We aim to answer questions such as: How can I meet ethical and legal standards while respecting the epistemological and methodological codes of my discipline? How to respond to the growing demand for data openness without violating the new data protection rules? How do I store my data securely? Can I share everything? What will happen to my data after I retire?
You will find here useful resources that will help you to develop a strategy adapted to your needs, be it for data management planning or its implementation throughout a research project. Much more than an administrative procedure, data management is an opportunity to reflect on fundamental issues related to the production and processing of data, but also on the potential of data beyond the research projects for which they were initially collected.
Data management practices throughout the data life cycle
Private researchers or researchers working on behalf of a federal public body as well as federal public bodies that conduct research themselves (such as the Federal Institutes of Technology) are subject to the Federal Data Protection Act (FADP). Data processing carried out by cantonal public bodies (such as universities, colleges, cantonal and university hospitals, etc.) are subject to cantonal laws – for the canton of Vaud see the Vaudoise Cantonal Personal Data Protection Act (LPrD). In the case of research projects involving collaboration between cantonal and federal public bodies, both laws apply.
In addition to general data protection laws, there are also a number of special laws. These include the Federal Act on Research involving Human Beings (HRA), which contains specific provisions for the protection of personal data related to health.
In Europe, the protection of the data and privacy of any individual residing in the EU is regulated by the General Data Protection Regulation (GDPR). This Regulation applies to all persons, institutions and companies that collect and process personal data from EU residents or send data from Swiss nationals abroad (EU).
Many countries have national data protection regulations. For an overview, you can consult the UNCTAD website.
We also draw your attention to the fact that more and more stakeholders are demanding an ethical compliance certificate from researchers: funders, publishers, research fields, and governments. At the Swiss level, research that falls within the scope of the Federal Act on Research involving Human Beings (HRA) must be submitted to the competent cantonal commission. For projects not subject to the HRA, some universities have specialized commissions.
Currently available FORS guides can be found here.
Anonymization is the most effective measure in terms of data sharing. Indeed, anonymised data are no longer subject to the various data protection acts and ensure optimal protection of research participants. Defined as the definitive removal of information that may potentially identify an individual, total anonymization is, however, difficult to guarantee. For this reason, it is always useful to also seek the informed consent of the participants in a study.
Informed consent is a relevant measure as it allows researchers to obtain permission of research participants to share their personal data. Thus, when complete anonymization is not possible, individuals should be informed of the type of data that researchers wish to share and the potential risks of re-identification (e.g., by crossing indirect identifiers). Once informed, participants can make an informed decision about whether or not their data can be shared. For this reason, we recommend that consent forms always take into account the issue of archiving and future uses of the data. To learn more about informed consent, you can consult our FORS guide:
FORS guide N°5: The informed consent as a legal and ethical basis of research data production
User contracts are a third possible layer of protection. Users who wish to access your data through an established repository, such as FORSbase, must sign a contract by which they commit to respect confidentiality and not to try to identify participants in the research project. If your data still present risks despite obtaining consent and applying anonymisation techniques, you may add yet another layer of protection, such as deciding on the conditions for which your data can be used. You can, for example, decide that your data can only be used for research purposes, or with your prior approval. In some cases, anonymized data would lose their analytical potential, which could justify minimizing anonymization and offsetting the risk through appropriate informed consent and enhanced access control.
• Implementation of DMPs (data management plans)
• Compliance to ethical and legal standards
• Documentation practices
• Informed consent
• Anonymisation methods
• Data security and storage
• File management
• Archiving and sharing
We offer workshops and can also support you with individual consulting on the management of your qualitative or quantitative data. If you need our support, contact us.