Confidentially is the cornerstone to respecting participant information and wishes. The confidentiality of all personal information is a matter that the University takes very seriously. It should be noted that, by law, consent is still required from under 18s in the same way as for adults with regard to matters of data protection and confidentiality. However, in accordance with statutory requirements, where child protection issues are involved, it is not possible to offer confidentiality to a person under 18 as any disclosures must be reported.
Personal data about individuals must be collected and used fairly, stored securely and not unlawfully disclosed. The University has adopted data protection principles in relation to collection and retention. Data must:
Not be transferred to a country outside the European Economic Area, unless that country has equivalent levels of protection for personal data
For more on the University’s policies, please see the Data Protection website.
There are some exceptions to the duty of confidentiality. These would be, for example, when the information may be subpoenaed for police investigations or court proceedings; the disclosure of the information may be required 'in the public interest', as defined by the courts; or in cases of suspected child abuse. Failure to disclose in certain instances may result in a criminal offence.
University policy states: Personal data will only be collected in order to meet specific legitimate purposes, and will be retained only for as long as those purposes require it. The University will not ordinarily pass personal information to any third party, save where required by law, statutory obligation or legitimate purpose. Any disclosure of personal data will always be balanced against the rights of the data subject as provided for under the Act.
There are ethical obligations, and in some case legal obligations (for teachers or social workers), for reporting suspected cases of child abuse. Researchers working with children should therefore be familiar with the relevant child protection acts and make consider what actions they would take in the event of a disclosure of abuse.
You should be aware of the different legislation surrounding the sharing of confidential data. Some of the key statutes are:
All of the above right to information acts should be read in connection with the Human Rights Act (1998) (at Schedule I), which enshrines the right to respect for family and private life as detailed in Article 8 of the European Convention on Human Rights:
In addition to the above Acts and Regulations, there is a duty of confidentiality which, although not established by statute, has been developed through case law.
Although it may not seem like it, the consent form can be legally viewed as being a contract. Therefore, if an explicit statement of agreement had been made (which agreement can be also verbal) on the extent of confidentiality (e.g. through the details in the consent form), this may constitute a contract. Onward disclosure of that information is a breach of confidentiality and possibly a breach of contract.
You should therefore be very clear to the participant how their data will be archived and/or shared with others, be they academics, funding bodies or the general public. It may be necessary, depending on the agreement between the participant and the researcher, to anonymise data, the means and methods of which should be explored, agreed and noted. Written, informed consent would be advised.