Data handling: the general issue
Storage of participant data in a critical aspect of ethical research practice. As researchers, we commit to ensuring participants’ privacy. This can only be done if data are handled, stored, and shared carefully. And ethical research should be reproducible, and of use to the scientific and broader community. If you lose your data, or fail to store data, software, stimuli etc., then your study is cannot fully benefit that community.
There are a number of options, including storage available through the University, to help you store data in a way which respects participants’ privacy. In addition, there are a number of options outside the University that can help ensure researcher reproducibility and transparency.
Ethically and legally (through GDPR) there are strict requirements on the collection, storage, and sharing of personal data. Personal data is any information that would allow a participant to be directly or indirectly identified. For example: names, signatures, physical or email addresses, Mechanical Turk worker IDs, dates of birth, school and class information, photographs, video or audio recordings, etc. Even if none of the individual pieces of information you are collecting would allow a participant to be identified, if you are collecting multiple pieces of information which could together identify them, then this counts as personal data.
What about consent forms?
Consent forms are confidential documents containing personal data. No one should have access to consent forms other than researchers approved on the ethics protocol.
- Research staff who are PIs on projects should retain all consent forms on the project for at least three years following the completion date of the project.
- All students must give consent forms to their supervisors once data collection is complete.
- Consent forms should be stored in a secure location, and this location should be described in the submitted ethics application.
- PI’s are encouraged to store digitised consent forms: scan paper originals to PDF and then securely shred them. Keep the PDF in a secure folder.
If you are collecting personal data, you have several options as a researcher which may help you to better guard against risks to your participants’ privacy. The first has to do with how you store the data. That is discussed below. However, you should also consider whether you need to collect personal data, and if so, whether you can anonymise that data after it is collected. Anonymisation allows data to be shared, while preserving privacy. The process of anonymising data requires that identifiers are changed in some way such as being removed, substituted, distorted, generalised or aggregated. For example, you may collect audio recordings, but only share analyses derived from those recordings. If you collect response to a web survey, you could share aggregated rather than raw data.
Data storage and sharing options
The University offers three main sources of data storage. These should be your default storage options, and are all GDPR-compliant.
OneDrive is available to all members of the University community. It is a repository similar to DropBox or GoogleDrive, and all members of the community have 1TB of storage automatically allocated to them.
DataStore is available to research staff and postgraduate research students. It is a digital repository that is accessed as a network shared drive (via VPN when outside the University network). Research staff and postgraduate research students have 500GB automatically allocated, and groups can pool their allocation, or purchase more.
DataShare is a digital repository of research data produced at the University of Edinburgh, hosted by Information Services. Edinburgh University researchers who have produced research data associated with an existing or forthcoming publication, or which has potential use for other researchers, are invited to upload their dataset for sharing and safekeeping. A persistent identifier and suggested citation will be provided.
What happens to the data when you leave Edinburgh? When individuals involved in a research project leave the university, they may take copies of research data for projects on which they have worked. We recommend that original data also be retained at Edinburgh by the PI/Supervisor.
Please note that when you leave the University, your access to OneDrive and/or DataStore is NOT preserved. Therefore, please make a long term plan to ensure you do not lose access to your data.
Reproducibility and transparency in research
Reproducibility is the ability to produce a copy or duplicate a piece of research. It is often used to refer to the ability to replicate the results of an original study. Transparency enables reproducibility by being explicit, clear, and open about the methods, procedures, analyses, exclusion criterion, etc. that are used in a piece of research. A popular method for increasing reproducibility and transparent in research is data sharing and pre-registration, for example through the Open Science Framework.
More information about GDPR