Data management and protection
Good data protection management means having effective processes and methodologies in place to maintain data integrity.
Here are some useful links to more specific information:
- Data Management
- Records Retention Schedule
- Security of Voice Recordings
- Disposing of Personal Data
- Loss or theft of personal data
Freedom of Information (FoI) requests legally compel public organisations to produce the information that is asked for in the request, if it falls within the legal criteria for such requests. Answering a FoI request may involve considerable resources if the information cannot easily be extracted from an organisation’s IT systems, or has not already been collated for other purposes. Organisations receiving FoI requests for information for research purposes are therefore likely to see this as a particularly aggressive form of data collection, and qualitatively different from a standard request concerning whether they are able to provide information that is important for a research project.
Using an FoI request to obtain information for the purposes of research should only be used under the following circumstances:
The information cannot be obtained via more usual and less aggressive means.
The research justifies the time and cost to the organisation(s) approached (e.g. we would not expect an undergraduate dissertation to justify this)
The potential future cost to any current or future relationship between the University and the organisation(s) has been considered.
For detailed information about Intellectual Property at the University of Manchester please click here.
Requirements for the recording and storage of research data and material will vary by discipline. Researchers should always adhere to guidance provided by funding bodies, professional guidance where available, any principles set out at school or faculty level as well as the University's requirements as outlined below and in its Records Management Policy.
Researchers should keep clear and accurate records of their research including the procedures followed, approvals granted during the research process, sources used and results obtained (including interim results). This is necessary, not only as a means of demonstrating proper research practice, but also in case questions are subsequently asked about either the conduct of the research or the results obtained. When recording data, consideration should be given to requirements of anonymity and confidentiality where appropriate and local/professional guidelines followed.
Depending on the nature of the research activity, for example where there is potential for intellectual property to be generated, the supervisor/principle investigator should review the main written record of research evidence, countersign and date it on a regular basis to signify that the entered data are accurate and complete. This practice not only assists the protection of intellectual property but also helps safeguard researchers against allegations of research misconduct and assures auditors and sponsors that robust academic supervision is in place.
Records of a research project are the property of the parent school and should reside with the research unit in which they were generated. Individual researchers should be able to hold copies of appropriate materials for their own use, but in order to protect the individual against loss or allegations of research misconduct, primary data in hard format (ie in a laboratory book) should be kept securely within the University. The project leader/principal investigator/supervisor should have access to the data at all times. University staff and students are not permitted to remove such records when leaving the University without obtaining permission from their head of school in writing.
Data should be stored in a way that permits a complete retrospective audit if necessary. Unless ethical/professional/local or funding body guidance requires otherwise, research results should be archived in a durable form that is immune to subsequent tampering and falsification for a minimum period of 5 years after the date of any publication which is based upon it. It is recommended good practice that evidence for research based on clinical samples or relating to public health should be retained for 15 to 20 years.
If you are conducting research in a country outside of the UK, you need to familiarise yourself with the relevant data protection laws of that country. Although these are subject to change, you can find general information about this by visiting https://www.dlapiperdataprotection.com/
Any queries in relation to the data protection laws of individual countries, including whether any special provisions will be needed regarding your research project should be directed to the Information Governance Office. Additional guidance and support on data protection can be found by visiting the Information Governance StaffNet pages.