All research must be open
All research must be open to some extent.
The choice is between being, at any stage of the research journey, more open or less open.
Principle #2 of the Concordat on Open Research Data states there are sound reasons why the openness of research data may need to be restricted but any restrictions must be justified and justifiable. It is important that constraints on openness must not be applied on a blanket basis but should be justified and justifiable case by case.
At each stage, we encourage you to ask the questions:
- Is there a more open way to do this?
- What difference will it make (to me, and to others)?
- Are there good reasons for making the open choice or indeed for restricting access to this data?
Reasons why access must be restricted include maintaining confidentiality, protecting individuals’ privacy, non-disclosure of commercially sensitive or valuable data until appropriate protections are in place e.g. patents, respecting consent terms, as well as managing security or other risks. Access must take full account of legal, regulatory and ethical requirements – including applicable data protection laws and relevant codes on research ethics and research integrity.
You will find links to relevant Ulster policy documents on these requirements at the send of this page and if you have any questions, further advice is available from Research & Impact Research Governance.
Sensitive data can be safeguarded by regulating or restricting access to, and use of, the data.
Even if completely open data sharing is not possible, it is still possible to provide controlled or restricted access to your research.
There are a number of ways in which controlled or restricted access to sensitive data may be achieved:
-
Deposit in PURE under an embargo
If you wish to restrict access to your data for commercial reasons (e.g. to apply for a patent), your best option is to deposit in Ulster’s PURE repository under an embargo.
This will ensure that you can deposit the data at convenient point in your research process and have it automatically made public at a future date.
Funders generally encourage commercialisation of research results, but generally impose a limit on how long data can be embargoed for: in most cases the data must be available within 12 months of the end of the project.
For more information, check your funder’s data policy.
-
Obtain specific consent to share in any new studies
Researchers will need to ensure that data sharing is considered from the very beginning of study planning. Making provision for future data sharing a standard component of study design is therefore essential.
Data sharing activities that are an integral part of your research (e.g. data transfer between collaborating groups) can be anticipated and described in the information given to participants, and so can be included within the informed consent process for participation in your study. The information sheet and consent form should be explicit and make specific reference to data sharing. . It cannot be implied by the overall consent to participate in the research. Nor can consent to data sharing be used as an inclusion criterion for the study, as this implies coercion.
What should be sought from the participant is ‘consent to their data being shared with research partners’, with the caveat that it should be shared only for scientific purposes and in accordance with GDPR and the Data Protection Act 2018. The university requires Ulster University’s Privacy Notice to be made available to research participants involved in a research study as this statement clarifies how and why the university holds information and the legal basis on which we can process or use it.
The nature, purpose and destination of participant data sharing that may occur after the research has been completed are not always possible to predict. By definition, therefore, any consent for this secondary use of data cannot be fully ‘informed’. In most cases, the participant should be told that their anonymized data might be shared with third-parties in an aggregated form from which identification will be impossible. See the section below ‘Can I provide access to an existing dataset without explicit consent for sharing?’.
-
Provide a Data Access Statement
If you are making your data available on a restricted basis it can sometimes be difficult for people to discover that the data exists and is available.
Any data set or document made available for sharing should be associated with concise, publicly available and consistently structured discovery metadata, describing not just the data object itself but also how it can be accessed.
This is to maximise its discoverability by both humans and machines. Ulster’s Research Data Management webpages provide Sample Data Access Statements that can be tailored to suit your publication.
-
Share under a Data Sharing Agreement
If you cannot make your data widely available, you may still be able to make bilateral agreements with individual researchers or groups to ensure the data is used in line with the consent obtained.
This will probably involve drawing up a formal data sharing or collaboration agreement. Sinead Hunter, Intellectual Property Manager can help you with more information on data sharing agreements.
-
Use a secure data repository
Some data repositories provide a facility to allow carefully controlled access to sensitive information. These typically require interested researchers to prove their credentials, sign a non-disclosure agreement and analyse data in a dedicated facility without a network connection, taking away only anonymous information or statistics.
One example of this is the UK Data Service, which provides a Secure Lab.
By late 2020, Ulster plans to host a SafePod to provide remote access to research datasets held by Data Centres across the UK.
The SafePod will replicate a traditional safe setting, including a controlled access system, CCTV camera and secure storage areas for IT hardware and equipment. No datasets will be held within the SafePod. Instead a secure connection is provided from a SafePod to a Data Centre for a researcher to view and analyse their project datasets.
Can I provide access to an existing dataset without explicit consent for sharing?
Consent and Anonymity
There is, of course, no question that identifiable information should ever be shared without explicit consent and all datasets must be fully anonymised.
However, aggregate information that cannot be identified as belonging to an individual and cannot be traced back to that person can be shared for research purposes even if their consent to share it is not in place. Fully anonymised data are those from which the original data subject cannot be identified by anyone, including any member of the research team, using either the dataset itself, or any other available dataset or mechanism.
If researchers wish to share identifiable data with a third party and this has not been agreed by the data subject in the original study consent, the researchers must contact the individual concerned and seek and obtain explicit permission to do so.
There may be instances in which sharing even anonymised data without consent is problematic, for example, sharing of datasets based on studies of groups of individuals with rare conditions. In such instances while participants are technically anonymous, they may be identified by knowledgeable individuals. Data sharing in such instances must be reviewed on a case by case basis and if you think your dataset might present such challenges you should contact Research Governance.
Restricted or closed data and Pure
All data associated with published research articles must have a metadata record in PURE
Regardless of the restrictions on the openness of your research data, all published articles should include a data access statement and the dataset must be indexed with a metadata record in PURE and the data restricted appropriately.
PURE has dual controls on the access to datasets and their visibility, ensuring dataset owner(s) using PURE have complete control over who sees their data and has access to it.
An overview of Data Access Levels in PURE is available on the Research Data Management support webpages.