Confidentiality

Confidentiality can be defined in terms of that, which is intended to be kept secret. Dealing with its implications and ethical and legal obligations is an integral part of research. With drivers in research ethics, detailed and strenuous requirements (particularly for example in health related research), and implications within research practice, there are also consequent demands in short and long term.

“…whatever, in connection with my professional practice…I see or hear in the life of men, which ought not to be spoken of abroad, I will not divulge…” The Hippocratic Oath

“The confidentiality of information supplied by research subjects and the anonymity of respondents must be respected.”
ESRC (Framework for Research Ethics, 3rd principle)pdf

How should I store confidential data?

"Storage of data that are considered confidential or sensitive may need to be addressed during consent procedures, to inform the people to whom the data belong how and why the data will be stored. The risks of identification of personal information are typically maintained through the anonymisation of data and the regulation of access through a dedicated rights management framework.

It is important to be aware of the risks of storing personal data. Legally, data which contain personal information must be treated withmore care than data which do not. From mid-2008 financial penalties can be enforced for the wilful circulation of personal data. Personal information can be removed from data files and stored separately under more stringent security measures.

Signed consent forms or other non-digital records may contain identifying information and should be stored separately from data files, although an anonymous ID system can help link the two sets of materials together if required (e.g. for re-contacting purposes)."
UK Data Archive

University requirements

“All members of the University have a general duty to comply with the common law obligations of confidentiality. Maintaining the confidentiality of personal data is an important step towards complying with the eight data protection principles.

A disclosure is a way of processing data, so it can only be made if it satisfies the eight data protection principles. This means that when a person asks for information about someone else, that person must have a valid reason for receiving the information (for example, the data subject has consented to this or it is in the data subject’s vital interests).”
University of Leicester Data Protection Code of Practice

“The confidentiality of information supplied by research participants and any agreement to grant anonymity to respondents should be respected”
University of Leicester Committee for Research Ethics Concerning Human Subjects (Non-NHS) – Code of Practice

Confidentiality in Health and Social Care research

“It is a legal requirement that when patient data is used for purposes not involving the direct care of the patient, i.e. Secondary Uses, the patient should not be identified unless other legal means hold, such as the patient's consent or Section 251 approval. This is set out clearly in the NHS policy and good practice guidance document 'Confidentiality: the NHS Code of Practice', which states the need to 'effectively anonymise' patient data prior to the non-direct care usage being made of the data."

Connecting for Health, NHS - Pseudonymisation Implementation Project

Sample resources (NHS related)