Do you collect research data that is difficult or impossible to anonymise, or that would lose significant value if identifiable/confidential information were removed?
Would you use a secure solution for archiving these research data in such a way that they can be safely shared with other researchers, subject to authorisation and under conditions designed to preserve confidentiality?
The Research Data Manager and Data Protection Officer are investigating the feasibility of implementing a University service for the secure archiving of confidential/identifiable research data, and the sharing of such data with authorised researchers under a standard data access agreement, subject to approval by a Data Access Committee.
We believe a University-managed solution would give researchers the confidence to preserve and share data safely, where otherwise they might be lost to research or exposed to the risk of inappropriate disclosure.
We would consider within scope any datasets that cannot be shared openly because of the confidential nature of the information they contain or because a higher risk of re-identification exists. In such cases it may still be possible for data to be shared on a restricted and managed basis.
These are examples of data that might be suitable for archiving in this service:
- Datasets containing participant-identifying or other confidential information (such as commercial information), e.g. unredacted interview transcripts; video and photographic data containing images of identifiable participants; biometric data, such as facial scans or fingerprint images; records of commercial activities;
- Data that have been anonymised but that because of the sensitivity of the information they contain or a risk of identification through linkage to other publicly-accessible data are considered higher-risk and not suitable for public sharing.
The service would provide the following features:
- A dataset with related documentation can be formally deposited in the service, with a linked publicly-accessible metadata record published via the University of Reading Research Data Archive. The dataset will be assigned a DOI that links to this metadata record. The public metadata record does not contain any sensitive information, but it means the dataset is citable and discoverable by potential legitimate users.
- The dataset will be held in closed internal storage, accessible only by authorised persons (e.g. service administrators and the PI of the project in which the data were collected).
- A researcher affiliated to a recognised research organisation may apply to access the data for non-commercial research purposes. The researcher’s credentials will be validated and their application will be subject to approval by a Data Access Committee (DAC). The original project PI or a suitable representative will join the DAC in order to consider the access request. The DAC may either grant or refuse the request.
- If the request is granted, the requester’s organisation will sign a Data Access Agreement with the University. This agreement requires the recipient to use the data in confidence and to destroy their copy of the data by an agreed date. Once the agreement is signed the data will be securely shared with the recipient. The University will follow up to ensure that the data are destroyed by the agreed date.
The proposed model is based on a successful service established by the University of Bristol.
If you collect data that you think might fall within scope of this service, we want to hear from you.
- Would you use this service? What type of data might you wish to deposit?
- Do you have questions about how it would work?
Please contact us with your views.
Robert Darby (Research Data Manager) and Rebecca Daniells (Data Protection Officer) will be holding an open consultation at 13.00-14.00 on Wednesday 26th May. Come along to find out more about the proposal and ask questions.
To register for the consultation please email Robert Darby.