Data Protection
What Is Personal Data?
All data of persons that can be used to identify them must be securely processed following data protection laws. This includes, for example, names, email addresses, pictures, videos, or information on occupation and age - even dance movements can identify people. A special type of personal data that needs extra precautions are called "sensitive data". Which data is classified as sensitive is conclusively defined in the Data Protection Act.
| Sensitive data |
|---|
|
Publishing Personal Data
Just like any other data, personal and sensitive data can be stored, (collaboratively) edited and shared. Which aspects need to be considered depends on the stage of the research process.
At the beginning of the research process
At the End of the Research Process
In order to publish the data, participants must have given their consent to do so. Data can be then published in anonymized form (depending on the informed consent) and made available via restricted access. Additionally, you can also regulate with a license how the data can be reused.
Anonymize and Pseudonymize Data
In order to share personal or sensitive data publicly, you must anonymize or pseudonymize it. Anonymized data do not count as personal data and can be shared openly. In contrast to pseudonymized data they are no longer subject to data protection laws.
Anonymize
Personal or sensitive information is aggregated, regrouped, or deleted in such a way that no one can re-identify individuals in the data without a great deal of additional effort.
Pseudonymize
Personal or sensitive information is aggregated, regrouped, or deleted in such a way that the people behind the data can no longer be identified. However, with the help of the key, the original data can be restored.
Tools for automatic anonymization
- QualiAnon (qualitative data, German only)
- ARX Data Anonymization Tool (quantitative data)
- Amnesia by OpenAIRE (quantitative data)
- SDC with SDCmicro in R (quantitative data)
Share Metadata Instead of Data
If you can't share your data for ethical, legal, or technical reasons, you still have the option to share the associated metadata or data documentation. This way, the dataset itself is not public, but the information that it exists is.
Services and Support at UZH
Research Involving Human Beings, Animals and Genetic Resources
More on legal and ethical guidelines
Legal Services and Data Protection at UZH
The Data Protection Office of the University of Zurich offers a first overview of important topics concerning the handling of sensitive data (e.g. a glossary and a template for informed consent).
Data protection in research projects
With the Self-Assessment Tool of the Data Protection Office at the UZH, you can quickly gain an overview of whether you work with personal data at all in your project, where you need to take a closer look, and whether you need to submit an application to an ethics committee.
To the Self-Assessment Tool Data Protection DESAT
Technical Aspects
Do you have technical questions about handling personal data? Would you like to store your data securely?
UZH does not currently have its own service for securely storing sensitive data. However, it does offer financial subsidies for the use of external services: Secure Computing
If you have any questions, please contact the IT responsible person at your institute or get directly in touch with ScienceIT.
Ethics Commissions
Are you unsure whether your study is ethically sound? You can find procedures for the ethical evaluation of research projects with the relevant UZH faculty.
Ethics Commissions by Faculty (bottom of the page)