Information Security
We take data security very seriously and adhere fully to MRC and UCL data security policy and procedures. UCL is the Data Controller, and is responsible for ensuring that all data are securely stored, handled and used in accordance with the Data Protection Act 1998. UCL’s data policies and procedures for storing and handling NSHD data have been approved by the NHS Information Governance Framework and are equivalent to MRC policies and procedures. The Director of the NSHD remains the Data Custodian and, on a day to day basis, oversees the way in which the study team looks after study members’ data.
All contact information, such as names, addresses and telephone numbers of study members, is stored on a computer system that is isolated from all other computer systems and is protected by digital access control, full auditing, and other security systems, so that the risk of unauthorised access to this information by anyone is extremely low. This system is also physically locked down and is only accessible by authorised personnel.
Your individual responses to survey questions are stored on a completely separate system that is protected by firewall and other security measures to prevent unauthorised access. These responses are coded with an arbitrary reference number, which means that researchers analysing results never see any contact information. We require members of the research team and our collaborators who are given permission to use any of the anonymised data to sign a memorandum outlining required security practices and procedures. The data are only used for research purposes.
The consent forms are kept locked away in a secure filing cabinet, separate from the secure storage of the questionnaires.