BootcampSD: Can sensitive data be shared?

Can sensitive data be shared?
Section 3 of 10


Publishers and research funders increasingly require researchers to find a way to provide access to their research data, even if that data initially includes personal or sensitive information. In many cases, if sensitive data is effectively anonymised or modified, it will be suitable for publication.

Two broad options exist in the sharing of sensitive data after any modification has taken place, depending on the level of risk remaining: Where there is negligible risk of identification and appropriate consent is in place (e.g. participant consent or permission from a commercial partner), data may be made openly available either in whole or in part online, along with a metadata record, allowing others to discover, use and then cite the data.

Where some risk remains, or explicit consent is not in place, data may be made available via a form of controlled access. A publicly available means of alerting potential re-users to the existence of the data is still required; this is often done via the open publication of a metadata record providing potential re-users with information about the nature of the dataset and how to apply for access. When depositing data in any data repository, it is important to establish whether the process of granting access is managed by you, as the data creator, or by the repository.

Where controlled access is necessary, a data repository should be used that ensures data re-users are genuine researchers and that they agree to certain conditions of access. Potential data re-users are typically required to:

  • Register and provide contact details
  • Provide information about how they will use, store and manage the data if granted access
  • Provide information about how they will destroy data or return data to a repository after a specified period
  • Meet other conditions, including any specified in the consent forms and information sheets agreed to by research participants
  • Question: Which of the following would be valid reasons for some form of restricted access to data?

    1. The research participants were not asked explicitly whether they would consent for their anonymised data to be shared.

    2. I do not want others to use my anonymised dataset in case they scoop my ideas, so I only want access granted to researchers I approve.

    3. I have modified my datasets as well as I can, but I am still concerned enough information may be provided for others to identify the species observed, particularly if combined with other datasets.