SREC handling and security policy is that no raw, or potentially disclosive data can be printed, written in hard copy or written to removable media or laptops (with the exception of those with secure encrypted discs and subject to point 6, below).
SREC handling and security policy is that such data cannot be shared internally via email. Users can only access the data via the corporate SharePoint or Novell systems which only permit access to those authorised to do so.
Data will not be shared with staff external to AHSS unless they have specific approval from the data supplier and/or explicit ethical consent to do so from research participants and/or data managers where relevant. At times when there is such a requirement to share data with other collaborating institutions or funders the transfer of data will be through encrypted email or via 64 bit encrypted point to point file sharing. If data is to be transferred or matched then specific informed consent must be sought for this at the point of data collection.
In the course of producing summary tables or other outputs for reports, publication or dissertations care shall be taken to ensure small cells cannot indirectly identify individuals, in particular:
- Tables must not report numbers or percentages based on only one or two cases. Cells based on one or two cases should be combined with other cells or when not appropriate, reported as zero. As a general rule then cells containing less than 10 cases should be considered potentially disclosive. Particularly if combined with data presented elsewhere in reports/assignments/dissertations. Careful advice should be sought about this from senior staff who are NILS or ESRC Safe Researcher trained/supervisors/the Ethics Committee.
- Tables and other outputs must not be published in a form where the level of geography would threaten the confidentiality of the data.
- It is strongly recommended that staff and students attend one of the ‘Safe Researcher’ training courses run by the Northern Ireland Longitudinal Study or ESRC if they are handling data that is potentially disclosive.
The above policy supplements the QUB policies on safe data use and storage. These can be found at http://www.qub.ac.uk/directorates/InformationServices/Services/Security/ . All staff and students should be familiar with these policies.
If you have any specific queries in relation to data protection or information governance more generally, please contact the Information Compliance Unit for advice. If you have any specific queries in relation to information security, please contact the IT service desk.