If your research project involves human participants, personal data, and/or regulated material and procedures, it will need to be reviewed and approved by an ethics committee before the research begins. The University's internal ethics review process is overseen by the Central University Research Ethics Committee (CUREC) and its subcommittees. For some types of research, review by an external committee such as the NHS Research Ethics Service may be required. The Research Ethics web pages provide further details of the ethical review process.
Any research data relating to human participants will need to be carefully managed. This may include using suitably secure storage (and transferring data securely when it is moved), and putting in place appropriate restrictions on who can access the data: see the Keeping working data safe section for more on this topic. It is also important to ensure participants have full information about how their data will be used - and, of course, that any assurances made are acted upon.
Thought needs to be given to what will happen to the data at the end of the project. It is best to factor this into plans from the beginning: this means that, for example, research participants can be enabled to make a properly informed decision about whether to take part, and where appropriate, consent for further use of data can be sought. If data is to be retained, a suitable home for it (such as a data archive) will need to be identified. Personal data is often not suitable for open sharing for reuse, but it may be possible to provide restricted access, or to share an anonymised, aggregated, or otherwise redacted version of the data. In cases where data cannot be retained and preserved, secure destruction may be needed. See the Post-project data preservation section for more on this topic.
The UK Data Service offers a Research Data Management guide which covers (among other things) ethical issues, data protection, and anonymisation. Please also see CUREC’s Best Practice Guidance, especially BPG 06 (Internet mediated research), BPG 09 (Data collection, protection and management), and BPG 10 (Conducting research interviews).
Your funding body may also provide guidelines on creating, storing, and working with data in such cases.