Information for all applicants

Before you can start any research project involving human participants, material or data in the College, you have to get approval from the College of Social Sciences Research Ethics Committee (PGR and Staff) or your School’s Ethics Forum (UG and PGT).  They receive research proposals from students and staff of the Schools and College and consider any ethical issues that might arise from the execution of the research.

The following information is provided to ensure that you are aware of possible ethical issues related to your research.

Working with People

The Reviewers want to know that:

  • The safety and wellbeing of research participants is assured,
  • That the applicant is aware of any possible ethical issues in carrying out the research and
  • That steps have been taken to ensure that best practice is followed.

It is very important that people are aware that you respect their confidentiality and that where appropriate, rigorous steps will be taken to preserve anonymity.

Working with children

You must be able to justify involving children in your research. You should familiarise yourself with the relevant legal requirements when you intend to conduct research with children.

Those applicants who intend to work with children in schools must obtain written approval from the Headteacher; Local Education Authority; parent or other person in loco parentis.

The method of informing and obtaining consent from parents to their child’s participation must be clearly explained, agreed with the Headteacher and follow best practice in this regard. You must check and comply with any legal requirements, such as vetting procedures for working with children, before you proceed with the research. You are responsible for checking and complying with such legal requirements.

When consent is given by parents it is still important to try to obtain real consent from the child; assuming the child is old enough to understand this principle.

Older children would normally be expected to give their signed agreement to take part in the same way as adults. Younger children who are capable of understanding, should be made aware that what they are doing is entirely voluntary and that they can refuse to take part if they wish.

Working with potentially vulnerable adults

You must satisfy the reviewers that there is a need to involve potentially vulnerable adults eg. those with severe learning disabilities. You should ensure that you have familiarised yourself with the relevant legal position where it is intended to conduct research with adults who may not be able to give a valid consent to take part in research.

Overseas Data Collection during Coronavirus Pandemic

At present the UK Government advises against all but essential travel. Some exceptions are listed and this should be confirmed before travel arrangements are made. The University Guidance on Coronavirus must be consulted and there is additional information for researchers available at Research Information Management advice.  Detailed guidance on the requirements of the country you are travelling to are available on the UK Government Foreign Travel website and this should be consulted before all travel arrangements are made.

When travelling overseas to conduct data collection, researchers are reminded to consult the advice available on obtaining visas and insurance. Some countries will require a visa or permit if you wish to gather data there. This may be required several weeks in advance of your travel. You may also need to establish contact with an institution such as a university. 

The University of Glasgow Insurance and Risk section can advise on risk assessment and travel arrangements for students and staff travelling for work and study purposes.

Protection of Vulnerable Groups Scheme

The Protection of Vulnerable Groups (Scotland) Act 2007

This came into effect on 28 February 2011 and replaced the previous Disclosure Scotland checking system for individuals who carry out regulated work with children and protected adults. Details of types of work covered by this scheme are available in Regulated Positions (Appendix A) (Word Doc) 

The University is a Registered Body under this legislation. Please consult the University Protection of Vulnerable Groups Scheme webpages:

Disclosure Certification is still appropriate in certain circumstances. Where PVG Scheme membership is not required, but research will involve potentially vulnerable adults or children; Basic, Standard and Enhanced Disclosure Certificates can still be obtained. Please consult the Disclosure Scotland website.

If contact (within the definition of regulated work) with protected groups (children and vulnerable adults) is required for the purposes of the research project then those researchers involved will be required to join the PVG Scheme if no teacher, parent or clinician will be present throughout the contact.

If application is made to Disclosure Scotland for PVG Registration or Disclosure Certification it is vital that details of the research project are provided and that it is made clear that the work to be undertaken is part of a research project and not the main work of the person applying as this may affect the advice given.

If you intend to apply for Disclosure Scotland Certification or to the PVG Scheme, application forms and guidance can be obtained by contacting the College Ethics Administrator

Working with Glasgow University Students

If students within the College of Social Sciences of the University of Glasgow are involved as participants in your research, approval must be obtained from:

  • the Head of the School if students from only one School are involved
  • the Dean of Graduate Studies: Professor Irene-Marie Esser (designated by the Head of College) if students from more than one School in the College are involved
  • If students from more than one College are to be involved, permission must be obtained from the Clerk of Senate. You should refer to the Senate Office Policy on Student Surveys 

If you intend to recruit students via email, permission to contact groups of students should be sought from the University Postmaster by emailing

Normally permission to conduct research with students should be sought after ethical approval is granted.

NHS Research

The College Research Ethics Committee is responsible for scrutinising non-clinical research involving human participants.

Clinical research requires approval from an NHS Research Ethics Committee.

Research involving the following is likely to be classed as clinical:

  • Patients and users of the NHS
  • individuals identified as potential research participants because of their status as relatives or carers of patients and users of the NHS
  • access to data, organs or other bodily material of past and present NHS patients
  • foetal material and IVF involving NHS patients
  • the recently dead in NHS premises
  • the use of, or potential access to, NHS premises or facilities
  • individuals under the care of social or community care professionals, local authorities or prisons

The West of Scotland Research Ethics Service website provides information on the NHS processes.

There are links to decision tools designed to help you decide if your project is classed as research within the NHS. 

This NHS ethical approval tool will help you decide if your project requires NHS ethical approval.

Even if it does not require NHS approval, your project may still require University ethical approval and this should be checked.

Lone working considerations

If you are planning to conduct primary research outside of the normal working environment and without supervision, this constitutes lone study/work and should be carefully planned and risk-assessed. 

Risks including time of day, environment, transport to and from fieldwork, and presence or absence of other people should all be considered. The University has a Lone Study Procedure (pdf) for students and a Lone Worker Procedure (pdf) for staff, which are available to download from the University Health, Safety and Wellbeing website under Policies and Procedures.

Individuals working alone in the community should receive personal safety training including dynamic risk assessment training to support them in recognising potentially risky situations and making decisions in the field.  The Graduate School has a Risk Assessment Form that can be used to inform this preparation, this can be downloaded from: Ethics Forms and Guidance Notes: Staff and PGR.

The essential points to remember are:

  • Individuals working alone in the field should be contactable at all times.
  • A system should be put in place to provide monitoring and emergency support through a mobile phone (ideally not your personal phone).
  • This system should involve informing a third party of your whereabouts (including travel plans) and expected time of completion.
  • When fieldwork or travel has been completed, you should contact the third party to inform them. If the third party has not been contacted before the pre-identified time of completion this should trigger an escalation procedure. 
  • The third party should have contact information for at least two sources, including your personal phone number and the phone number of your partner, family member or friend, whoever is most likely to know about your whereabouts. 
  • Failing to achieve contact would then escalate the matter to your supervisor/line manager, who should also have been made aware of fieldwork plans.  If no contact is made, this nominated individual should alert the police.

Prior to commencing lone-working fieldwork you should also develop a panic procedure.  This should involve setting up a speed dial to a third party which can be used in an emergency situation.  The third party should be briefed on your whereabouts and have agreed a code-word, which will trigger an emergency response.

Recruiting Participants

The doctrine of valid consent operates here:

  • That is, participants should enter into the research freely and willingly and know and understand what they are agreeing to when they take part. 
  • They should be told that they have the right to withdraw from the research at any time.
  • Where the proposed research participant is in a dependent relationship to the researcher (for example where the research participant is a student/school pupil/employee) the researcher must make it clear that a decision to take part or not to take part in the project will in no way affect the individual's relationship with the researcher and the researcher must ensure that this is the case.  
  • This should be clearly demonstrated to the reviewers in the ethics application documents.
  • Wherever possible, anonymity and confidentiality should be maintained. 
  • If the research/experimental design necessitates some deliberate deception then participants should be told the purpose of the experiment and why information was withheld or why they were misled after the experiment is finished.

Electronic Recruiting

On the question of recruiting participants via e-mail and the Web (‘electronic recruiting’) the University Ethics Committee has decided that: 

1. in principle we see no reason to veto this method

2. we anticipate potential problems where the computer network would be overloaded

3. the number of electronic recruiting proposals should be carefully monitored

Electronic recruiting is acceptable within the following limitations:

The GU postmaster must be asked for permission to send e-mails to group addresses. As well as complying with data protection principles this will also provide a means of monitoring the use of email across campus for research of this kind.

If students within the College of Social Sciences of the University of Glasgow are involved as participants in your research, approval must be obtained from the Head of School if students from only one School are involved and the Dean of Graduate Studies: Professor Irene-Marie Esser if students from more than one School in the College are involved.

Normally permission to survey students should be sought after ethical approval is granted.

If staff or students from more than one College are to be surveyed, permission must be obtained from the Clerk of Senate. You should refer to the Senate Office Policy on Student Surveys.

Any mailing to an identifiable group of people (e.g. to all of the students in a School or a class) should be brief and succinctly explain the nature of the research and the criteria for participation.

Clear indication that this is a request for help from a researcher should be given at the beginning of an email and that the reader, if not interested, should ‘hit the delete button’.

If the reader of the email is interested in participating then he or she should be asked to contact the researcher directly (not a group reply), or referred to a Web page where the research information is located.

Under no circumstances should University Office telephone numbers be given as contacts for student research. Under no circumstances should file attachments to group messages be used. The researcher should check that they are complying with data protection principles in the use of personal information. The University Data management support for researchers website provides guidance on data protection legislation and ethics. You can also refer to the guidance on GDPR for working with personal data.

Consent forms

It would normally be expected that proposed research participants would be asked to give their agreement in writing on a consent form. The Participant Information Sheet (or Plain Language Statement) should be separate from the consent form and the reviewers will wish to receive a copy of both.

You should ensure that, before written consent is given;

  • The proposed participant has been given the opportunity of reading the information sheet and asking questions about the research.  For this reason, sufficient time must be provided between the request to take part and the signing of the document.  Participants signatures do not normally need to be witnessed.

In most cases, you will have to supply a consent form.  Sample forms and guidance notes are available on both UG/PGT Forms page and Staff/PGR Forms pageIt is strongly advised you refer to these. There are specific clauses on the further use of collected data and copyright waiver that you should use where appropriate.

Exceptionally, it may be unnecessary or inappropriate to seek written consent although this will need to be clearly justified to the reviewers. For example, in cases where you are handing out questionnaires that do not ask probing questions and it is clear from the front sheet what is going to be asked then a single tick box or clear statement that return of the questionnaire includes consent may be appropriate.

There may be other situations too where the requirement of a signed consent form is inappropriate, perhaps in relation to participant safety in difficult socio-political circumstances.  This should be explained and the reviewers will consider this.

Where, for good reason, written consent is not sought, you must still ensure that you give proposed research participants sufficient time to read the information about the research and ask questions.

Providing information to potential participants

By far the greatest number of amendments that Ethics Committees ask to be made relate to the information that will be given to participants.

You must take time over this aspect as it is essential to explain what you are asking people to do and the possible implications so that they can make a fully informed decision for themselves whether they wish to take part.

You should give the research participant a copy of the Participant Information Sheet (sometimes referred to as Plain Language Statement) to keep.

Sample Participant Information Sheets and guidance notes are available on both UG/PGT Forms page and Staff/PGR Forms page

It is strongly advised you refer to the sample forms and guidance notes as there are some statements that you must include.

You must clearly explain the following in terms that an ordinary person, rather than a specialist in your field, can understand:

  • That you are inviting them to take part in a research project.
  • Who you are – a student/your post in the University and where relevant your experience in conducting research of this kind.
  • That participation in the project is entirely voluntary.
  • If the project is funded (and if so, by whom).
  • If the research is part of a student’s coursework.
  • Nature of: risks (if any) benefits (if any) duration and purpose of the research project.
  • What the participant will be asked to do.
  • Where the research will be carried out.
  • Any risks to the participant’s health and safety and the steps that will be taken to minimise those risks.
  • What the information gathered is intended to be used for including whether it is intended to publish the results.
  • Arrangements concerning confidentiality of and access to information about the research participant.
  • What, if any arrangements are in place for compensation in the event of something going wrong.
  • How the research participant can obtain further information about the project such as by the provision of work contact numbers/email for the researcher.  Home contact numbers should not be given nor should university office numbers be given where the researcher is a student.
  • Who the research participant can contact if they are concerned about any aspect of how the research was conducted.  This would normally be the Convenor of the School/College Ethics Committee, (of the committee which approved the ethics application) whose email address must be provided. 
  • If participation in a research project is likely to be of no direct benefit to the subjects, you should explain this in the Participant Information Sheet.

Research using Non-Standard Human Data (social media, online etc)

The uses of different forms of data including:

  • social media,
  • social networking,
  • online data,
  • ‘big data’

may still require ethical approval and those thinking of conducting research in this area are advised to consult appropriate resources in order to inform their research design and their approach to issues of:

  • privacy,
  • confidentiality,
  • data security and risks of disclosure.

Do I need to use the Non Standard Data Form? (Word doc)

Important: Refer to the Online Information Links provided in Ethics Training Resources to aid researchers in making decisions about the ethical issues and concerns that may need to be addressed and/or mitigated. This list is not exhaustive.

It is the responsibility of the researcher to ensure that they conduct their research in an ethical manner and are aware of relevant legislation designed to protect the privacy of individuals as required under the GDPR.

Guidance should also be sought from the Data Protection & Freedom of Information Office (DPFOI Office) in relation to data management and legal requirements.

Applications for ethical review of non-standard data should use the Protocol for Research with Non Standard Data form available on the Forms and Guidance Notes pages.

If the research is also going to involve more traditional forms of data collection (surveys, interviews, focus groups etc.) then the standard Ethics Application Form should also be used.

Staff/PGR students should apply using the online Research Ethics System. UG/PGT applicants in the School of Education should also use the online Research Ethics System.  UG/PGT applicants in all other Schools should apply via email to their relevant School Ethics Forum.

Management of Personal Data (GDPR)

Management of Personal Data (GDPR)

The General Data Protection Regulation and the UK Data Protection Act 2018 came into effect in May 2018.

Principles.  There are six principles in the GDPR (Summary)

Personal data must be: 

  1. processed lawfully, fairly and in a transparent manner
  2. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
  3. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
  4. accurate and, where necessary, kept up to date
  5. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed
  6. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage

Source: GDPR, Article 5 -

Definition of personal data. The definition of personal data has been widened to include any information that can identify a person; including:

  • Name
  • Identification number
  • Location data
  • It now includes online identifiers such as internet protocol (ip) addresses, cookie identifiers or other identifiers such as radio frequency identification tags. (See Recital 30, GDPR)
  • It now also includes sets of records containing personal data and pseudonymised or key-coded data depending on how easy it is to associate the pseudonym to an individual person
  • Sensitive data such as ethnic origin, religious beliefs, sexual life, is now categorised as special categories of personal data and includes genetic and biometric data used to identify an individual person

Criminal records data is safeguarded separately  ICO Guide to GDPR criminal offence data

High risk/sensitive data.   There are additional requirements in processing sensitive personal data; which is known as special category data. These could be related to an individual’s

  • Race
  • Ethnic origin
  • Political views
  • Religion
  • Trade union membership
  • Genetics
  • Biometrics where these are used for id purposes
  • Health
  • Sex life or sexual orientation

What is 'processing' of personal data?  Processing means any collection, recording, organisation, storage etc. of personal date or sets of personal data.

Lawful basis for use of personal data. Under the GDPR a lawful basis for the use of personal data has to be identified and documented before the data is processed. This is important as the basis for the use of the data affects the individual's rights in relation to that use.

The processing of personal data should be necessary to the purpose given.   Processing of personal data should be done on the basis that: 

  • the individual has given clear consent to the use of their personal data for a specific purpose
  • it is necessary for the performance of a contract with the individual or to take steps to enter into a contract 
  • it is necessary for compliance with a legal obligation
  • it is necessary to protect the vital interests (life) of an individual or another person
  • it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority
  • it is necessary for the purposes of your legitimate interests* or those of a third party, unless there is a good reason to protect the individual’s personal data which overrides those interests.

*These can be commercial interests, individual interests or broader societal benefits. Using this basis for use of personal data carries responsibilities for the individual’s interests, rights and freedoms.

Source: and for more detail see: ICO Guide to the GDPR lawful basis for processing

Lawful basis for processing special categories of data.   You must identify your basis for processing special category data in the same way as other personal data and additionally have a separate further basis:

  • In order to process this kind of data, explicit consent of the data subject is required, unless reliance on consent is prohibited by EU or UK law
  • Processing is necessary for carrying out obligations under employment, social security or social protection law, or a collective agreement
  • Processing is necessary to protect the vital interests of a data subject or another individual where the data subject is physically or legally incapable of giving consent
  • Processing can be carried out by a not-for-profit body with a political, philosophical, religious or trade union aim provided the processing relates only to members or former members (or those who have regular contact with it in connection with those purposes) and provided there is no disclosure to a third party without consent 
  • Processing relates to personal data manifestly made public by the data subject
  • Processing is necessary for the establishment, exercise or defence of legal claims or where courts are acting in their judicial capacity
  • Processing is necessary for reasons of substantial public interest on the basis of Union or Member State law which is proportionate to the aim pursued and which contains appropriate safeguards
  • Processing is necessary for the purposes of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services on the basis of Union or Member State law or a contract with a health professional 
  • Processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of healthcare and of medicinal products or medical devices
  • Processing is necessary for archiving purposes in the public interest, or scientific and historical research 

Consent for use of personal data. Consent means that individuals have choice and control. Genuine consent should put individuals in charge, build trust and engagement, and enhance your reputation.

  • You are required to get specific consent for each type of processing of someone’s personal data 
  • Consent should require a positive affirmative action by the individual such as signing a consent form or ticking a box
  • Consent should not be assumed, i.e. using a pre-checked tick box and requiring an individual to deselect it
  • Consent should be requested in clear, straightforward language that is easily understood and not hidden in terms and conditions
  • Consent should be kept under review and renewed if anything changes
  • Any third party who will use the personal data must be named
  • Consent should not be a precondition of a service
  • It should be clearly stated how an individual can withdraw consent and the process to implement the withdrawal should be in place
  • Consent should be recorded and that record kept. You should keep this evidence for as long as you are still processing based on the consent, so that you can demonstrate your compliance in line with accountability obligations.

Source: and for more detail see: ICO Guide to the GDPR lawful basis for processing/consent

Rights.  There are new responsibilities involved for anyone using any personal data and there are new rights for anyone to be informed of any of their personal information held by organisations.

Rights granted to individuals are:

  • Right to be informed about the collection and use of their personal data
  • Right of access to their personal data
  • Right to correction or erasure of incorrect or outdated data ‘right to be forgotten’
  • Right to consent; this must be clear and cannot be inferred for example by auto-selection of a checkbox on a form
  • Right to restrict processing
  • Right to data portability
  • Right to object
  • Rights in relation to automated decision making and profiling

There is also better protection of children in relation to their sharing of their own personal data online.   ICO Guide to GDPR children: Children and the GDPR

Source: and for more detail see: ICO Guide to the GDPR Individual Rights

Responsibilities.  Data subjects must be made aware of their rights  e.g. via a Privacy Notice; this should be a separate formal Privacy Notice.

  • A general template for a Privacy Notice is available from Privacy Notices and Templates and the College Research Ethics Committee has a template available in Forms and Guidance Notes.
  • Responses to requests for access to what personal data you have relating to an individual by that individual must be provided within one month
  • Documentation must be created and maintained that show your compliance with the principles of the GDPR
  • The least amount of personal data should be held for the purpose you obtained it for; and for the least amount of time required for that purpose

Data Sharing Agreements.  Data sharing contracts should be drawn up when sharing personal data with any third party outwith the University of Glasgow; these are drafted by the Contracts team within Finance; enquiries should be made to the DPFOI Office in the University of Glasgow.

Data Security.  Appropriate and secure storage is a requirement for paper and electronic records.

  • Mobile devices should be encrypted when data is being shared amongst colleagues including laptops and mobile phones
  • Emails should not be copied to multiple recipients using the To line, use Bcc
  • If emailing files that contain personal data, these should be encrypted or password protected.

Guidance is available at:

As of May 2018, the Data Protection Bill was passed in the UK Parliament.

This guidance is ongoing and will be developed as more information specific to research becomes available.

Research Data Retention, Sharing and Storage

Research Data Retention, Sharing and Storage

The University of Glasgow expects staff and student researchers (PGR) to ensure that data of long term value (for example, that which underpins a thesis or publication) is held securely for a period of ten years after the completion of a research project; or for a period specified by the research funder or sponsor.  This requirement exists whether or not students complete their studies. UG and PGT students are not expected to retain data after the end of their project. However, they should do so if they intend to use it to develop further studies.

See the Code of Good Practice in Research (pdf) available from Research: Our Policies

The University details how you can store and share your data on the Data Management Support for Researchers website. Menu items to the left of this page cover creatingorganisingstoring and accessing your data.  The section on Storage and Costs details how this can be done.

Researchers have a duty to ensure that participants are made aware of how their data will be used, stored and shared before they give consent to take part in the research.

There is important information on the IT Services Information Security page that explains how to store and secure your data.

The key areas of responsibility relating to data sharing are in relation to participant confidentiality and informed consent. New responsibilities now apply under the requirements of GDPR and the Data Protection Act 2018.  See the Data Protection and Freedom of Information Office GDPR information.

There are key principles to consider when sharing or archiving research data: 

  • a duty of confidentiality towards informants and participants
  • a duty to protect participants from harm by not disclosing sensitive information
  • a duty to treat participants as intelligent beings, able to make their own decisions
  • how the information participants provide can be used, shared and made public (through informed consent)
  • a duty to inform participants how information and data obtained will be used, processed, shared and disposed of - prior to obtaining consent
  • a duty to wider society to make available resources produced by  researchers with public funds.

Ethical Issues

There is a useful paper on Big data and data sharing: Ethical issues (Libby Bishop Feb 2017) pdf; which we recommend you read if you are working in this field.

Data Management Planning

If you do intend to make your data available to other researchers, you should begin with a Data Management Plan, a template is available from Forms and Guidance Notes page. This should be created during the planning stages of your research project. This should cover all aspects of organising, storing and sharing your data.

Key issues for data management planning in research: 

  1. know your legal, ethical and other obligations regarding research data, towards research participants, colleagues, research funders and institutions
  2. implement good practices in a consistent manner
  3. assign roles and responsibilities to relevant parties in the research
  4. design data management according to the needs and purpose of the research
  5. if necessary, be trained in data management and sharing topics
  6. incorporate data management measures as an integral part of your research cycle
  7. implement and review data management throughout research as part of research progression and review. 

See Data Planning.

See MyGlasgow/datamanagment/looking after your data.

Sharing research is viewed as bringing benefits, it:

  • encourages scientific enquiry and debate
  • promotes innovation and potential new data uses
  • leads to new collaboration between data users and data creators
  • maximises transparency and accountability
  • enables scrutiny of research findings
  • encourages the improvement and validation of research methods
  • reduces the cost of duplicating data collection
  • increases the impact and visibility of research
  • provides credit to the researcher as a research output in its own right
  • provides great resources for education and training.   

See Obligations when sharing data on The UK Data Service is a comprehensive resource funded by the ESRC to support researchers, teachers and policymakers who depend on high-quality social and economic data.

See Why share data? on The UK Data Archive is the lead organisation of the UK Data Service which provides unified access to the largest collection of digital data in the social sciences and humanities in the United Kingdom.

Security-sensitive or extremism-related material

The University of Glasgow is legally required to comply with the duty to prevent people being drawn into terrorism ("the Prevent duty"). Section 26 (1) of the Counter-Terrorism and Security Act 2015. 

The possession or distribution of sensitive material by researchers can be open to misinterpretation by law enforcement authorities and can put academics in danger of arrest and prosecution under counter-terrorism legislation. The University of Glasgow has a guidance document if you think you will be working with prohibited material: see the Security-sensitive or extremism-related research - advice for researchers and research students (pdf).

Online Surveys

If you wish to use an electronic survey tool to conduct your research, the University of Glasgow has an institutional licence for Qualtrics, which has advanced functionality (e.g. randomised treatments). 

Qualtrics is available to all Undergraduate (UG) and Postgraduate Taught (PGT) students, as well as Postgraduate Research (PGR) students and staff with ethical approval for their projects. Qualtrics is recommended as a good, GDPR compliant, high functionality option.

See or contact your school IT officer for information on how to access Qualtrics.


You must familiarise yourself and comply with current legal requirements for storage of and access to data about research participants.  You must consider the method of keeping personal data about research participants and how to anonymise information about them where appropriate. See Management of Personal Data (GDPR) in Information for Applicants.

A duty of confidentiality* exists between researchers and their participants. Confidential information revealed to a researcher can only be disclosed to others if the party has given specific authorisation to do so or the researcher is under a legal obligation to disclose it.

You should note the following requirements:

Researchers shall:

  • Not convey personally identifiable information obtained in the course of research work to others, except with the express permission of the research subject.
  • Not give unrealistic guarantees of confidentiality and anonymity. The University Ethics Committee requires that a statement be provided in participant information to the effect that
    • "Assurances on confidentiality will be strictly adhered to unless evidence of wrongdoing or potential harm is uncovered. In such cases the University may be obliged to contact relevant statutory bodies/agencies, including the Police.”  Alternative suggested wordings are available on the Participant Information Sheet or Plain Language Statement Templates on Forms and Guidance Notes sections.
  • Where possible, anticipate threats to the confidentiality and anonymity of research data.
  • Take appropriate measures to store research data in a secure manner. Researchers should have regard to their obligations under the General Data Protection Regulation May 2018 (Data Protection).
  • Ensure that appropriate methods for preserving the privacy of data are used and allowing participant access to information where this is required.
  • Take care to prevent data being published or released in a form which would permit the actual or potential identification of research participants. In circumstances where it is difficult to protect the anonymity of informants and research participants, they must be informed of this fact before they are asked to take part. If the possibility of publication had not arisen at that time, research participants must be re-contacted and their agreement obtained.

Failure to follow the University’s guidance on ethical conduct of research, including confidentiality may result in disciplinary action.

The above information can be found in more detail in the document ‘Procedures for University Colleges' (pdf) available at: University of Glasgow Ethics home page (Section 9: Statement on Confidentiality)

* See FAQ for What is the difference between confidentiality and anonymity?

Copyright and qualitative research

Copyright is an intellectual property right assigned automatically to the creator that prevents unauthorised copying and publishing of an original work. Copyright applies to research data and plays a role when creating, sharing and re-using data. 

The categorisation of copyright as a 'property' demonstrates that copyright is something which belongs to someone, cannot be taken away without consent and cannot be abused without the possibility of legal action ensuing.

 Under the Copyright, Designs and Patents Act, 1988 copyright applies to:

  • original literary, dramatic, musical or artistic works
  • sound recordings, films, broadcasts or cable programmes
  • the typographical arrangement of publications 


Most research outputs such as spreadsheets, publications, reports and computer programs fall under literary work and are therefore protected by copyright.  Facts, however, cannot be copyrighted.

  • For copyright to apply, the work must be original and fixed in a material form (written or recorded); there is no copyright in ideas or unrecorded speech.
  • For work created during employment, legally the copyright owner is the employer, subject to 'any agreement to the contrary'; in practice many academic institutions assign copyright in research materials and publications to the researchers; researchers should check how their institution assigns copyright. (See Data management support for researchers: Intellectual property rights)
  • Copyright can be transferred by the owner, but only in writing, by means of a transfer document called an assignment.

You should be aware that for data collected by interview that is recorded the researcher holds the copyright for the recordings and any transcripts but the participants are the authors of their own recorded words.  See (Padfield, T (2010) Copyright for archivists and records managers, 4th ed., London: Facet Publishing)

If researchers wish to publish large extracts from an interview, it is advisable to obtain a transfer of copyright (a signed form) from interviewees.

The above is extracted from the UK Data Archive.

The University data management webpages provide information on Intellectual property rights and how these relate to your research. See Intellectual property rights


The University owns Intellectual Property (IP) generated by University staff in the course of or incidental to their employment, including teaching or university materials.  Ownership may, in part, be determined by the terms and conditions of any external funding.

The University waives its rights to ownership of any copyright in scholarly materials, except in relation to any work created by an employee of the University whose job description specifically includes the creation of printed or electronic materials.


The University does not automatically own intellectual property developed by students. 

Students will generally own the IP they develop during the course of their studies unless ownership is governed in some way by a third party agreement.  Examples include research contracts, studentship and funding agreements.

Publishing research

There are ethical issues involved in respect of publishing research.

You must tell the proposed research participant in advance if you have any intention of publishing the results of the project. You must also explain the extent to which if at all, any identifying information about the research participant will appear in the publication.  If identifying information about the research participant is intended to be published, you must obtain and keep specific written agreement to this from the research participant.  

Preferably these issues should be addressed in the Participant Information Sheet and Consent Form that are given out before the research starts.  This will prevent any disappointment if the individual, when asked later, chooses not to agree and therefore reduces the value of the information that can be published.

Payment to research participants

If people taking part in your research are to be offered any payment or incentive to do so over and above appropriate expenses, you must explain this in your application.  Any form of payment or incentive to take part will need to be clearly justified to the reviewers.

Exceptionally, small tokens of appreciation for taking part in research or small prizes may be given, provided they are not deemed to amount to an inappropriate inducement to take part.

Informing participants of results of research

You are encouraged to consider the issue of informing research participants of the results of the research or where they may be able to get access to this information, although research participants may not be able to be given their individual results.  

Taking part in non-clinical research is a voluntary matter requiring good will on the part of the community and it is appropriate for all research participants to be able to receive feedback on research they have been involved in where this is possible.

Useful web links

Research Guidance

Economic and Social Research Council (ESRC)

The British Psychological Society

British Educational Research Association

British Social Policy Association

British Sociological Association

Scottish Educational Research Association

Ethics Guidance

Economic and Social Research Council (ESRC)(Framework for research ethics Jan 2015)

The British Psychological Society (code of human research ethics 2021)

Association of Social Anthropologists

British Criminology Society

Social Research Association 

Association of Internet Researchers

Legal Guidance

Data Protection Act 1988

Information Commissioner’s Office/for organisations/Guide to data protection

Freedom of Information (Scotland) Act 2002

Scottish Information Commissioner/Law/The Freedom of Information (Scotland) Act 2002

Age of Legal Capacity (Scotland) Act 1991

Disclosure Scotland

Copyright, Designs and Patents Act 1988

Data Management

UK Data Archive

The UK Data Service

Travel Advice