have access to it). If any of the participants do not wish their data to be shared/made publicly available, you need to consider what you will do. Can you still include these participants in the research or will you need to exclude them? You need to consider this in terms of the final data set that will be available. Clearly, it may not be viable to make the data publicly available if you have to exclude certain data sets, as it may then be biased and misrepresentative. If it is still viable to make the remaining data publicly available, you need to ensure that the metadata makes it clear that certain data sets have been excluded. If participants are happy for their data to be shared/made publicly available, you need to carefully consider how you will make the data anonymous. This is likely to be much more difficult in the case of qualitative data, for example interview transcripts. You need to consider how you will handle this (e.g. will you show participants the transcripts before they are made publicly available? A potential disadvantage of doing this is that participants may want to make changes, which may then compromise the validity of the research). Examples of direct identifiers are names, addresses, telephone numbers and pictures. In general, these would always be removed from the data at the earliest opportunity. Indirect identifiers could identify someone when linked with other publicly available information, for example information on workplace, occupation or exceptional values of characteristics like salary or age. Although you need to reassure participants that you will take all possible steps to ensure that their data will be anonymous, you must always ensure that you do not make unrealistic assurances. You must always take into account that even when personal data has been removed, it may still be possible to identify participants, at least by their peers if not the general public. 1 You should only collect any personal data or Sensitive Personal Data (as defined by the Data Protection Act 1998) that is absolutely required for the purposes of the research i.e. a minimal amount. In general, you should remove personal data and Sensitive Personal Data, as defined under the Data Protection Act (1998), from the data that is made publicly available. According to the Data Protection Act personal data is that which relates to a living individual and from which an individual can be identified (from the data alone or from the data in combination with other accessible information). It also includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual. Personal data may include photographs, email messages and data recorded by closed-circuit television (CCTV), if a person can be identified from this. It also includes data identified by reference numbers, where a separate list can be used to match the reference numbers to named individuals. Sensitive Personal Data is defined in the Data Protection Act 1998 as data on a person's race, ethnic origin, political opinion, religious or similar beliefs, trade union membership, physical or mental health or condition, sexual life, commission or alleged commission of an offence, proceedings for an offence (alleged to have been) committed, disposal of such proceedings or the sentence of any court in such proceedings. All potentially 'sensitive' data should be carefully handled. There are cases where it is not possible to make data anonymous, for example photographs or audio data. Careful consideration needs to be given to this in the consent process. If there is no option but to use data where participants could potentially be identified, this can only be done with their consent. If you are making personal and sensitive personal data publicly available, you must ensure that you have fully informed consent from participants to do this, in order to comply with the Data Protection Act (1998). You must keep a record of all consents received from data subjects. You also need to consider organisations and whether or not they will be named. If they are to be named, written permission needs to be provided from a senior member of staff in that organisation, with the full understanding that the data will be in the public domain. You must keep a record of all permissions received. If an organisation is not to be named, you need to consider whether it could still potentially be identified. Obtaining permission from an organisation does not replace the requirement to obtain informed consent from participants working in that organisation. You must also consider whether participants could be identified because of the organisation they work for being named. If this is a possibility, participants must be made aware of this before they consent. 2 Julie Scott Research Training & Ethics Manager 04.10.12 For any queries please contact Jackie Barlow, University Records Manager Telephone: 0845 196 4215 Email: jackie.barlow@anglia.ac.uk 3