Additional instructions for planning the management of confidential and personal data
Description
Note: Instructions in Swedish can be found here: https://doi.org/10.5281/zenodo.12566606
Introduction
These instructions offer additional guidance for planning the handling of confidential and personal data, and are to be used alongside the general Finnish DMP guidance. Confidential and personal data may often be referred to as sensitive data.
Note that research organisations provide guidance for researchers on complying with the principles of data protection and information security. Please familiarise yourself with your organisation's data management guidelines and, if needed, contact your home organisation's support services.
We have arranged the instructions under each numbered section of the data management plan (DMP) so that you will first find the guidelines on what to write in each section, then practical Tips for best practices to ease the writing process, and finally some useful Links concerning that specific section.
The data can include both confidential data and personal data. These data types are described below.
Types of confidential data:
· Data that are confidential or secret based on legislation (such as national defense)
· Data that are trade secrets (e.g., innovations that may lead to patents)
· Data that are under a non-disclosure agreement
· Sensitive species data, such as data concerning endangered animals and plants, data related to nature conservation or biosafety
· Data that are confidential by agreement between partners (such as unpublished research data, data from business partners)
· Unpublished research data
Types of personal data (all data from which a person can be identified either directly or indirectly):
· Direct identifiers: These can include a name, phone number, personal identity code, image, audio, fingerprint, dental chart or MRI image.
· Indirect identifiers: Examples of these are gender, age, education, professional status, nationality, location data, career history, system log data, marital status, place of residence or vehicle registration number.
· Special categories of personal data are any data whose disclosure could harm the study subjects. They are related to health, sexual orientation, ethnic background, trade union membership or religious conviction. In the General Data Protection Regulation (GDPR) their processing is heavily regulated.
· In addition, there can be other types of personal data that are sensitive by nature. The parties carrying out the research are responsible for identifying these data, such as information about the use of social welfare services and status as a debtor, among other things.
Note that when handling any kind of personal data, you must acknowledge and address the seven principles of the EU's General Data Protection Regulation in the different sections of your DMP.
Note that there are different levels of confidentiality. For example, there are different categories of personal information (personal data and special categories of personal data), which require different kinds of management. The same applies to all confidential data. Please check your organisation's guidance on information classification and information security.
Links
- Data protection principles (Office of the Data Protection Ombudsman)
- What is personal data? (Finnish Social Science Data Archive)
- Processing of personal data (Office of the Data Protection Ombudsman)
Files
ENG-Confidential_PersonalData_Final.pdf
Additional details
Additional titles
- Translated title (Finnish)
- Lisäohjeet aineistonhallinnan suunnitteluun aineistolle, joka sisältää luottamuksellista tietoa tai henkilötietoa
Related works
- Is version of
- Publication: 10.5281/zenodo.12566606 (DOI)