Policy and Guidence on the Deposition of Personal, Confidential and Sensitive Data


Created Date:30 July 2010
Last Updated:10th July 2019
Review Due:July 2020 (unless significant change)
Maintained By:Collections Development Manager
Version:4

Policy

Archaeological and Historic Environment archives may sometimes include personal, confidential and sensitive data which may also provide valuable historiographical or contextual information for understanding the context of data collection and, more broadly, for the history of Archaeology and the Heritage Environment.

The ADS wishes to preserve such data, and to make it available for research, learning and teaching. At the same time it recognises that this may raise issues of confidentiality and privacy covered by institutional ethics policies, and that data may fall within the scope of the General Data Protection Regulation (GDPR), the UK Data Protection Act 2018 and other legislation.

Most data, however, can be shared ethically and legally if depositors employ strategies of informed consent and anonymisation. The ADS will accept personal, confidential and sensitive data for deposit and immediate dissemination when it is fully anonymised and/or when it is accompanied with written informed consent.

Depositors are expected to maintain high ethical standards and comply with all relevant legislation. Depositors must also sign an ADS Deposit Licence before any data is accessioned into the ADS archive. In the ADS Deposit Licence the responsibility for ensuring that all fair processing notices have been given (and/or, as applicable, consents obtained) and that the data collection does not and will not contravene any laws is the depositors. It is also the responsibility of the depositor to notify the ADS of any confidentiality, privacy or data protection issues pertaining to the data collection.

N.B. All data deposited with the ADS is held on servers at institutions based in the UK.

Data Embargos:

In some scenarios the depositor, realising the long-term value of sensitive data, may wish to embargo its public release for a period of time. This may mean that an anonymised version of the data is made immediately available, but the release of the original version is embargoed for a period of time. The ADS will accept the deposit of such data only where the conditions associated with the embargo are agreed at the time of deposit.

Guidelines

What do we mean by 'Personal, Confidential and Sensitive Personal Data'?

Personal Data

Personal data are defined as any information relating to natural persons who can be identified or who are identifiable, directly from the information in question; or who can be indirectly identified from that information in combination with other information. If data are fully anonymised and an individual is no longer identifiable then the data no longer constitutes personal data. Visit the UK Information Commissioner's Office's Guide to the General Data Protection Regulation to find out more about how the GDPR applies in the UK as enforced by the Data Protection Act 2018.

Confidential Data

In the UK there is a ‘duty of confidentiality’ that is based in common law. Confidential data are data that are:

  • given in confidence, or have been agreed to be kept confidential between two parties, this need not be in writing,
  • conditioned by factors such as ethical guidelines, legal requirements or research-specific consent agreements,
  • not already in the public domain.

Sensitive Personal Data

Under the GDPR sensitive personal data is a specific set of “special categories” that must be treated with extra security. These include data consisting of racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, information about criminal convictions, data concerning health or data concerning a natural person's sex life or sexual orientation. Data relating to living individuals therefore fall within the terms of the GDPR and provision for deposition and archiving would require anonymisation, consent procedures or removal from the archive. Visit the UK Information Commissioner's Office's Guide to the General Data Protection Regulation to find out more about how the GDPR applies in the UK as tailored by the Data Protection Act 2018.

Sensitive Historic Environment Data

Sensitive data in the historic environment sector may also relate to research data that can be considered sensitive for a number of ethical or legal reasons specific to the historic environment sector. For example the location of an archeological site or find spot could be considered sensitive data if public knowledge of the location could pose a risk to the site.

Examples

Within archaeology confidential, sensitive and personal (digital) data may include, but is not limited to:

  • Oral history and personal interviews, either transcripts or audio recordings;
  • Financial data especially where costs can be attributed to an individual or commercial company;
  • Records pertaining to staff i.e. performance reviews, records of interviews and job applications and other personnel data;
  • Personal correspondence, including emails;
  • Aspects of excavation 'site diaries' where individual archaeologists may be identified;
  • Skeletal or other burial data which can be linked to named individuals.

Legislation

Legislation in the UK that may impact on the sharing of personal, confidential and sensitive data include, but is not limited to:

Planning for Data Sharing

Personal, confidential and sensitive data can be shared ethically and legally if researchers pay attention, from the planning stages of research, to three important aspects:

  • when gaining informed consent, include consent for data sharing
  • where needed, protect people's identities by anonymising data
  • consider access restrictions to data

These measures should be considered jointly and never in isolation. The same measures form part of good research practice and data management, even if data sharing is not envisioned.

Informed Consent

Informed consent is an ethical requirement for most research and must be considered and implemented throughout the research lifecycle. It is essential that gaining consent takes into account any future uses, such as sharing, long-term preservation and re-use of data.

Researchers should inform participants of:

  • the funding source, sponsoring institution, name of project, contact details for researchers,
  • the purpose of the research,
  • what is involved in participating,
  • the benefits and risks of participating,
  • the procedures for withdrawal,
  • how the data will be used during research, dissemination, and publishing,
  • how the data data will be stored, preserved and used in the long-term,
  • the strategies for assuring ethical use of the data: procedures for safeguarding personal information, maintaining confidentiality and anonymising data, especially in relation to data archiving and r-euse,
  • who will hold copyright for the data,
  • how to file a complaint.

Consent must be tailored for the specific research context, the nature of the data and the planned uses of the data. To ensure that consent is informed, consent must be freely given with sufficient information provided on all aspects of participation and data use. There must be active communication between the parties. Consent can not be inferred from a non-response to a communication such as a email or letter.

Written or Verbal Consent?

Whether informed consent is obtained in writing through a detailed consent form, by means of an informative statement, or verbally, depends on the nature of the research, the kind of data gathered, the data format and how the data will be used.

  • Written consent should be gained wherever possible to ensure that information is being collected and provided in a consistent and uniform way. It may also serve to protect both researchers and participants should any form of dispute arise. Written consent documentation typically includes an information sheet and consent form signed by the participant.
  • For surveys or informal interviews, where no personal data are gathered, obtaining written consent may not be required. At a minimum an information sheet should be provided to participants detailing the nature and scope of the study, the identity of the researcher(s) and what will happen to the data collected (including any data sharing).
  • If data are collected verbally through audio or video recordings, verbal consent agreements can be recorded together with the data.
  • For audio-visual data where the identity of people may be disclosed from the data, it may be important that informed consent is obtained to use the data unaltered for research purposes, sharing and preservation. Voice alteration or image blurring are usually labour and cost intensive and decrease the research potential of data.
  • For the deposit of images of children under the age of 16, consent for these images to be disseminated on line must be obtained from a parent or guardian.

One-off or Process Consent?

Discussing and obtaining consent for participation in research, the use of the information gathered for analyses, publications and outputs, and data sharing beyond the research can be a one-off occurrence or an ongoing process. One-off consent is simple, practical, avoids repeated requests to participants, and meets the formal requirements of most Research Ethics Committees. However, it may place too much emphasis on 'ticking boxes'. If consent is considered throughout the research process, it assures active informed consent from participants. Thus, consent for participation in research, for data use and for data sharing can be considered at different stages of the research, giving participants a clearer view of what participating in the research involves and what the data to be shared consist of. It may, however, be too repetitive and annoying for some participants.

Retrospective consent for re-use of data can also be sought after their research contribution is complete. However if a participant cannot be traced, the status of publishing or sharing the collected data may be uncertain.

Withdrawing consent

What happens to already collected research data when a participant wishes to withdraw from research needs to be considered on a case-by-case basis, but it is best if researchers consider this in advance and provide information about this in the information sheet and consent form. Much depends on the state of processing or anonymity of the data, which may determine whether it is actually feasible to remove an individual's data.

Researchers should consider the following options when dealing with participants wishing to withdraw consent:

  • If a participant requests retroactive withdrawal of all their contributed data, seek a meeting to explain to the participant the costs of this to the project
  • Discuss whether some of the data could be kept / used, for example if data can be completely anonymised
  • The ethical duty to the participant and the risk to a project for loss of goodwill can offset any possible gain by retaining the data

Example Consent forms

The UK Data Service has a series of exemplar consent forms available on there website.

Anonymisation

Anonymisation is a tool that allows data to be shared, whilst preserving privacy. The process of anonymising data requires that identifiers are changed in some way such as being removed, substituted, distorted, generalised or aggregated.

A person's identity can be disclosed from:

  • Direct identifiers such as names, postcode information or pictures
  • Indirect identifiers which, when linked with other available information, could identify someone.

Anonymising research data is best planned early in the research to help reduce anonymisation costs, and should be considered alongside obtaining informed consent for data sharing or imposing access restrictions. Personal data should never be disclosed from research information, unless a participant has given consent to do so, ideally in writing.

Sensitive Data and Human Remains

The Data Protection Act also defines personal data as data relating to living individuals. Therefore archives containing medical information about deceased individuals are not covered by the scope of the Act. Nonetheless, the excavation of human remains is subject to both legal and ethical considerations. Under English law a Ministry of Justice licence is required prior to the disinterment of any human remains, as well as a statutory Church Faculty covering works within churches in use and the reinterment in consecrated ground of any human remains which are disturbed. The ethics of disturbing human remains, whether accidentally or by design, is an essential issue for the archaeologist to tackle. One must consider not only the attitudes of contemporary society, but those of the relatives of the deceased and those of the excavators themselves. It is inappropriate for the archaeologist to treat human remains simply as 'artefacts', regardless of her or his own views. The inherent difficulty of fully empathising with everyone else's ideas and beliefs (in the past and the present) makes it necessary that a balanced respectful attitude is taken to the treatment of human remains. The terms of the Home Office licence dictate that the removal should be conducted "with due care and attention to decency". This same criterion should be extended to decisions about publication, archive and online dissemination of information (for example images of coffin plates) pertaining to human remains.

Embargo Periods

When dealing with the archiving of digital data it is important that the data is archived (accessioned and ingested) at the point of deposit. This is to ensure that the data is in the correct format and accompanied by the appropriate documentation to ensure long term preservation and sustainability. This does not mean that the data would be automatically accessible to the public. It may be deemed appropriate to establish an embargo period during which the data will be secured in an archive, but not accessible to the public. The length of the agreed embargo period will depend on the sensitivities involved. For example ongoing research activities may require an embargo being imposed on early results, and embargo periods for relatively short periods of time can be arranged at the point of data deposit. ADS will normally agree to embargo periods of up to 2 years for research purposes, or up to 5 years to maximize commercial exploitation of print publications. But in some cases the sensitivity associated with the data may pertain to personal data; in such cases embargoes of up to 70 years can be arranged, but each case will be assessed against the ‘exemptions from disclosure’ set out under the terms of the Freedom of Information Act 2000.

Research Ethics Committees and Data Sharing

There is a potential tension between data sharing and data protection. Data archives work to increase availability of, and access to, research data, while the primary purpose of Research Ethics Committees (RECs) is to ensure ethical conduct in research and to protect the safety, rights and well being of research participants. The need to protect personal data and preserve confidentiality - where explicitly required - cannot be overstated. This does not mean, however, that all research data obtained from research with people should be kept confidential, cannot be shared or, worse even, are destroyed. It is important to distinguish between personal or sensitive data collected in research, and research data in general. Personal data should not be disclosed, unless consent has been given for disclosure. Identifiable information may be excluded from data sharing. A REC should, however, not object to the sharing of research data in general. If research data contain sensitive or confidential information, then the sharing of such data must be considered carefully, but should not be dismissed as being impossible.

Acknowledgements

This guidance is based on 'Managing and Sharing Data: a best practice guide for researchers' by the UK Data Archive, University of Essex 2009. Thanks to the UKDA for permission to re-use their guidance.

Further information

G Duncan and L Stokes (2009) 'Data masking for disclosure limitation' in Wiley Interdisciplinary Reviews: Computational Statistics, Volume 1, No. 1, p83-92 at https://doi.org/10.1002/wics.3.

UK Data Archive (2009) 'Managing and Sharing Data: a best practice guide for researchers', University of Essex.