Confidentiality can be defined in terms of that, which is intended to be kept secret. Dealing with its implications and ethical and legal obligations is an integral part of research. With drivers in research ethics, detailed and strenuous requirements (particularly for example in health related research), and implications within research practice, there are also consequent demands in short and long term.

“…whatever, in connection with my professional practice…I see or hear in the life of men, which ought not to be spoken of abroad, I will not divulge…” The Hippocratic Oath

“The confidentiality of information supplied by research subjects and the anonymity of respondents must be respected.”
ESRC (Framework for Research Ethics, 3rd principle)pdf

How should I store confidential data?

"Storage of data that are considered confidential or sensitive may need to be addressed during consent procedures, to inform the people to whom the data belong how and why the data will be stored. The risks of identification of personal information are typically maintained through the anonymisation of data and the regulation of access through a dedicated rights management framework.

It is important to be aware of the risks of storing personal data. Legally, data which contain personal information must be treated withmore care than data which do not. From mid-2008 financial penalties can be enforced for the wilful circulation of personal data. Personal information can be removed from data files and stored separately under more stringent security measures.

Signed consent forms or other non-digital records may contain identifying information and should be stored separately from data files, although an anonymous ID system can help link the two sets of materials together if required (e.g. for re-contacting purposes)."
UK Data Archive

University requirements

“All members of the University have a general duty to comply with the common law obligations of confidentiality. Maintaining the confidentiality of personal data is an important step towards complying with the eight data protection principles.

A disclosure is a way of processing data, so it can only be made if it satisfies the eight data protection principles. This means that when a person asks for information about someone else, that person must have a valid reason for receiving the information (for example, the data subject has consented to this or it is in the data subject’s vital interests).”
University of Leicester Data Protection Code of Practice

“The confidentiality of information supplied by research participants and any agreement to grant anonymity to respondents should be respected”
University of Leicester Committee for Research Ethics Concerning Human Subjects (Non-NHS) – Code of Practice

Confidentiality in Health and Social Care research

“It is a legal requirement that when patient data is used for purposes not involving the direct care of the patient, i.e. Secondary Uses, the patient should not be identified unless other legal means hold, such as the patient's consent or Section 251 approval. This is set out clearly in the NHS policy and good practice guidance document 'Confidentiality: the NHS Code of Practice', which states the need to 'effectively anonymise' patient data prior to the non-direct care usage being made of the data."

Connecting for Health, NHS - Pseudonymisation Implementation Project

Sample resources (NHS related)

Further Information

Research Data material:

RDM Principles

Data Planning Documents

DMP Documents - Small file

Poster (pdf pdf)

University of Leicester Research Data Management poster

Brochure (pdf pdf)


Blog Data For Research Blog




Input and feedback

August 2018 - This website will be relaunched in September 2018. Feedback and input is welcome, so please let the library research services team know what type of content you would like to be included on the website by contacting us at

RDM news and events
  1. The University of Leicester Figshare for data digital archive is now available for research staff and PhD students. User guidance on upload/data deposit.
  2. Information Governance training is now available, provided by e-LfH (an NHS organisation). The University has registered to access this NHS resource and individual accounts can be set up by sending name and email address to Andrew Burnham.
  3. There is now a standard University Privacy Impact Assessment process where data collection or receipt, or systems purchase or development may have privacy consequences
  4. The University has adopted a simple data classification model which must be applied by the research PI and/or data owner
  5. We share our RDM survey: overview findings presentation as well as the results of our 2015 survey on Your research data management needs
  6. There is now a University Information Governance web presence
  7. Our Data Management Planning documents have been updated - hard copies can be obtained if you contact
  8. Jisc has published a new RDM strategy document - "Directions for RDM Management in UK Universities"
  9. The Partridge Review - HSCIC Data Release Review - Full report (3.58 Mb) and Summary
  10. The Economic and Social Research Council (ESRC) have published a new Research data policy underpinned by nine core principles and Data management plan guidance (26/03/2015)
  11. RDM Principles approved by the University.
  12. DMPonline version 4.0 - DCC "DMPonline" (Data Management Planning) v4 has gone live. You can use this web based form to create your Data Management Plan, and share it with your collaborators.
  13. Research funder specific web pages (accessible via 'Data Planning & Management - What you need to do') for data planning and management guidance (AHRC, BBSRC, EPSRC, ESRC, MRC, NERC, and STFC)
  14. 'Data Planning & Management - what you need to' - a web page to take you through what you need to do about data planning and management.
  15. 'RDM - The Movie' is released! The 4 minute digital story of research data work here at Leicester.

... more News and Events

Search RDM