Restricting access to data

There may be legal, ethical, or contractual justifications to withhold access to research data, even if your research funder or publisher expects that the data will be made available as openly as possible. However, it may still be possible to publish and share your data either through the use of consent and anonymisation, or by restricting access to specific users, typically via a data repository. This should always be considered in preference to a blanket restriction. 

A data management plan will help you to identify and document reasons for withholding data. Even if you withhold data, your publications should still include a data access statement providing the reasons why the data are not openly available and, if possible, the conditions that must be met for access to be granted. 

On this page, you’ll find guidance for scenarios in which it may not be suitable to publish and share your data openly, as well as solutions for sharing your data. 

If you receive a request for information about or access to your research under the Freedom of Information Act, please do not attempt to answer the request yourself but refer the request to the Information Compliance Manager at [email protected] (see the Freedom of Information pages).

Personal and sensitive data

Personal data must be handled in accordance with EU (GDPR) and UK (DPA 2018) data protection legislation. Personal data must not be shared with any third party without the valid consent of the person to which it relates. 

Personal data can be shared provided that valid consent has been gained, and provided that the data have been anonymised. Anonymised data should remove both direct identifiers (names, addresses) and indirect identifiers (workplace, age), so that identifiers cannot be combined to reveal an individual’s identity.

Sensitive data should also be anonymised or redacted prior to sharing. Sensitive data might include the locations of endangered plant or animal species, organisational information, and data which might place participants, the public, or vulnerable groups at risk (for example, data about marginalised communities may be vulnerable to malicious use, domestic energy usage data could be used to determine occupancy and vacancy patterns in participants’ homes).

You can find further guidance on anonymising data on our Working with sensitive date page.

Intellectual property and contractual obligations

You must not share your data if you do not have the right to do so, or if this would be in breach of Intellectual Property Rights, your funding contract or collaboration agreement, or a confidentiality clause. However, it may be possible to share such data with other researchers, subject to non-disclosure agreements. For advice on the University’s Intellectual Property policies, guidelines, and processes and for advice on research contracts, contact the Research Development Team at [email protected].

You may not have the right to share third-party data if you are bound by a licence or by conditions of use. See our copyright library guides for further information.

Options for sharing data

There are a number of options for sharing data, which can be achieved securely through a data repository:

  • Open access: data without legal, ethical, or contractual considerations are openly available for download directly from a data repository; this might include datasets supporting a publication.
  • Licensing your data: you can apply a Creative Commons licence to your data to determine how others can use and share your data.
  • Partial publication: in many cases it is likely that restrictions only apply to a subset of the data, such as raw data containing personal identifiers, allowing you to openly share the remaining data where access constraints do not apply.
  • Data embargos: access to the data is delayed for a funder- or publisher-specified period to allow you to complete your analyses or publications, or while patents are filed and the research commercialised.
  • Access restrictions: third party researchers would need to request access to datasets and you decide whether, and how, the data will be accessed (this can be managed through a data repository); this might include personal or sensitive datasets.
  • Metadata only record: you can publish a record of your dataset that includes a description of the data but not the data itself; this might be suitable if your data are physical (artefacts or tissue samples, for example), or if your data are highly sensitive but you need to publish a record of your data to meet funder requirements.
  • Closed data record: this may be suitable if your data are highly sensitive; you can preserve your data securely but restrict access to yourself and your collaborators only.

In rare situations it might be necessary to restrict access to both the data and to the metadata describing the data. If you think this might apply to your research, please email the Research Data Management Officer at [email protected] to discuss complying with funder policy requirements for sharing data.

More information

We acknowledge the work of the University of Southampton (and the University of Bath) in the development of this guidance.

Contact us

For further guidance and support, please contact the Research Data Management Officer at: [email protected].