College of Medical, Veterinary & Life Sciences

Data Retention, Secure Storage and Confidentiality

Researchers should be aware not just of their duty of confidentiality to their participants but also of their legal responsibilities under the Data Protection Act 1998. Further information on data protection legislation and ethics can be found at this site, which also provides researchers with advice on the secure storage of data.

The Ethics Committee will expect researchers to be aware of the distinction between truly anonymised data, which cannot lead to the identification of the participant, and coded data, which can. Research should be planned with this distinction in mind.

The Committee is often asked how long records should be kept. Principle 6 of the Data Protection Act states: "Personal data processed for any purpose shall not be kept longer than is necessary for that purpose." However, the University's Code of Good Practice in Research states: "The University expects data to be securely held for a period of ten years after the completion of a research project, unless otherwise specified by the research funder or sponsor." Further details can be found here.

Please note that assurances on confidentiality must be strictly adhered to unless evidence of wrongdoing is uncovered. In such cases, you must inform the University which may be obliged to contact relevant statutory bodies/agencies, including the Police.