Duties and formal laws may impact on the use, sharing and release of personal, sensitive or confidential data. However, not all research data gathered from participants are personal or confidential.

Duty of confidentiality

In UK law there exists a 'duty of confidentiality'. Because it was not established by statute, but developed through case law, it is difficult to make clear cut interpretations.

In some circumstances, the law relating to contracts may apply, and researchers should be aware of this. If an explicit statement of agreement has been made on the extent of the confidentiality to be afforded to the provider of the information (e.g. in a consent form), this may constitute a contract.  This need not be in writing. Disclosure of information subject to such a confidentiality agreement would constitute a breach of confidentiality and possibly a breach of contract.

A duty of confidentiality can also arise without an explicit statement of this kind. This applies to information which is not in the public domain. It may be established in situations: where confidential information is passed to the confidant (the receiver of the information); where the information is sensitive, for example medical details; and when it has been supplied in circumstances in which the confidant might reasonably suppose it to be confidential.

Exceptions to the implicit duty of confidentiality occur when:

• the informant has consented to the information being used in specific ways, for agreed purposes, and by certain people
  • researchers who are required to share their data should make clear to participants that information will be shared with other academic researchers under strict terms and conditions, and that anonymisation will be carried out if necessary
  • it is important to demonstrate the agreement on confidentiality by obtaining written consent for the use of the information in the present research and for further sharing

• there is a legal obligation, for example, the information may be subpoenaed by relevant police investigations or court proceedings, or where there is a disclosure of the information made 'in the public interest', as defined by the courts. 
  • there are also ethical obligations on researchers working with children to make provision for the required actions to be taken in cases of disclosure of child abuse (FAQ)

Data Protection Act 1998

The Data Protection Act 1998 applies to personal data only, not to all research or confidential data.

READ MORE ABOUT THE DATA PROTECTION ACT

Freedom of Information Act 2000

The Freedom of Information Act 2000 was established to increase transparency in the public sector. It gives people the right to request access to recorded information held by public sector organisations (including universities), or be informed whether information is held. The Act does not apply to personal data.

READ MORE ABOUT FREEDOM OF INFORMATION

Human Rights Act 1998

Article 8 of the Human Rights Act 1998 enshrines the right to respect for private and family life.

VIEW HUMAN RIGHTS ACT

Statistics and Registration Services Act 2007

The Statistics and Registration Services Act 2007 is mainly concerned with the structure and function of the new UK Statistics Authority and applies only to data designated as Official Statistics. Data access is an express statutory function of the Statistics Authority and the Act defines the legal gateways under which 'personal information' can be disclosed. According to the Act, information identifies a particular person: if the identity of that person is specified in the information, can be deduced from the information, or can be deduced from the information taken together with any other published information.

The Act allows disclosure of personal information to an 'Approved Researcher' i.e. an individual to whom the Statistics Authority has granted access, for the purposes of statistical research, to personal information held by it. The criteria for access require the Statistics Authority to consider whether the individual is a fit and proper person, and the purpose for which access is requested. The Act also states that disclosure of 'personal information' outside of the legal gateways is a criminal offence.

Although the Act does not apply to individual researchers managing confidential research data not designated as Official Statistics, such researchers might wish to adapt the Approved Researcher model for access to confidential data.

VIEW STATISTICS AND REGISTRATION SERVICES ACT

Environmental Information Regulations 2004

The Environmental Information Regulations 2004 give the public access rights to environmental information held by a public authority (including universities) in response to requests (similar to the Freedom of Information Act). Freedom of access does not imply free access. There are circumstances under which requests may or must be refused, for example if the data contain personal information.

READ MORE ABOUT Environmental Information Regulations