Confidentiality

Confidentiality can be defined in terms of that, which is intended to be kept secret. Dealing with its implications and ethical and legal obligations is an integral part of research. With drivers in research ethics, detailed and strenuous requirements (particularly for example in health related research), and implications within research practice, there are also consequent demands in short and long term.

“…whatever, in connection with my professional practice…I see or hear in the life of men, which ought not to be spoken of abroad, I will not divulge…” The Hippocratic Oath

“The confidentiality of information supplied by research subjects and the anonymity of respondents must be respected.”
ESRC (Framework for Research Ethics, 3rd principle)pdf

How should I store confidential data?

"Storage of data that are considered confidential or sensitive may need to be addressed during consent procedures, to inform the people to whom the data belong how and why the data will be stored. The risks of identification of personal information are typically maintained through the anonymisation of data and the regulation of access through a dedicated rights management framework.

It is important to be aware of the risks of storing personal data. Legally, data which contain personal information must be treated withmore care than data which do not. From mid-2008 financial penalties can be enforced for the wilful circulation of personal data. Personal information can be removed from data files and stored separately under more stringent security measures.

Signed consent forms or other non-digital records may contain identifying information and should be stored separately from data files, although an anonymous ID system can help link the two sets of materials together if required (e.g. for re-contacting purposes)."
UK Data Archive

University requirements

“All members of the University have a general duty to comply with the common law obligations of confidentiality. Maintaining the confidentiality of personal data is an important step towards complying with the eight data protection principles.

A disclosure is a way of processing data, so it can only be made if it satisfies the eight data protection principles. This means that when a person asks for information about someone else, that person must have a valid reason for receiving the information (for example, the data subject has consented to this or it is in the data subject’s vital interests).”
University of Leicester Data Protection Code of Practice

“The confidentiality of information supplied by research participants and any agreement to grant anonymity to respondents should be respected”
University of Leicester Committee for Research Ethics Concerning Human Subjects (Non-NHS) – Code of Practice

Confidentiality in Health and Social Care research

“It is a legal requirement that when patient data is used for purposes not involving the direct care of the patient, i.e. Secondary Uses, the patient should not be identified unless other legal means hold, such as the patient's consent or Section 251 approval. This is set out clearly in the NHS policy and good practice guidance document 'Confidentiality: the NHS Code of Practice', which states the need to 'effectively anonymise' patient data prior to the non-direct care usage being made of the data."

Connecting for Health, NHS - Pseudonymisation Implementation Project

Sample resources (NHS related)

Further Information

Research Data material:

RDM Principles

Data Planning Documents

DMP Documents - Small file

Poster (pdf pdf)

University of Leicester Research Data Management poster

Brochure (pdf pdf)

Copies: researchdata@le.ac.uk 

Blog Data For Research Blog

Glossary

A-Z

books

Input and feedback

2017 - This website will be relaunched in spring/summer 2017. Feedback and input is welcome, so please let the RDM project team know what type of content you would like to be included on the website by contacting us at researchdata@le.ac.uk.

RDM news and events
  1. The University has adopted a simple data classification model which must be applied by the PI and/or data owner
  2. We share our RDM survey: overview findings presentation as well as the results of our 2015 survey on Your research data management needs
  3. "Introduction to Information Governance" training is now available via "Embedding Informatics in Clinical Education" (EICE). The University is registered as an institution so you can register against this or ask for an account via IGT@le.ac.uk.
  4. There is now a University Information Governance web presence
  5. Our Data Management Planning documents have been updated - hard copies can be obtained if you contact researchdata@le.ac.uk
  6. Jisc has published a new RDM strategy document - "Directions for RDM Management in UK Universities"
  7. The Partridge Review - HSCIC Data Release Review - Full report (3.58 Mb) and Summary
  8. The Economic and Social Research Council (ESRC) have published a new Research data policy underpinned by nine core principles and Data management plan guidance (26/03/2015)
  9. RDM Principles approved by the University.
  10. DMPonline version 4.0 - DCC "DMPonline" (Data Management Planning) v4 has gone live. You can use this web based form to create your Data Management Plan, and share it with your collaborators.
  11. Research funder specific web pages (accessible via 'Data Planning & Management - What you need to do') for data planning and management guidance (AHRC, BBSRC, EPSRC, ESRC, MRC, NERC, and STFC)
  12. 'Data Planning & Management - what you need to' - a web page to take you through what you need to do about data planning and management.
  13. 'RDM - The Movie' is released! The 4 minute digital story of research data work here at Leicester.

... more News and Events

Search RDM