What types of research are covered by the instructions in this guideline?
The requirements described here apply to all internally and externally financed research at UiO where personal data is processed, in the form of either quantitative or qualitative data. The researcher also follow routines for processing personal data in research projects.
Limitations: Personal data that is processed in medical and health research is not covered by the instructions in this guideline. This type of research has its own routines and guidelines for the processing of personal data.
What privacy responsibilities do deans and heads of departments have when personal data is processed in research projects?
Deans and heads of departments have privacy responsibility for all processing of personal data related to research projects carried out at their units.
This responsibility includes the following tasks:
- ensuring the establishment of routines and guidelines for processing personal data in research projects (if these do not already exist)
- ensuring adequate resources for training project managers and project staff in the routines and guidelines that apply to the processing of personal data in research projects
- controlling that adapted routines and guidelines that apply to the processing of personal data in research projects are followed by project managers and project staff
- assisting in an annual internal control (audit) and local controls performed by the University Director via employees in the IT director's staff; see guidelines for performing annual internal control (in Norwegian).
What privacy responsibilities do project managers have for research participants (informants or respondents)?
Project managers are responsible for the privacy of the participants when personal data about them is processed.
The responsibility of the project managers includes all phases in a research project:
-
When planning/starting up
The planning or start-up phase is the part of the research project that extends from the preparation of the project outline/application until the data collection process begins.
During this phase, the project manager is responsible for the following tasks:
- determine and maintain an overview of what types of personal data shall be processed in the research project
- prepare a consent form to be presented to and signed by respondents or informants
- prepare information to respondents or informants about their privacy rights
- register your research project with SIKT, i.e. the Norwegian Centre for Research Data.
- enter into agreements with any external information providers, such as registry owners or partners at other institutions about how responsibility for personal data is to be distributed and safeguarded. See UiO’s template for data processor agreements.
- ensure that secure technical solutions for the collection, storage, transmission and analysis of research data (personal data) available at UiO are used in the project.
- ensure there is a risk assessment of data security of research data (personal data) not processed using UiO’s technical solutions for the secure collection, storage, transmission and analysis of such data.
- ensure that project staff have satisfactory expertise in