
Data protection, rights and access: Data protection
If your research involves human subjects, you will need to consider both legal and ethical obligations regarding sharing your data. Data protection regards the rights of the individuals whose data is being collected, held, and processed. Individuals have the right to know what data is being held, how it is being used and to correct inaccuracies.
The 1998 Data Protection Act regulates how personal data may be held and processed, and is aimed at organisations but also applies to individuals. (This is a UK Act passed to comply with the European Data Protection Initiative. For countries without data protection law, there may or may not be relevant privacy laws that affect research data, but ethical considerations remain.)
The act provides some exemptions for “personal data that is processed only for research, statistical or historical purposes” among others. If an exemption applies, then (depending on the circumstances) you will be exempt from the requirement:
- to notify the Information Commissioner; and/or
- to grant subject access to personal data; and/or
- to give privacy notices; and/or
- not to disclose personal data to third parties.