Skip to main content

Research Data Service: Legal & Ethical Requirements

We are a university wide resource which supports and promotes best practice in data management.

Legal and Ethical Requirements

This section of the data management plan deals with how to manage personal data, intellectual property rights and how to comply with the relevant UCC policies and national and international legislation. A data management plan captures the processes and technical solutions to managing personal or confidential data however these solutions must reflect the recommendations and requirements of the legal or ethics approval process. 

Legal and ethical advice and approval should be sought from the relevant UCC office or committee where required such as the Technology Transfer Office or the UCC Ethic Committees. Researchers in the area of human health need to take special consideration when gaining consent from the data subject, for new and ongoing projects, a checklist and guidance on the Health Research Regulations 2018 can be found on the Research Support Service website and a decision tree on the HRB website. 

Personal Data

Personal data means any information relating to an identified or identifiable individual as defined by GDPR needs to processed in compliance with the GDPR legislation. In your data management plan you should provide exact detail of how these data will be managed securely and appropriately, this information will also be required when you apply for ethical approval.  Some core security requirements when dealing with personal data include; it should not be stored any longer than necessary and should be anonymised or deleted as soon as practical to do so. Cloud storage is not appropriate for personal data, nor are unencrypted laptops or flashdrives. Once anonymised cloud storage can be used.  When transferring personal data a secure service should be used such as HEAnet Filesender If your data management plan includes provision for sharing of these data once anonymised you should ensure that you obtain consent for this at the outset of data collection from the data subjects. For further guidance consult the UCC Data Protection Policy or relevant UCC Ethics Committee.

Copyright and Intellectual Property Rights

Intellectual Property is intangible property that results from creativity, the UCC Technology Transfer Office considers IP to be patents, copyright, trademarks, designs, domain names, software and code, data, databases,confidential information, trade secrets and know-how, and specialist types of IP protection such as plant breeders rights. In a data management plan ownership of the data needs to be clearly defined. If there is potentially exploitable IP publication and dissemination of the data may be deferred pending a decision on patent protection and exploitation. But these data can be shared once properly protected and any data management can be adapted to reflect these considerations.  If you think that exploitable data may result from your research you should consult the UCC Intellectual Property Policy and the UCC Technology Transfer Office

If you are using using secondary data from a third party data access conditions and re-use license should be describe and complied with in your data management plan. If you are restricted from sharing these data post-project details of this condition should be given and other artifacts of your research should still be made available.