All CESS data management policies are designed in consideration of the Data Protection Act of 1998 & 2018. More information on these guidelines can be found at: https://ico.org.uk/for-organisations/. The University of Oxford is the primary data controller for all data generated by CESS. Responsible members of the University and funders may be given access to data for monitoring and/or audit of studies to ensure that CESS is complying with guidelines or as otherwise required by law.
- All signed consent forms and receipts are stored in perpetuity in locked cabinets at CESS facilities that are only accessible by CESS’s experiment and ethics managers and responsible members of the University of Oxford.
- Non-anonymised data is stored on password protected servers that are only accessible by CESS’s experiment and ethics managers and responsible members of the University of Oxford.
- Upon the conclusion of data collection for a study, all data is anonymised wherever possible. This means that all ways that a person’s decisions and data could be linked with their identity are destroyed making it impossible to pair an individual with the data they have provided.
- Anonymised copies of data are stored on CESS’s secure servers and/or on hard drives that are stored in locked cabinets that are only accessible by CESS’s experiment and ethics managers and responsible members of the University of Oxford.
- Online studies are typically conducted via Qualtrics©, an approved data handler under the EU-US Privacy Shield.
- Researchers are only provided with anonymised copies of data from experiments unless explicitly stated otherwise during the consent process. In this case, researchers undertake responsibility for the proper protection of the data as outlined in the agreement attached here.
- In the event of a data breach, the affected parties will be informed immediately and all appropriate forms of recompense will be undertaken.
Some CESS research may be conducted in collaboration with Private Companies, Non-Profit Organizations, or Government Agencies. In this event, CESS enforces the following additional considerations:
- Participants will be made aware of the other parties involved and how their data will be used as part of the collaboration prior to agreeing to participate in the experiment.
- Individual data that a participant provides during an experiment will never be given to a collaborative partner without that participant’s permission.
- The data may be used to create reports and summary statistics and figures that provide aggregate information about behaviour in the study.