Sharing data (not openly available)
Even if data is identified as unsuitable for open access, other data management requirements will still apply. A data management plan should be used to identify and document reasons for withholding data and publications should still include a data access statement. This statement should include reasons why the data is not openly available and, if possible, conditions for access. For sharing data which is not fully open (ie only metadata record open or fullt closed) a data sharing agreement should be put in place before sharing the data. Contact RDM@napier.ac.uk for assistance with this.
Privileged period of exclusive access: Allows you time to analyse and publish the results of the data you have created or collected. During a project, and assuming no other constraints apply, you would only need to provide access to the subset of data supporting published findings. This would allow you time to continue to analyse and publish from your wider dataset. However, funder data policies differ on how long this period of exclusive use should last - you may be required to publish all final datasets within a defined period from either the end of project funding or the date of data collection.
Embargoes: Allow you to delay access to data, during which time access would be completely restricted. Embargoes can be used to ensure that your archived data is not published until the articles based upon them are accepted for publication or published. This might be a condition of publication for some journal publishers. Embargoes can also be used to delay access whilst patents are filed or while research is commercialised. Head of Business Engagement and IP Commercialisation will be able to advise on how long this process might take and how long the embargo would need to be.
Registered access: Provided by some data archives. This requires potential users to register before they are able to access data files. Registered access allows the data archive to monitor who accesses data, enabling reminders about conditions of use.
Access upon request: Might be required for some types of confidential or sensitive data. The University has a data access panel who will make decsions on sharing sensitive data along with the PI/data custodian. The panel will consider the reason dfor the request and any measures which may need to be put in place to ensure compliance with the various requirements. The panel consists of:
- Head of Research Goverenance – panel chair
- Contracts Officer
- VP Research and Innovation
- Representatives from Governance and Information Services
Contact RDM@napier.ac.uk if you need/want to share sensitive data
Non-disclosure agreements can be used to share confidential or sensitive data with specific individuals for specific purposes and under specific terms. Contact RDM@napier.ac.uk if you require a non-disclosure agreement for your data.
No access: In rare situations it might be necessary to restrict access to both the data and to metadata describing the data. If you think this might apply to your research, please contact RDM@napier.ac.uk who will be able to advise on how best to comply with policy requirements for sharing data.
The information below provides guidance to help you determine whether you may be justified in withholding your research data from publication. If you are unsure as to whether you could or should make your data openly available, please contact the research data team at RDM@napier.ac.uk before you publish your data.
Ethics and Data Protection Considerations
The Edinburgh Napier code of practice around research ethics and integrity can provide more information on ethics and data protection considerations.
Research data involving human subjects must be handled in accordance with the Data Protection Act 2018. The confidentiality of participants must be maintained and personal data should not be made available to any third party without the explicit, written, informed consent of the person to which it relates. If you are unsure about how data protection might apply to your research data, there is data protection guidance available on the new legislation.
New data protection (GDPR)
If you are unsure about how data protection might apply to your research data, there is data protection guidance available on the new legislation. In some situations a data sharing or processing agreement may need to be put in place to comply with GDPR. You can contact email@example.com and/or RDM@napier.ac.uk about any advice in handling your personal research data.
Anonymised data should remove both direct and indirect identifiers, so that information and data cannot be combined to reveal an individual's identity. This applies not only to personal data but also to research data about organisations and businesses.
Although consent for sharing only relates to research data containing personal data, it is best practice to seek written informed consent from research participants to keep and openly share anonymised data after the project ends. Some external data archives will not accept anonymised data unless informed consent for data retention and publication was obtained and demonstrated.
Data subsets: It is possible to share only the subset of the data where participants granted consent (both to participate in the study and for their data to be both retained and shared). This needs to be clear in the data access statement and in any accompanying documentation so that potential users understand that the data can be re-used for new analyses, but not for validation of the original findings.
Other ethical considerations
There may be other ethical reasons why data should not be made openly available. Inappropriate release of some types of data might put research participants, the public or vulnerable groups at risk. For example:
- Domestic energy usage data could be used to determine occupancy patterns in participants' homes.
- Disease statistics might require anonymization to avoid them being used to identify the location of villages in a war zone.
- Spatial data that would reveal the location of an endangered species can be justifiably withheld to protect the species from poachers. This would also apply to the location of rare fossil specimens.
In these or similar situations it may still be possible to share other information from the dataset, in which case it should be made clear to future users which variables have been redacted, aggregated or anonymised in the dataset and why.
Intellectual Property Rights
Before you can openly share research data you need to ensure that you have the right to do so, including ownership rights and conditions of use.
The University's Intellectual Property Policy defines ownership of research data generated by staff, which would normally belong to the University. The policy also covers student IP. Contact the Head of Business Engagement and IP Commerciaistion if you require more information about IP.
External IP: Where research is funded by an external partner, or where an external partner makes a contribution to a project, the partner may be awarded Intellectual Property Rights in the results, including the research data. This usually means that the results must be kept confidential by the University and only released under a publication protocol. It is recommended that all collaboration agreements should address the basis on which research data will be stored, accessed and published.
Third party data
If you have re-used any existing datasets that you have obtained from third parties then you need to ensure that you understand and comply with any terms under which the data may be used and shared. These types of data might include datasets you have downloaded from online repositories or databases, or research data shared by project collaborators.
Sharing modifications: In some situations, typically for software, you may be required to share any modifications under the same licence as the original data.
Documenting restrictions: If you are not permitted to re-share or distribute the third party data directly, your documentation and data access statement should, as far as possible, provide details of where the study data was obtained so that other researchers can obtain or request access to the same data. This is particularly important for publicly available data.
If your external research partners have provided you with any research data, or if you have collaboratively created new data, conditions for how these data may be used, retained or shared should be set out in any contracts or collaboration agreements covering the research.
If your existing research-related agreements include any confidentiality clauses, or if the University owes your external partners any obligations of confidentiality in respect of certain research data, you must ensure that data publication would not breach these.
Non-disclosure agreements: The need to comply with confidentiality clauses and contractual obligations would be valid justifications for withholding research data. However, it may be possible to share such data with other researchers, subject to non-disclosure agreements. The Research & Innovation office should be consulted if you need to set up any research-related agreements.
It is recommended that future research-related agreements ensure that publicly funded research involving third parties is planned and executed in such a way that published findings can be scrutinised and, if necessary, validated by others.
Commercially sensitive data
Access to research data can be restricted to protect commercially sensitive information, either created new or provided by commercial partners. These data might be provided under terms of a collaboration agreement by a third party for use only within a specific research project.
Interview data: Commercially sensitive information might also include data obtained in interviews with participants employed by external organisations. Written, informed consent would be required before such commercially sensitive data could be made openly available.
Inappropriate to seek consent: In some rare situations it may not be appropriate to seek consent for sharing commercially sensitive data obtained from commercial partners or participants. However, every endeavour should be taken to maximise the potential for data sharing. Please contact RDM@napier.ac.uk, for advice if you think seeking consent would jeopardise your research.
Partial access restrictions: Depending on the terms of your research agreement, instead of completely restricting access it might be possible to make commercially sensitive data available only to certain users, such as bona fide researchers in a research organisation, and for a certain purpose, such as to verify and comment on a publication. In such cases a Non-Disclosure Agreement will be required, which can be set up by Research & Innovation Managers.
In some situations data may not be commercially sensitive but might have commercial potential. These data might eventually be suitable for sharing, but public access can be justifiably delayed to allow time to assess and protect the commercial potential of research. This might involve the use of embargoes while patent applications are filed.
Funder Policies: Many project funders encourage the protection of intellectual property rights arising from the research they are funding. Please check you funder policy prior to using this access restriction.
Publisher Policies: Not all publishers accept restricted access to protect patent applications.
Individual journal requirements should be checked to avoid manuscript rejections.
Freedom of Information and Data Protection Act Requests
If you receive a request for research data or information about your research under the Freedom of Information Act or a request for personal information under the Data Protection Act you should immediately refer the request to the appropriate specialist team within the University, which will be able to advise whether the information is exempt from disclosure. DO NOT attempt to answer the request yourself.
Please note that the justifications above relate to funder policies on data sharing and do not necessarily constitute valid exemptions under the Freedom of Information Act 2000.