Researchers should share their research idea with a SHIP research co-ordinator at the earliest opportunity. The research co-ordinator can provide advice about the design of a feasible study and potential sources of data.
When developing your research proposal and considering what data you may require it is important to weigh up the relative benefits to your research of using person-identifiable data, against the obligations that will fall to you if you process identifiable and potentially sensitive personal data under the law. You should ask yourself whether you are asking for data of greater sensitivity than your project strictly requires and therefore elevating the risk category to which your data access request will be assigned without good reason. The obligations that fall to someone processing personal data (which includes using data for research purposes, even when conducted within a Safe Haven) under the Data Protection Act 1998 are set out below. If necessary SHIP’s Research Coordinator will be able to help you refine your research proposal in light of any issues associated with data privacy risks.
When you come to submit your data access request it will need to be accompanied by a project protocol, which clearly specifies the study cohort, aims and methods. It should also carry a date and version number for matching against approvals. The specific data needed to best fulfil the requirements of the protocol should be agreed with the SHIP research co-ordinator. This specification, along with any subsequently amended versions, will be stored in the SHIP Project Management system.
Under the Data Protection Act 1998 (DPA) it is the responsibility of the data controller to comply with the obligations set out in the Act, which are contained in the data protection principles in schedule 1. However, even if you as a researcher are not a data controller but simply a data processor, it is still good practice for you to be aware of and comply with the obligations under the DPA.
The obligations imposed by the DPA are:
For more guidance on the obligations imposed by the DPA, please see the guidance page on the data protection principles and the guidance page on the conditions for processing personal data.
Remember however that these obligations only apply if you are using identifiable data. Therefore if you chose to only make use of anonymised data then you will not have to worry about the provisions of the DPA.