Ethics and Data Storage Advice
for the Service Related Project (SRP) and Thesis
When conducting any research project that involves collecting data from human participants you need to ensure that the data you collect is handled and stored securely and in accordance with legislative frameworks governing data protection, research ethics and research governance. The procedure outlined below has been developed by the Lancaster DClinPsy programme with these frameworks in mind, and is designed to provide a clear, consistent approach that can be used for all trainee research projects (unless there are particular reasons why your project requires a different approach).
What constitutes data?
The data you need to think about storing includes:
- Research data e.g. interview recordings, questionnaires, transcripts, coded/analysed data
- Personal information collected during the study i.e. consent forms, expression of interest forms, email addresses
Storing data during the study
Whilst the study is taking place you (the trainee), as principal/chief investigator, will be responsible for the data. So you need to explain how you will store all paper and electronic data in a way that keeps it secure e.g. paper data in a locked cabinet, electronic data in password protected file space on the University server, and/or on encrypted electronic devices (see below).
We recommend that data containing personal details that would lead to the identification of participants (e.g. participants' email addresses, expression of interest forms BUT NOT consent forms) should be deleted/destroyed as soon as possible. So if people provide you with their contact details in order to be contacted about taking part in your study, this should be retained only until they have participated in the study, or until they have informed you that they do not wish to take part. However, if a participant says they would like to receive a summary of the research at the end of the study, it would be appropriate to retain their contact details until this summary has been sent out.
We advise that, as far as possible, data are stored electronically in your personal file space on the University server (via your Virtual Private Network (VPN) from home), rather than on laptops, PCs or other devices. If you do store data on any devices other than the server it must be encrypted. The server is secure, so any files stored there do not need to be encrypted, although you will need to encrypt files at the end of the study in order to transfer them for long-term storage (see below). However, where you are storing data containing sensitive material or identifiable personal information, individual files should be password-protected as an additional security measure.
If identifiable data is stored on a portable device, e.g. a laptop or USB drive, the University advises that it is not sufficient for the data just to be password protected. In addition the portable device should be encrypted - more information on how to do this is available from http://www.lancs.ac.uk/iss/security/encryptionoptions/. If you are using a digital recorder the encryption of this device should be mentioned also. If it is not possible to encrypt the recorder there needs to be confirmation that any identifiable data will be transferred and then deleted from it as soon as possible.
Long-term storage of data
You also need to explain what will happen after the study has been completed i.e. what data will be stored, where they will be stored and who will be responsible for them. It is usual for data to be stored by the DClinPsy admin team. In the past most data have been stored in paper form. However, due to the very limited space now available, we advise trainees to keep data for storage after the end of the study in electronic form, unless there is a particular reason for keeping them in paper form. The data that should be retained for storage include the consent forms, all raw data (e.g. interview transcripts and completed questionnaires) and any coded data produced during analysis.
Transferring data for long-term storage
The following procedure has been developed for transferring data to the Research Coordinator for long-term storage:
- All data should be saved electronically, including consent forms which can be scanned and saved
- At this point you should encrypt all your data in order that it can be transferred securely to the Research Coordinator who will save the files in password-protected file space on the university server
- On your ethics form you will need to state that your data will be transferred electronically using a secure method that is supported by the University. Guidance on how to do this will be provided in the ethics teaching