Transfer of Research Data Which Relates to Human Participants Between Principal Investigators

Transfer of Research Data which relates to human participants between Principal Investigators within The University of Sheffield (TUoS): Governing Principles and Procedural Steps

The principles and procedure outlined here have been endorsed by the following University committees and groups:

the University’s Research Ethics Committee – 30th November 201
the University Research Data Management group – 1st December 2015
the University’s Research & Innovation Committee – 10th February 2016

TUoS regards the effective management of the data generated by research projects as an integral part of good research and innovation practice that should meet all legal requirements, University regulations and reach best practice. There are important drivers including assuring research data integrity, enhancing data security, facilitating data sharing, collaboration and re-use and, in the case of research involving human participants, respecting participants’ welfare, dignity and rights.

The principles and procedure presented in this document apply to all researchers who are transferring/planning to transfer research data which relates to human participants and/or personal data to another researcher(s) based within TUoS who was not part of the research project that first obtained the research data. Research data which relates to human participants includes personal data1 and data that is truly anonymous2.

This document is designed to:

facilitate the transfer of research data which relates to human participants within TUoS; and
clarify responsibilities for the management of research data that has been transferred; and
provide sufficient assurance that research data is being managed in adherence to applicable University policies including TUoS’s Good Research and Innovation Practices (GRIP) Policy and Ethics Policy Governing Research Involving Human Participants, Personal Data and Human Tissue, and in adherence with applicable legislation (e.g. the 1998 Data Protection Act).

This document has been endorsed by:

-TUoS’s Research Ethics Committee on 30thNovember 2015.

-TUoS’s Research Data Management Steering Group on 1st December 2015.

This document has been approved by:

-TUoS’s Research and Innovation Committee at its meeting on INSERT DATE TBC

1Personal data:

Data which relates to a living individual who can be identified from those data, or from those data and other information which is in the possession of, or is likely to come into the possession of, the Data controller (Ethics Policy Governing Research Involving Human Participants, Personal Data & Human Tissue, Policy Note no. 1).

Sensitive Personal data is a sub-set of personal data:

The 1998 Data Protection Act defines ‘sensitive personal data’ as including the:

racial or ethnic origin of the data subject;
his or her political opinions;
his or her religious beliefs or other beliefs of a similar nature;
whether he or she is a member of a trade union (within the meaning of the Trade Union and Labour Relations (Consolidation) Act 1992);
his or her physical or mental health or condition;
his or her sexual life;
the commission or alleged commission by him or her of any offence, or
any proceedings for any offence committed or alleged to have been committed by him or her, the disposal of such proceedings, or the sentence of any court in such proceedings.

2Truly anonymous data:

Research data that cannot be traced back to the human participants from whom it was originally obtained.

PRINCIPLES

Principles that govern the transfer of research data (which relates to human participants and/or personal data) between researchers within TUoS:

Terms used:

Original party – Researcher(s) who originally received or obtained research data which relates to human participants and who has subsequently received a request, from another researcher, for use of the research data for secondary research purposes/future studies.

Receiving party - The researcher(s) who wishes to requestthe research data for secondary research purposes/future studies (i.e. makes a request to the original party).

Data controller - means a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are to be processed. This will ordinarily be the person (Principal Investigator) who has received institutional and/or NHS Regional Ethics Committee approval to hold the research data in accordance with the legal and ethical requirements of that specific permission.

Data processor - in relation to personal data, means any person named in the delegation log of the project’s main file, who processes the research data on behalf of the Data controller in accordance with the legal and ethical requirements of that specific permission held by the Data controller.

The Master File is a project’s main file containing a hard copy of all the documentation relating to a research project.

Principles:

In the case of research involving human participants and/or personal data the paramount principle is respect for the participants’ welfare, dignity and rights (e.g. if sharing data for secondary research/future studies would put this principle at risk then the data must not be shared).

TUoS trusts and expects its staff and students to practise research with integrity – practising research with integrity includes:

being rigorous at all times, having respect for all living things, working in ways that are lawful and accountable and complying with applicable legislation, rules & contractual obligations.
respecting the rights of human participants which includes a right to consent to participate, to confidentiality, to security.

All staff and students are obliged to report to TUoS any concerns about potential research misconduct - whether witnessed or where they reasonably believe that this is, has or is likely to occur. Research misconduct occurs where an individual deliberately, dangerously or negligently deviates from accepted practices that TUoS expects to be followed[1].

For prospective research involving human participants and/or personal data it is good practice (as part of the consent process) to seek the consent of the participants for the re-use of research data, that is collected from them, for secondary research purposes/future studies – i.e. so that potential benefits from collecting research data can be maximised.

Truly anonymised data can be transferred for secondary research/future studies if there is no foreseeable harm to the welfare, dignity and rights of the human participants from whom the research data originates. It is good practice to attach to the truly anonymised data being transferred the terms of original consent (in cases where the terms of the original consent can be obtained). Truly anonymised data is research data that cannot be traced back to the human participants from whom it was originally obtained.

Personal datathat is not already in the public domain can only be transferred for secondary research/future studies if all of the following conditions are met in full:

6.1 The receiving party has received independent ethics approval for the use of the secondary research/future study data; and

6.2 The human participants, from whom the research data originates, gave their consent for its re-use in secondary research/future study. Where this is the case the Data controller must provide only the research data that relates to those individual human participants who consented for their data to be used for re-use in secondary research/future studies. A copy of the terms of original consent must be attached to the research data being transferred.

6.3 Upon research data being transferred to the receiving party to undertake secondary research/future studies, the receiving party becomes the Data controller and adopts the associated responsibility whilst maintaining compliance with the original rules and requirements stipulated by the original institutional or NHS Research Ethics Committee approval.

6.4 The receiving party has a research data management (RDM) plan which is consistent with the original terms for publication. The RDM plan should be in the Master File which must be stored and accessible for audit at all times. The Master File must include a delegation log of data processors. The RDM and other research data associated documentation such as data transfer agreements and delegation log should be stored centrally within the departmental Master File and also locally to where research data are stored and/or accessed.

6.5 Research data should be stored in such a way that complete retrospective audit can be carried out if necessary.

6.6 All research data records must be regularly monitored to ensure that they are complete and accurate.

6.7 Research data retention

6.7.1 Research data must be retained and/or disposed of in accordance with the legal and ethical requirements with which it was obtained.

6.7.2 Researchers leaving the establishment, TUoS, that holds the research data, do not have the automatic right to retain that research data (or copies thereof); permission may be refused where personal data is involved unless it is clear that any future use to which that research data may be put will be consistent with the terms under which it was originally obtained.

The conditions listed under 6. Above also apply to sensitive personal data. It is good practice for sensitive personal data to be anonymised if it is to be transferred for secondary research purposes/future studies.

8. The receiving party must clarify the purpose of the proposed research project that would re-use the data in question and must justify the amount of research data being sought to the Data controller.

9. The cost of transferring the research data may be significant and the original party may reasonably expect the receiving party to pay for or contribute towards the cost of transfer.

10. Whilst TUoS encourages the sharing of research data between TUoS’s researchers (subject to not breaching applicable legislation, rules and contractual obligations) the original party has the right to decide not to transfer the research data. There may be additional reasons why the original party decides not to transfer the research data, for example if:

it is not permitted by the terms of original consent and/or by rules and contractual obligations; and
s/he has legitimate concerns that the receiving party's research data management will not comply with applicable legal and ethical requirements.

11. Proportionality of governance arrangements – given the greater level of risk involved with personal data, as opposed to truly anonymised data, governance arrangements for personal data should be commensurately more robust in order to:

protect the welfare, dignity and rights of the human participants who originally gave consent;
enhance data security and reduce the risk of data loss.

12. The type of research data which relates to human participants may require the receiving party to undergo particular professional development if s/he cannot demonstrate to the Data controller that s/he possesses the appropriate expertise for handling that specific type of research data.

PROCESS

Procedural Steps that govern the transfer of research data (which relates to human participants and/or personal data) between researchers within TUoS:

Terms used:

Receiving party - The researcher(s) who wishes to requestthe research data for secondary research purposes/future studies (i.e. makes a request to the original party).

The Master File is a project’s main file containing a hard copy of all the documentation relating to a research project.

Procedural Steps:

1.With respect to research data relating to human participants and/or personal data the receiving party should have sought agreement from the Data controller in the original party, prior to applying for independent ethics approval, for the re-use of the research data for secondary research purposes/future studies.

2. With respect to personal data, prior to the transfer of the research data the receiving party must provide the Data controller in the original party with the following in writing:

Clarification of the purpose of the proposed research project that would use the research data and a justification for the amount of research data being sought;
A copy of the research ethics application form for the research project that aims to re-use the research data;
A copy of the confirmation of independent ethics approval for the research project;
Where applicable, a copy of the NHS R&D approval; and
Sufficient assurance that a research data management (RDM) plan is or will be in place which is consistent with the original terms for publication.

3. With respect to personal data, prior to the transfer of the research data the Data controller in the original party must attach the terms of the original consent to the research data to be transferred.

4. With respect to truly anonymised data, prior to the transfer of research data the receiving party should seek to obtain from the Data controller in the original party the terms of original consent (where this can be obtained).

5. Where appropriate, depending on the volume of research data, prior to the transfer of research data a discussion about the cost of transferring and anonymising the research data is needed and an agreement reached on who pays for the cost of research data transfer and anonymization.

6. Where applicable, the type of research data which relates to human participants may require the receiving party to undergo particular professional development if s/he cannot demonstrate that s/he possesses the appropriate expertise for handling that specific type of research data. The Data controller in the original party has the right not to transfer the research data. There may be additional reasons why the original party decides not to transfer the research data, for example if:

it is not permitted by the terms of original consent and/or by rules and contractual obligations
s/he has legitimate concerns that the receiving party's data management will not comply with legal and ethical requirements.

The lead researchers for the original party and receiving party must both counter-sign a document that evidences their agreement to transfer the research data in question. This counter-signed document must be filed centrally with their Academic Departments as well as locally with project-related documentation.

Useful sources of reference:

TUoS’s Research Data Management webpages:
TUoS’s research data repository Figshare:
TUoS’s Good Research and Innovation Practices (GRIP) Policy and Ethics Policy Governing Research Involving Human Participants, Personal Data and Human Tissue:
TUoS’sPolicy and Procedure for Investigating and Responding to Allegations of Research Misconduct.

[1] This specifically encompasses (but is not restricted to) unacceptable practices as listed in the GRIP Policy. TUoS has in place a Policy and Procedure for Investigating and Responding to Allegations of Research Misconduct: