There are a number of reasons why you can justify withholding your research data. Withholding data means taking a decision not to openly publish them, even if there are obligations to funders or publishers to openly share the outputs of research.
If you receive a request for research data or information about your research under the Freedom of Information Act or a request for personal information under the Data Protection Act (login to the intranet to view) you should immediately refer the request to: Teresa Kelly - Data Protection Officer.
Research funders with data sharing policies typically require that research data are made as openly available as possible, recognising that there may be legal, ethical or commercial reasons why access to some data may need to be restricted. These restrictions typically apply at all stages of a project so that the research process is not damaged by inappropriate release of data.
Access to research data does not have to be completely open. If there are justified reasons why some research data cannot or should not be made openly available, it may still be possible to share subsets of your data either through use of consent and anonymisation, or by regulating and restricting access to specific users. This should always be considered in preference to a blanket restriction.
Even if data are identified as unsuitable for open access, other data management requirements will still apply. A data management plan should be used to identify and document reasons for withholding data and publications should still include a data access statement. This statement should include reasons why the data are not openly available and, if possible, conditions for access being granted.
The information below provides guidance to help you determine whether you may be justified in withholding your research data from publication. If you are unsure as to whether you could or should make your data openly available, please email the research data team before you publish your data.
Middlesex University recognises that information and the associated processes, systems and networks are valuable assets and that the management of personal data has important implications for individuals. Through its security policies, procedures and structures, the University will facilitate the secure and uninterrupted flow of information, both within the University and in external communications. The University believes that security is an integral part of the information sharing which is essential to academic and corporate endeavour and associated policies are in place to support information security measures throughout the University.
For further information on IT security get in touch with the Project Leader: IT Security (intranet link log in to access).
If you receive a request to access your research data or for information about your research under the Freedom of Information Act, please do not attempt to answer the request yourself but instead contact the Freedom of Information Officer. Please note that the examples below relate to funder policies on data sharing and do not necessarily constitute valid exemptions under the Freedom of Information Act 2000.
Access to data doesn't mean that everything has to either be openly available to the public or completely restricted. There are many types of access control that can be applied to all or part of your data, some of which will still allow you to share your data, but only with specific users under regulated conditions. This should always be considered in preference to a complete restriction on the whole dataset.
Access restrictions can apply to all types of research data and at any stage of a project. It is also possible that access restrictions can change over time. For example, it would be unusual to share any data during the active phase of a project before findings have been published and continued access restrictions may be required to allow time for commercialisation. However, after the end the project and once patent applications have been filed, it may be possible to release the data.
In some cases access restrictions might need to apply to an entire dataset. However, in many cases it is likely that restrictions need only apply to a subset of the data, such as raw data containing personal identifiers, allowing you to openly share the remaining data where access constraints do not apply.
In rare situations it might be necessary to restrict access to both the data and to metadata describing the data. If you think this might apply to your research, please email the research data team who will be able to advise on how best to comply with policy requirements for sharing data.
The type of access that can be applied is not as simple as open or closed. Access to data can be restricted and regulated, allowing you more control over who is granted access to your data and when.
Publicly open access to data would be suitable if there are no justifiable legal, ethical, contractual or commercial constraints on releasing data. This might apply only to final datasets supporting a publication, or to the completed outputs of a project, depending on your funder's requirements for data sharing.
A privileged period of exclusive access is permitted, allowing you time to analyse and publish the results of the data you have created or collected. During a project, and assuming no other constraints apply, you would only need to provide access to the subset of data supporting published findings. This would allow you time to continue to analyse and publish from your wider dataset. However, funder data policies differ on how long this period of exclusive use should last - you may be required to publish all final datasets within a defined period from either the end of project funding or the date of data collection.
Embargoes allow you to delay access to data, during which time access would be completely restricted. Embargoes can be used to ensure that your archived data are not published until the articles based upon them are accepted for publication or published. This might be a condition of publication for some journal publishers. Embargoes can also be used to delay access whilst patents are filed or while research is commercialised. The Policy, Compliance & Legal Support Officer in the Research and Knowledge Transfer Office (log-in to intranet to view) would be able to advise on how long this process might take and how long the embargo would need to be.
Registered access is provided by some data archives, which require potential users to register before they are able to access data files. Registered access allows the data archive to monitor who accesses data, enabling reminders about conditions of use to be issued.
Access upon request might be required for some types of confidential or sensitive data. In order to manage this type of access a named contact is required for the dataset who would be responsible for making decisions about whether access is granted.
Non-disclosure agreements can be used to share confidential or sensitive data with specific individuals for specific purposes and under specific terms. Contact the Policy, Compliance & Legal Support Officer in the Research and Knowledge Transfer Office (log-in to intranet to view) if you require a non-disclosure agreement for your data.
Research data involving human subjects must be handled in accordance with the Data Protection Act 1998. The confidentiality of participants must be maintained and personal data should not be made available to any third party without the explicit, written, informed consent of the person to which it relates. If you are unsure about how data protection might apply to your research data, there is data protection guidance (log-in to intranet to view) available. You can also contact the data protection officer: Teresa Kelly for advice and help with wording consent statements.
Anonymised data should remove both direct and indirect identifiers, so that variables cannot be combined to reveal an individual's identity. This would apply not only to personal data but also to research data about organisations and businesses.
Although consent for sharing only relates to research data containing personal data, it is best practice to seek written informed consent from research participants for data to keep and openly share anonymised data after the project ends. Some external data archives will not accept anonymised data unless informed consent for data retention and publication was obtained.
It is possible to share only a subset of the data, where participants granted consent both to participate in the study and for their data to be retained and shared. This should be made clear in the data access statement and in any accompanying documentation so that potential users understand that the data can be re-used for new analyses, but not for validation of the original findings.
There may be other ethical reasons why data should not be made openly available. Inappropriate release of some types of data might put research participants, the public or vulnerable groups at risk. For example:
In these or similar situations it may still be possible to share other information from the dataset, in which case it should be made clear to future users which variables have been redacted, aggregated or anonymised in the dataset and why.
Please email the research data team for advice if you think that there may be legal or ethical reasons why your data should be withheld.
Before you can openly share research data you need to ensure that you have the right to do so, including ownership rights and conditions of use.
The University's intellectual property policies and guidelines are intended to address both the rights and property aspects of IP generated within the institution.
See Intellectual Property (log-in to intranet to view) for further information.
Where research is funded by an external partner, or where an external partner makes a contribution to a project, the partner may be awarded Intellectual Property Rights in the results, including the research data. This usually means that the results must be kept confidential by the University and only released under a publication protocol. It is recommended that all collaboration agreements should address the basis on which research data will be stored, accessed and published.
If you have re-used any existing datasets that you have obtained from third parties then you need to ensure that you understand and comply with any terms under which the data may be used and shared. These data might include datasets you have downloaded from online repositories or databases, or research data shared by project collaborators.
In some situations, typically for software, you may be required to share any modifications under the same licence as the original data. There are a number of licences with this requirement and common examples include the GNU General Public Licences and the Creative Commons ShareAlike licences.
If you are not permitted to re-share or distribute the third party data directly, your documentation and data access statement should, as far as possible, provide details of where the study data were obtained so that other researchers can obtain or request access to the same data. This is particularly important for publicly available data.
See Copyright (log-in to the intranet to view) for further information.
If your external research partners have provided you with any research data, or if you have collaboratively created new data, conditions for how these data may be used, retained and shared should be set out in any contracts or collaboration agreements covering the research. Please contact the Research and Knowledge Transfer Office (log-in to intranet to view) for further advice.
If your existing research-related agreements include any confidentiality clauses, or if the University owes your external partners any obligations of confidentiality in respect of certain research data, you must ensure that data publication would not breach these.
The need to comply with confidentiality clauses and contractual obligations would be valid justifications for withholding research data. However, it may be possible to share such data with other researchers, subject to non-disclosure agreements. The Research and Knowledge Transfer Office (log-in to intranet to view) should be consulted if you need to set up any research related agreements.
It is recommended that future research-related agreements ensure that publicly funded research involving third parties is planned and executed in such a way that published findings can be scrutinised and, if necessary, validated by others.
We acknowledge the work of the University of Southampton (and the University of Bath) in the development of this guidance.
Access to research data can be restricted to protect commercially sensitive information, either created new or provided by commercial partners. These data might be provided under terms of a collaboration agreement by a third party for use only within a specific research project.
Commercially sensitive information might also include data obtained in interviews with participants employed by external organisations. Written, informed consent would be required before such commercially sensitive data could be made openly available.
In some rare situations it may not be appropriate to seek consent for sharing commercially sensitive data obtained from commercial partners or participants. However, every endeavour should be taken to maximise the potential for data sharing. Please contact the research data team for advice if you think seeking consent would jeopardise your research.
Depending on the terms of your research agreement, instead of completely restricting access it might be possible to make commercially sensitive data available only to certain users, such as bona fide researchers in a research organisation, and for a certain purpose, such as to verify and comment on a publication. In such cases a Non-Disclosure Agreement will be required, which can be set up by the Research and Knowledge Transfer Office (log-in to intranet to view).
In some situations data may not be commercially sensitive but might have commercial potential. These data might eventually be suitable for sharing, but public access can be justifiably delayed to allow time to assess and protect the commercial potential of research. This might involve the use of embargoes while patent applications are filed.
Many project funders encourage the protection of intellectual property rights arising from the research they are funding, but individual funder policies should be consulted prior to using this access restriction. However, not all publishers accept restricted access to protect patent applications. PLOS's data policy is one example and individual journal requirements should be checked to avoid manuscript rejections.
If you think your research might have commercial value, contact the Research and Knowledge Transfer Office (log-in to intranet to view) for advice on commercialisation before you publish the data.