Frequently Asked Questions

Adding personal details to your account

At the right of the top bar in your account there is a drop down menu which shows your email address and your user name. Select 'Personal Details' under this menu.

Forgotten Password

If you forget your password, click the ‘Forgotten Password’ box on the log-in page. You will see a dialogue asking you to enter your email address. Make sure you use your University email address used to set up the account. You will receive an email containing a link that will allow you to add a new password. Create your new password and then click ‘Reset Password’. This change will then be confirmed.

Change Password

At the right of the top bar in your account there is a drop down menu which shows your email address and your user name. Select 'Change Password' under this menu.

Overview of account navigation: Work Area

Your account allows you to create and submit an application for research ethics review and then manage any actions required once the application has been reviewed. Everything you may need to do with an application can be managed within your account online, but you will also receive email notifications referring to your application. Links within email notifications will provide direct access back to your account and the application that you have submitted. You can submit and manage multiple applications in your account and use folders to manage them if you have multiple applications. The main page of your account is arranged in what is called the ‘WORK AREA’.

Account Navigation: Left Sidebar

The left-hand Sidebar contains various buttons to take actions. ‘Create Project’ to make an application. ‘Delete Project’ to remove a project application; ‘Add Folder’ to create a folder to organise projects/applications; ‘Delete Folder’ to remove a folder; ‘Duplicate’ to make a copy of a project/application; ‘Transfer’ to send the project/application to another user and to relinquish all rights to the project if you will no longer be working on the project.

Account Navigation: Tiles

‘Notifications’ Tile shows when you have been sent notifications about your application(s) and will tell you how many notifications have been received. 'Shared’ Tile will show project/applications shared with another person: for students this will normally be their supervisor; for staff, this will show projects on which you have collaborated with other users. ‘Signatures’ is used for supervisors who have received signature requests from their students. This tile WILL NOT show signature requests made by a student applicant in their account, this information is shown inside an application itself. 'Transfers' tile will show projects that have been completely transferred to anothe user. Such projects can no longer be used by the original account. Projects which have been transferred to your account will show here.

NotificationsTile

‘Notifications’ Tile shows when you have been sent notifications about your application(s) and will tell you how many notifications have been received. Clicking the tile will take you to a list of all your notifications.

Signature Tile

‘Signatures’ is used by supervisors who have received signature requests from their students. Clicking this tile will take you to a list of both pending and confirmed signatures. This tile WILL NOT show signature requests made by a student applicant in a student applicant account, this information is shown inside an application itself under the 'Signatures' tab.

Shared Tile

'Shared’ Tile will show project/applications shared with another person: for students this will normally be their supervisor; for staff, this will show projects on which you have collaborated with other users.

Transfer Tile

'Transfers' tile will show projects that have been completely transferred to anothe user. Such projects can no longer be used by the original account. Projects which have been transferred to your account will show here.

Navigation inside an application form

The application form consists of a series of questions over of number of web screens. The number of questions that you will be required to answer depends on how you respond to each question. Some questions pages are short consisting of only a single question. Other pages may have multiple questions. Screen pages may increase in length as other questions appear below as you answer the first questions. Guidance on some questions is provided if there is an ‘i’ in a circle to the top right of the question: clicking on this symbol will bring up a pop-up box with help for that question. Make sure that you always scroll down to the bottom of each page. When you reach the bottom of each web page, use the ‘Next’ button located at the top of the left hand sidebar to progress to the next page of questions. To back to the previous page of questions, use the ‘Previous’ button. To return to the top page of your project, use the ‘Navigation’ button. All questions are mandatory, because you will not be shown questions that you do no need to answer. You will not be able to submit your application unless you have answered all mandatory questions. Use the ‘Completeness Check’ button on the left hand sidebar to check if all questions are completed. You may also be required to upload document at certain points in your application form. If uploads are required, templates for the required document will be available to download from the form itself. However, these documents may be detailed, so you may need to come back and complete your application once you have completed the templates for upload. If an upload is mandatory, you will not be able to submit your application until the required uploads have been made. All student applicants will be required to enter their supervisor name and supervisor email in order for their application to be authorised by their supervisor. You will not be able to submit your application without these details, so ensure that you have them before starting your application or attempting to submit it. You can always complete the majority of questions, save your project which will remain unsubmitted but live in your account, and come back to it.

Scrolling and arrow buttons

Make sure that you always scroll down to the bottom of each page. When you reach the bottom of each web page, use the ‘Next’ button located at the top of the left hand sidebar to progress to the next page of questions. To back to the previous page of questions, use the ‘Previous’ button. To return to the top page of your project, use the ‘Navigation’ button.

Mandatory Questions

All questions are mandatory, because you will not be shown questions that you do no need to answer. You will not be able to submit your application unless you have answered all mandatory questions. Use the ‘Completeness Check’ button on the left hand sidebar to check if all questions are completed

Uploading Documents

You may also be required to upload document at certain points in your application form. If uploads are required, templates for the required document will be available to download from the form itself. However, these documents may be detailed, so you may need to come back and complete your application once you have completed the templates for upload. If an upload is mandatory, you will not be able to submit your application until the required uploads have been made. All templates are also available using the 'Templates' drop-down menu in the top-bar of this application under the 'Help' link from where you have accessed this FAQ.

Requesting supervisor signature

All student applicants will be required to enter their supervisor name and supervisor email in order for their application to be authorised by their supervisor. You will not be able to submit your application without these details, so ensure that you have them before starting your application or attempting to submit it.

Teesside University Principles for Research Ethics

Principle 1 Harm to research participants must be avoided: the protection of the dignity, rights, safety and well being of all actual and potential participants, researchers, non-participating members of the public, and the environment takes precedence over scientific, or any other, considerations or interests. Principle 2 Research should be designed, reviewed and undertaken to ensure adherence to the highest standards of quality, integrity, ethical propriety and governance, and legal compliance. Principle 3 Researchers and participants must normally be informed as fully as possible about the purposes, methods and intended possible uses of the research, what their participation in the research entails, and what risks and benefits are involved. This information should be accurate, clear, and easily understood by the potential participant, who should have the capacity to understand what is involved in their participation. Research proposing variation from this principle may be approved but only in very specific contexts in which the lack of proper information must be justified by the value of the research. Principle 4 Research participants must consent to participate in a voluntary way, free from any coercion, undue influence, or manipulation. Use of inducements to encourage participation must be carefully monitored. Principle 5 The confidentiality of information supplied by research participants, and their anonymity, must be respected except in cases where illegal behaviour is discovered. All data and other materials from and about research participants will be collected, processed, retained, stored, and disposed of, in accordance with current legal requirements. Principle 6 The independence of research must be clear, and any conflicts of interest or partiality must be disclosed. Publication of research results must be done fairly and with the public good taking priority over private

Definitions of 'research' that require ethics review

Definition of Research ‘Research’ for the purposes of this document is to be understood as: • original investigation undertaken in order to gain knowledge and understanding • work of direct relevance to the needs of commerce, industry, and to the public and voluntary sectors • scholarship • the invention and generation of ideas, images, performances, artefacts including design, where these lead to new or substantially improved insights • the use of existing knowledge in experimental development to produce new or substantially improved materials, devices, products and processes, including design and construction. Definition of ‘research activity’ Research activity is defined as Teesside University research activity where: • TU takes on ultimate responsibility for the research, and/or, the activity is being undertaken in fulfilment (or part-fulfilment) of a TU programme of study/academic award, and/or, • A member of TU staff, or a student enrolled in TU is: o the Chief Investigator (CI) or Academic Supervisor, and/or, o holds the research funding

Principles on the use of Personal Identifiable Data in Research

The University, as a public institution, uses personally-identifiable information obtained from research participants to conduct research. As a publicly-funded organisation, the University has to ensure that it is in the public interest when personally-identifiable information from people who have agreed to take part in research is used. This means that when participants are recruited and agree to take part in a research study, the University will use such data in the ways needed to conduct and analyse the research study. Participant’s rights to access, change or move personal information are limited, as there is a need to manage that information in specific ways in order for the research to be reliable and accurate. To safeguard participants’ rights, the University will use the minimum personally-identifiable information possible. The following data processing principles apply: a) Where possible, research projects will work with fully anonymised data; b) When anonymised data has been obtained initially as identifiable personal data, research projects will anonymise data as quickly as possible to render the data anonymised; c) If working with fully anonymised data is not possible or would render the purposes of the research invalid, then research projects will work with pseudonymised data that has been anonymised whilst retaining a key permitting re-identification within strictly controlled conditions and by strictly defined persons involved with the research. The key permitting re-identification must be kept separately from the data and any other documents relating to the person from whom the data was obtained; d) If working with pseudonymised data is not possible or would render the purposes of the research invalid, then research projects will work with the minimal amount of personal data as is strictly necessary in order that the research purpose will be achievable; e) Individuals from whom personal data is obtained will be informed that the basis upon which their personal data is being processed is for research and that the legal basis for processing their personal data for research is as a task carried out in the public interest; f) Where personal data is collected from individuals, they will also be informed about the uses to which their personal data will be put within a research project and their rights with respect to their personal data; whether, how and when their personal data will be anonymised or pseudonymised; and the right to withdraw personal data will be specified; and the time period in which withdrawal is possible will be made clear to them; g) When specifying data withdrawal rights to individuals from whom personal data is obtained for research purposes, it will be made clear to them that they are providing consent to participate in the research and consent for their data to be used for the purpose of research but that the legal basis on which their personal data will be processed is that of a task carried out in the public interest.

Good Conduct in the use of the Internet in Research

4.1 Purpose This section provides guidance specifically on the use of the internet for general research purposes in order to minimize risks posed by the internet environment and ensure best practice is observed. Because of the nature of the internet it is possible that uncontrolled experimentation may result in exposure to and/or encouragement of criminal activities such as : • Breaches of the Computer Misuse Act • Breaches of the Data Protection Acts • IPR violations (e.g. Copyright) • Disturbing or illegal images (e.g. Paedophile materials, terrorist images) • Grooming activities • Fraud (phishing, 419 scams, auctions etc.) Schools may wish to consider the development of additional guidance that addresses specific discipline-based risks not addressed in these notes of guidance. All researchers should be familiar with the University’s ‘Guidelines for Good Conduct in Research’, February 2003 (1), Research Ethics Policy & Procedures, Sept 2005 (2) and Computer Regulation Documents (3) and ensure their research activity adheres to these established guidelines and procedures. This guidance applies to all members of the institution involved in research. This will include staff and undergraduate and postgraduate students. It also applies to those who are not members of the institution, but who are conducting research on the institution’s premises or using the institution’s research facilities. 4.2 Risk to the university’s computer network Any activity which may expose parts of the University computer network to risk of infection or attack must be approved by ICT systems. 4.3 Solicited data Collection of data through the internet needs to be carefully managed to avoid unnecessary risks to the reputations of the researcher and/or the University or to the quality of the research results. 4.4 Bulk email Generally, mass e-mailing should be discouraged as it can be perceived as activity akin to “spamming”. Where questionnaires are to be distributed by e-mail, researchers should carefully target their subjects and requests permission from the subjects before the questionnaires are distributed. The precise nature of the study should be clearly explained in the initial contact and parameters such as expected time to complete the questionnaire/interview should be given. Where research supervisors are aware that several such exercises may be conducted, a register of participants should be maintained and used to ensure that no participants are being targeted too regularly or asked to participate to such an extent that they may consider the researchers to be a nuisance. 4.5 Newsgroups and chatrooms Newsgroups and chatrooms should be considered a form of “bulk e-mail” with the added complication that it is not possible to identify all recipients or the originators of the messages posted in them. Furthermore, newsgroup users tend to form self-selecting groups with a bias toward particular interests or opinions. Data collected as a result of newsgroup usage is likely to be strongly biased as a result. 4.6 Web-based questionnaires Broadcast invitations to participate in an unsecured web-based questionnaire can result in skewed results, as for newsgroup participation. Furthermore, it is difficult to ensure that each respondent is only completing the questionnaire once. If web-based questionnaires are to be used they should be constructed in such a way that participants can only access the questionnaire after an appropriate invitation and can only complete it once. Provision of such a mechanism introduces issue of Data Protection in that the respondents may become individually identifiable. Care should be taken to dissociate identity verification mechanisms from gathered data unless it is essential to the study. 4.7 Observation In order to monitor illicit activity using electronic communications, the observer must be, albeit to a limited extent, a participant in the activity. That is to say that, at the very least, they are likely to be required to create a user identity which can be used to log in to the communications system under observation. 4.8 Use of a ‘user identity’ Because a user identity can be traceable, it is inappropriate for an observer's “main”, “personal” or “official” user identity (e.g. University issued e-mail address) to be used for this activity. Instead, a disposable identity should be created for the duration of the research. 4.9 Use of computer equipment Any computer equipment to be used for observation purposes should be dedicated to this task only, and only be accessible by the observer(s) in question. This avoids issues of accidental deposition of unwanted material on publicly accessible machines. Where the observer believes there is a possibility, no matter how slight, that they may encounter material which others would consider objectionable, steps must be taken to ensure that such material cannot be viewed by those not involved in the research. 4.10 Use of servers Any servers connected to the University network and visible to users outside the research team must be carefully managed and constructed to avoid enticement and/or encouragement to commit criminal acts or acts in violation of acceptable use policies and agreements. Information presented on web pages/file servers etc. must comply with appropriate legislation and be factually correct. It may be necessary to include information about the purposes for which the server is operating and provide further details of the research. 4.11 Observation of criminal activity Where the research may require observation of obvious criminal activity (e.g. Paedophile grooming, fraudulent auction sales etc.), risk assessment is essential. Participation and/or authorisation by appropriate law-enforcement bodies may be required, as may psychological assessment of the observer. Observed activities which will cause termination of the study must be clearly defined and adhered to. Observers must not participate in, or encourage subjects to develop criminal activity in any way. Throughout the observation, an accurate contemporaneous log must be maintained. Appropriate rest periods should be scheduled. The observer must cease observation if he/she becomes concerned by any activity which has been observed. 4.12 Internet-originated references Use of Internet-originated references should be treated very carefully. It must be remembered that the Internet is a public medium and that anyone with access to the appropriate technology can publish anything they wish without it being subjected to independent verification. Before a reference is accepted as being appropriate for citation, the researcher should take steps to ascertain the reliability of the source material. For example, an online journal or online version of a print journal can usually be considered to be as good as a print journal only when its editorial and review policies are compatible with the usual standards expected of a reliable academic publication. Some Community built information sources may be considered unreliable because of the way in which any user of the service can amend any existing data, or contribute new data without independent review or verification.

Harm to Participants

The assessment of what would count as a 'harm' against a research participant is itself highly complex as indicated by Principle 1, which states that such harms could take place against "dignity, rights, safety and well being". For instance, harm could occur in a physical way to a person, such as injury or even death. However, a range of other harms may result from research which are less easy to predict and manage through risk assessment. ‘Dignity’ is particularly complex in this regard. Likewise, psychological harms such as emotional distress are common risks in certain kinds of social science research. However, unlike physical harm risk assessment determining what is probable, possible, or what degree of harm could occur as psychological harm is very difficult. Whilst it may be possible to manage the physical environment effectively and put in place plans to ensure the physical safety of a person --such as is common in institutional actions under Health and Safety legislation --such management is difficult to achieve with psychological harms. The main reason for this is that the predictability of what may affect a person psychologically will vary widely between persons: what may affect seriously one person may not affect another at all. This is one of the major reasons why obtaining valid informed consent (see Principles 3 and 4) from potential participants is so important, as it allows for a person to decide for themselves what may or may not be harmful for them based on their own self-understanding. This has some important consequences for how consent is dealt with. This also points to what is most difficult in all risk assessment: the assessment of harm is always also a perception of harm which can change significantly with individual experience and which has a highly subjective component. Different individuals -- including those who make assessments formally on committees and in risk management -- have different perceptions of harm. When the degrees and different varieties of harm are also included in the assessment of harm, it becomes clear that this is a complex area which requires careful reflection in order to make proportionate and effective judgements about what is or is not acceptable in research. It is insightful to compare a range of types of harm by setting them out across three domains -- the physical, the psychological, and the social -- into a typology which shows which harms affect which kind of agents: DOMAIN AGENT HARM Physical Persons bodily injury or death Institutions damage to property Environment pollution Psychological Persons mental or emotional distress Social Persons relationships; reputation Institutions reputation; legal compliance Harm to persons includes a range of parties: the persons involved could be the research subjects, members of the public involved in the research through their direct participation; or they could be members of the public not directly involved in the research but who are bystanders. Harm could also occur to the researcher(s) themselves. In the last case, a problem thus ensues: what if a committee decides that the research proposed is too risky to the researcher themselves, but the researcher is prepared to accept this risk as part of the work? This is a tricky issue since it appears to place the freedom of choice of the researcher in jeopardy. However, it must be remembered that research does not take place in isolation and that even if an individual researcher is working primarily by themselves and is prepared to risk harm to themselves as part of doing research, there are ‘knock-on’ effects of actual harm occurring for which the researcher does not have freedom to decide. In most university-based research, for instance, if actual harm were to occur to a researcher (even if the researcher has explicitly accepted the risk of such harm occurring), there would inevitably be a negative impact on the institution in which that harm occurred, regardless of whether or not the individual researcher found the risk of personal harm to themselves acceptable. In contrast to our actions as private citizens -- such as finding the personal risk involved with rock climbing or shark fishing acceptable and going ahead and doing those activities – research conducted under the auspices of an institution takes place in a context in which decisions about individual freedom are compromised by a variety of legal duties. Issues which arise here often involve insurance and indemnity for which the institution will offer liability protection to individual researchers. As will be detailed further below, individual researchers’ liabilities are lessened by working within an institution, but such protection is offered at the cost of a certain amount of freedom to act as one would like. (See Liabilities, page 49 1c). Another complex issue about harm is that the assessment of what is potentially harmful depends on the perception and assessment of hazards. As mentioned above, much of this depends upon subjective perceptions about what may or may not be harmful and it is one of the most difficult things upon which to base judgments about risk. Fundamentally, a risk is a potential harm. Managing risk is about lowering the potential for actual harm to occur. Therefore, in assessing risk we must look at real and perceived risk. Research is inherently risky, since it involves discovering or finding out things we do not already know and it may have results we cannot anticipate. One possible outcome we cannot anticipate is something happening which causes harm. Assessment of risk involves looking at the probability of harm occurring and the extent and severity of harm should it occur; alternatives to risk-involving actions are explored. In research ethics, risk assessment directly involves the persons who would be exposed to risk, by asking them to decide on whether or not to participate in activities which are risky based upon adequate information about those risks and upon their own self-understanding. They can then choose to accept those risks by consenting to participate. Consent to participate in research is primarily a form of legitimising actions which are risky to participants, but decisions to act riskily are balanced against risk managing actions being taken during the research to minimise the occurrence of harm. It is not sufficient simply that a research participant consents to the risk -- or that a researcher finds a risk to themselves ‘acceptable’ and thus implicitly consents to that risk -- unless actions are also taken to minimise the risk itself during the conducting of the research. This is why risk management and the assessment of ethical propriety are so bound up with consent.

Participant Consent

Consenting is matter of agreeing to something or authorising something, the lack of which would render an action unethical or illegal. It legitimises actions which could risk the welfare of participants or involve invasive procedures. A patient gives their consent before being touched physically during medical treatment: without this consent, the physical contact would be illegal. A similar rationale extends to the ethical considerations in gaining consent, although there are discontinuities between the legal and ethical dimensions of consent. Wherever there is physical contact between researcher and participant the legality of actions are governed broadly by similar factors to those that would apply in medical treatment: touching a participant physically, administering substances or interventions, or putting participants under duress, without gaining consent to do so, is illegal and would constitute criminal assault or battery which, in addition to criminal punishment of a fine and/or imprisonment, could lead to a civil claim for damages by the participant. Importantly, in establishing a claim, participants would not need to prove harm was intended and punitive damages are available for these types of offences. There are good reasons to believe that the legal implications for lack of valid consent in research cases would actually be harsher than those imposed in medical treatment situations. This is because in medical situations there are clear benefits which directly accrue from the treatment for the patient and the intent of the medical practitioner is clearly aimed at benefiting the patient. In research this relationship is not obvious: the possibility is that research done without valid consent from participants with whom there is physical intervention would have clear criminal liabilities for the researchers involved. In research where there is no physical contact as such, the position is less clear. Regardless, gaining consent is a way of ensuring that interaction with participants is legal even in situations where the legal position is less defined, such as in social science research. It is almost always ethically inappropriate regardless of the legal position to proceed with research on or with human participants who have not explicitly given their consent to what will occur during the research participation. In order for consent to be valid ethically, it must satisfy three conditions: those of a voluntary, un-coerced decision; made by a sufficiently competent person; and on the basis of adequate information and deliberation. To be valid, consent must be: • Informed - on the basis of adequate information • Voluntary - un-coerced decision • Competent - made by a person having the capacity to consent You will often see consent referred to in documents as 'informed consent' which is unfortunately a little misleading. Certainly, consent must be informed to be valid but it is still possible to have consent which is informed which is not valid. For instance, if undue persuasion was involved in decision making by a potential participant about information previously given to them, the ‘informed consent’ is not valid. It is better to think of consent as linked primarily to validity. 'Valid consent' includes the informed component but links this information to both voluntariness and competency. It also encourages researchers to think of information-giving as only one strand of the consent process which also involves other equally important factors. In other words, simply giving information to potential participants does not absolve researchers of ethical responsibility towards them. By thinking of consent as linked primarily to validity, the temptation for a researcher to think that they have ‘done ethics’ (ie: got it out of the way) when they have given a participant information is lessened in favour of a holistic view of ethical research as a process which is a part of professional and contemporary thinking about research practice. Moreover, for the information to constitute valid information, it must fulfil certain conditions itself.

Informed Consent criteria: Giving Information to Participants

‘Informed’ consent means that consenting is based on the provision of information to the person from whom consent is sought. There are two main aspects to the providing of information which are paramount. Firstly, that the information has a certain quality to it; secondly, that the information is understood by the person who is being asked to consent. These two factors are the main issues. The format of information and all other considerations are secondary to achieving the end of understanding by the person giving their consent on the basis of information which provides certain essential details about the research. In many cases, the information given will be of a formal nature but formality is not necessarily a guarantee of achieving understanding: in some cases, it may actually be a barrier to achieving it. This will depend on who is being asked to consent and on the nature of the research. Although the appropriate kind of information will vary depending on the nature of the research, the type of information given regarding the research is usually likely to include: • Aims of the research • What participation in the research will involve • Why a particular type of person is sought to take part • Potential benefits of the research • Potential risks to the participant • How the participants’ data will be used and how participant identities will be protected during the research and in any publications or dissemination of results The information provided should enable an informed choice or decision by the potential participant about whether or not to take part. It should include research aims. An outline of research methods is also recommended if those methods are likely to raise concerns on the part of the participant during their involvement. It should normally include legal rights and safeguards provided for participants. It is always necessary to include an assessment of risks that participants might be exposed to. In most cases, it should be clear that the participant can withdraw from the research at any time; in those cases where withdrawal rights are limited to particular stages of the research, then this should be stipulated clearly allowing for consent to be given or denied on this basis. It is good practice to give information about how a project is being funded and of other interested parties in the research since some people may not wish to participate on the basis of a funding source or if the information gained will be used by another interested party with whom they have a principled disagreement. Ensuring understanding: This is the most important aspect of the consent process. Without the potential participant understanding the information given, the whole point of gaining consent is undermined. It is also the most difficult part of the consent process: whereas the design of information is under the direct control of the researcher, the understanding of the potential participant is not. In fact, there is very little that can be done to completely ascertain that the potential participant has properly understood the information. However, the key idea is that information should be designed and the process of gaining consent managed to maximise the understanding of the potential participant. The most important task is to ensure that the information and the consent gaining process enable the making of a reasoned and properly informed decision by the potential participant. To ensure that such a decision is enabled, it should be borne in mind that much research is technical and that information about the technicalities of research must be understandable by a member of the public. In many cases this will mean not including technical information which most members of the public are highly unlikely to understand. All of the information given must be presented in a way that is clear to a non expert reader. Avoidance of jargon and highly specialised methodological issues is required, since their inclusion is likely to obscure proper understanding. Without this understanding the consent obtained from information will not be valid. Potential barriers to understanding are: • Participants failing to appreciate the nature of the research • Many research methods –such as randomisation, control groups, or placebos – are conceptually difficult and many potential participants will have an inability to understand information about them • Giving potential participants too much information that requires a lot of reading to digest or that will simply be skipped over because it is dense • Information that is too technical or filled with jargon • The person is not competent to understand the information. There are different dimensions to competency, one of which is legally defined below, but in general consideration needs to be given to the ability of potential participants to grasp the information to the level required to make a reasoned decision. Deliberation: The person must have time to deliberate. There must be the opportunity for questions and discussion if needed. It is good practice to allow at least 24 hours for this. Never expect a decision on consent immediately, as this could easily be perceived as undue pressure to consent which compromises voluntariness, as covered below.

Covert methods not obtaining consent

In some kinds of research, it is a possibility that giving full information and gaining consent on the basis of that information will be difficult to achieve. In such cases, compromised information giving is acceptable as long as it is done for justifiable reasons. For instance, in certain areas of social sciences, particularly that involving behavioural research, methodological considerations may require consent to be compromised at the level of information. Covert methods may also be justified in certain circumstances, in which no information is given prior to research being conducted. In such cases, justification for the research would need to demonstrate the high value of the research. The kind of deception or misinformation used would also be a factor in determining the ethical propriety of the work. In cases where covert methods are used it is usually good practice to debrief participants after the research in order to inform them, but obviously this is not a substitute for prior consent to involvement and it will need to be done in a sensitive way. There are also types of research which might involve giving information to potential participants which is deceptive in some way. The spectrum of compromised information could include complete fabrication to withholding of particular pieces of information upon which the research method depends. Clearly the less deception involved, the better. But in all such cases, the aims of the research will need to be such that the outcomes could not be achieved by using less covert or deceptive methods. Compromising information can therefore take the form of: • Lying about the aims or true topic of the research and/or about what participation in the research really involves (not recommended) • Giving deliberately misleading information in some way • Withholding information • Covert observation, surveillance Covert observation or deceptive participation on online forums, social media, or other internet-activity is subject to the same ethical considerations as any other form of research. It cannot be presumed that activity online is automatically ‘public’ and open for use as research data. Online surveillance is ethically problematic, regardless of its function in providing research data. Where possible, consent should be obtained.

Voluntary Consent criteria

Voluntariness means a decision made on the basis of information given without influences upon the potential participant which are manipulative and/or coercive in any way. Types of influence which would compromise the voluntary character of a decision are: • Coercion using force or threat • Manipulation through emotional exploitation, encouraging feelings of obligation or guilt in the potential participant • Persuasion to consent through the use of argument or appeal to the altruism of the participant The only certain way to avoid compromising the voluntariness of a decision is to provide proper and clear information to the participant from the beginning and to refrain from using any form of persuasion after the fact. If further information is required by a potential participant over and above that given primarily, then it is good practice only to clarify misunderstandings of primary information and to avoid giving additional information. If such information was not provided in the primary information then further information given later runs the risk of compromising a properly voluntary decision, since it could be interpreted as a form of persuasion to participate. Other issues which potentially compromise voluntariness would be a variety of inappropriate relationships between the researcher and potential participants. Such relationships could be between colleagues, friends, teacher-student or employer-employee, or the use of convenience sampling which relies on acquaintances. In all these cases, a feeling of obligation or pressure to participate unrelated to the research itself is likely because of a prior relationship. Financial or other incentives or inducements to encourage participation are also potentially compromising, particularly in research involving low income populations or other vulnerable people, since the appeal of a payment for participation is likely to override a proper decision to participate based solely on the merits of the research or on consideration of the potential risks to themselves. Where incentives are used, they should be used carefully bearing in mind the target group. Any incentive used should not be proportionately related to the risk involved. In other words, it is not ethically acceptable to balance out higher risk with higher incentive or payment. Any payments given for participation should be based on the time and convenience commitment of participants supplemented by compensating for expenses incurred.

Competency in consent criteria

Competency is a question of capacity. Capacity is a qualification of competency. Certain categories of persons are said to be ‘without capacity’. In such cases, there are both legal definitions and ethical definitions of capacity. For the purposes of research the following groups do not have capacity to consent: • Children under the age of 16 • Persons who are unconscious, such as people in comas • In certain circumstances, people in extreme pain or distress • Persons legally defined as lacking mental capacity The Mental Capacity Act 2005 defines lack of capacity as follows: a person lacks capacity in relation to a matter if at the material time he is unable to make a decision for himself in relation to the matter because of an impairment of, or a disturbance in the functioning of, the mind or brain This means that a person lacks capacity if: • They have an impairment or disturbance (for example, a disability, condition, or trauma) that affects the way their mind or brain works, and • The impairment or disturbance means that they are unable to make a specific decision at the time it needs to be made The Mental Capacity Code of Practice issued by the Lord Chancellor on 23 April 2007 in accordance with the Mental Health Act 2007 sets out, in assessing capacity, a two stage test: Anyone assessing someone’s capacity to make a decision for themselves should apply the following test: • Does the person have an impairment of the mind or brain, or is there some sort of disturbance affecting the way their mind or brain works? – it does not matter whether the impairment or disturbance is temporary or permanent • If so, does that impairment or disturbance mean that the person is unable to make a decision in question at the time it needs to be made? Since capacity can change over time, researchers should be aware that a change in a participant’s capacity may require that participant to be withdrawn from the research or his/her participation reviewed to ensure capacity to decide to continue exists. Children under the age of 16 require proxy consent. Research involving children requires researchers to obtain the consent of parents or guardians. Proxy consent usually means obtaining valid consent from parents and guardians for their children to be asked for assent to participate in research. Because research with children (or any other research involving obtaining consent by proxy) raises both ethical and practical difficulties in ensuring that proxies are properly informed, proposals for research involving children (or other participants requiring proxies) will need to have well justified outcomes. In other words, the significant ethical concerns raised by proxy consent must be shown to be proportionate to the aims of the research; and that the aims of the research are achievable only by doing research with children (or other participants requiring proxies).

Participant Confidentiality

Principle 5 covers a range of ethical and legal issues around the confidentiality of research participants, as well as addressing the issue of regulated materials used as part of research. In contrast with issues around consent where legal and ethical concerns often overlap in undefined ways, confidentiality is an area of research ethics in which there are clear legal duties as well as ethical ones. In fact, the legal duties around the protection of research participants’ confidentiality is defined in several places: • EU General Data Protection Regulation (GDPR) • Data Protection Act 2018 • European Convention on Human Rights (Article 8) as implemented by the Human Rights Act 1998 • Common law duties of confidentiality • Certain areas of administrative law • NHS Act 2006 (Section 251) • Health and Social Care Act 2008 (Section 158) It is a legal requirement that personal data must be processed in accordance with a number of specified principles. Under GDPR data must be: a) processed lawfully, fairly and in a transparent manner in relation to individuals; b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes; c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed; d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay; e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. Processing data consists of any of the following: • Collecting • Recording • Organising • Structuring • Storing • Adapting • Altering • Retrieving • Consulting • Using • Disclosing • Transmitting • Disseminating • Making available • Aligning • Combining • Restricting • Erasing • Destroying The culmination of the above is a legally defined responsibility to protect and preserve personal data. The protection of data also has an ethical dimension but the legal and ethical dimensions must be handled slightly differently. The legal basis upon which researchers can process personal data is linked to the University’s public functions. From an ethical perspective, researchers must normally obtain the consent of potential participants in research, but that consent is not the legal basis upon which personal data is processed. Consent is for participation in research, part of which will be the obtaining of personal data. The ethical dimension involves respecting and maintaining the relationship of trust that is established between researchers and participants. Research data is often sensitive and therefore consent to its use for research purposes involves a decision to disclose personal and/or potentially sensitive information to researchers for such purposes. Participants have a legal right to the protection such personal and sensitive information and researchers have a legal duty to comply, but the importance of the ethical dimensions of the relationships thus established through consent cannot be underestimated. This becomes important when circumstances arise in which the researcher is faced with a choice about disclosing information which might compromise that confidentiality and about which the law is less clear. Questions about such disclosure will be dealt with further on.

Preserving participant confidentiality

Personal data that is gathered, processed, and stored to be used in research is processed by researchers as part of the University’s public function. Crucially, it is at this point that all the uses to which the data will be put in the research are specified. In such cases, the data remains ‘connected’ with the individual participant but consent has been given for specified uses. This means that the individual in question could still be identified from the data, but that the data is sufficiently protected, stored, and disposed of, in ways that protect unauthorised access to this data. Protection of data involves a well-defined protocol about: • how the data is stored and the security of storage • how long it is stored • what uses the data will have • who will have access to the data (other researchers, institution staff, general public) • any data sharing needs to be clear. In practice though, many people will be reluctant to consent to certain uses of sensitive data that is still identifiable and may well not give their consent for usage in certain ways, or may refuse to consent at all. In such cases, it become necessary to work with anonymised data. The use of personal data for research must always be as minimal as possible (‘data minimisation’), which means that only data that is essential for the purposes of the research should be obtained; where it is possible to use data that has been de-identified with a retaining identifier in the form of a code or key – ‘pseudonymisation’ – this should be employed; or, a far as possible, completely anonymised data should be used.

Anonymisation and pseudonymisation of personal data

Anonymising data involves severing the connection between the data and the individual. This means that the individual concerned can no longer be identified from the data. Whilst this may well assist in guaranteeing confidentiality for participants, the problem with achieving confidentiality through anonymisation is that this usually means that researchers will need to make compromises to work in ways in which knowing the identities of individuals from whom data has been gathered is not critical to the research. This will usually mostly affect qualitative work in which interviews or case studies of small groups are used or in longitudinal studies. A compromise position in working with anonymised data which still offers confidentiality for the participant but more flexibility for the researcher, is that it is usually possible to process and store data in such a way that it can be retraced back to a specific individual participant if needed once it has been anonymised. This is usually done by developing a coded anonymisation system in which anonymised data is coded or ‘keyed’ in some way allowing for previously anonymised data to be re-linked back to an individual at points during the research. Given that either full and complete anonymisation, or a form of coded anonymisation, is viable for the research being conducted, there are issues pertaining to how the anonymisation is achieved which need to be addressed: • Access to the non-anonymised personal data in order to perform the anonymisation procedure must be strictly controlled; • If the data is to be keyed or coded --pseudonymisation-- the data and key or code be stored separately and access to the key or code must be strictly controlled. Any other documents relating to the source of the personal data must also be kept separately. Another issue that needs to be dealt with carefully in anonymising data is the possibility that individuals could still be identified from the data even though they are unnamed. When working with groups of participants in small numbers or with a highly specific group of participants, the data that is retained could well retain enough characteristics to allow participants to be identified even if they are not named. This possibility can be avoided by stripping out information in degrees until individuals cannot be identified; by aggregating information, such as using an age range rather than specific age; or by restricting the set of data. However, in such cases it will be necessary to look at which data sets are really required for the research and to remove specific data which would make identification possible, such as age. Often in such cases, working with anonymised data will mean compromising by not using all the data available where this will not impact negatively on the research aims. Another possibility to removing a set of data completely is to aggregate it, so rather than removing all reference to age, or using a specific age (ie: 32 year old), a range of age would be used (ie: between 25-25 years old). It is easy to see how in small groups, adding another piece of data to the specific age (ie: female), could very easily pick out an individual, whereas the range is less likely to do so. Which part of the data could potentially be used to identify otherwise anonymous participants and therefore need to be treated carefully will vary depending on the nature of the group of participants and the research topic, but in most cases a workable compromise is available.

Secondary data analysis

The specific issues concerning confidentiality laid out above apply mostly to primary research in which data is gathered directly from participants who give their consent to such data being gathered and used. However, confidentiality issues reach further than primary research and are just as complex when using data in secondary analysis. In such cases, data gathered from a piece of primary research is re-used for a further piece of research. It should not be assumed that this is a less problematic areas, as rather than reducing the legal and ethical duties of researchers to protect confidentiality, secondary analysis actually increases the difficulty in fulfilling those duties in most cases. This is because secondary analysis usually involves re-using data. Unless the use of the data for secondary analysis is the same use as in the primary research, or consistent with it; or the use which secondary analysis now requires was specified at the time the data was collected, then such analysis of data is illegal. There are certain exceptions to this, e.g. For medical research, such as epidemiology, where large data sets are re-used. The exceptions are based on a justifiable and demonstrable public interest being served by secondary usage, this case being supported by the Health Research Authority Confidentiality Group requirements for exemptions under Section 251 of the NHS Act 2006. However, such legal duties only apply in secondary analysis which uses identifiable personal data. Anonymised does not fall into this category. Pseudonymised data does not fall into this category as long as the appropriate safeguards have been put in place.

Disclosure and breach of confidentiality

A potentially difficult area of confidentiality concerns not how to preserve or protect it, but situations where there may be a legal or ethical duty to breach confidentiality. There are two distinct categories of situations involved here: • research which is directly interested in legally-dubious activity from the outset, whether that interest is criminological, investigating any area of child abuse, terrorism, illegal drugs use and trafficking, prostitution, people trafficking or other criminal behaviour • research in which there is no primary research interest in any of these areas The second category is more straightforward. Research which involves no primary interest in criminality, child abuse, terrorism, or illegal drugs, may incidentally to the main focus of the research discover that criminal activity is occurring during the process of research, or that a participant involved in the research is involved with criminal behaviour. In such cases, the participant will have already consented to participate in the research and the researcher will have begun work on the research with those participants in a research topic completely unrelated to criminal activity, terrorism, drugs, or child abuse. This means that the participant has consented to participate and as part of this consent process, the researcher has been trusted with preserving the confidentiality of that participant. In normal unproblematic cases, the researcher would have the duty to preserve this confidentiality in all circumstances. However, in certain cases there are conflicting legal and ethical duties which either legally trump the duty to preserve confidentiality, or which provide an ethical dilemma for the researcher. It should be noted that what are or are not legal duties in the breach of confidentiality are in some areas very unclear, with certain exceptions. These exceptions are as follows: • In all cases, if terrorist activity or activities connected to preparation for terrorist activity are discovered incidentally during research (ie: the research topic is not connected to terrorism), the researcher has a legal duty to report those activities regardless of whether the same amounts to a breach of confidentiality (if there is a breach, the researcher will accordingly have a defence). Failure to report discovery of such activities is itself a criminal offence liable to prosecution under the various pieces of terror legislation passed between 2000-2008 introduced to tackle terrorism. • If during the course of research, other criminal activity is discovered incidentally (ie: the research topic is not connected to criminality) then whether or not there is a legal duty to report this activity is context dependent (ie: it will depend on what those activities are). If those activities involve money or assets which are the proceeds of criminal activity, then the researcher has a legal duty to report this under the Proceeds of Crime Act 2002. For other criminal activity, such as drugs related crime, the incidental disclosure to the researcher of avoidance of prosecution for a serious offence (such as murder or rape), or plans to commit such offences, then there is no clear legal duty, but the researcher may need to seek legal advice in specific cases. • If during the course of research, child abuse is discovered and the researcher is themselves a social services professional, then the researcher has a legal duty to report this abuse as a professional practitioner in the field concerned with dealing with child welfare. This would apply in research which is not primarily related to children or in research which is directly focused on children. However research which is directly focused on the abuse of children or children’s welfare will bring further complications which are addressed below. Researchers who are not social services professionals who discover child abuse do not have a legal duty to report on this discovery. However, there is clearly the question of the researcher’s ethical duties in such situations, which will be explored below. Research which has direct interest in criminality is a far more complex area for legal compliance and ethical propriety. In such cases, the researcher enters into the research knowing a priori that there will be criminal activity occurring. The issue of disclosure then pertains to what kind of information or knowledge may well become available that may place extra duties on the researcher, or in extreme situations place the researcher at risk. Examples could be: • Research into criminal activity in a carefully prescribed area, for which participants are recruited on the basis of their criminality, but the crime involved is relatively unserious. During the course of the research it becomes apparent that very serious crime is occurring. • Research into crime with participants who have consented on the basis of full confidentiality, confide information to the researcher that was not of interest to the original research but which compromises the researcher and the participant’s confidentiality because it involves third parties who were not known to the researcher at the commencement of the research and who have not given consent. In such cases, serious complications could also ensue if such third parties become aware of the disclosure. Regardless, in all cases of disclosure there will be an ethical duty of some kind. It is the various ethical duties which present a range of potential dilemmas for researchers, as the ethical choices may involve compromising the confidentiality of research participants with whom one has established a working relationship in order to resolve a subsequent disclosure. These ethical issues become even more difficult when working with fore-knowledge of criminal activity, such as in criminology research, where the researcher may need to plan for such eventualities by planning consent in such a way as to reduce the possibility of being put in a compromising ethical situation with participants for whom a relationship of trust has been established and upon which future research may well depend.

Regulated Materials

Certain forms of research materials are also regulated in a variety of ways: • Research which works with human tissue. Human tissue includes body parts, blood, semen, saliva, and other bodily fluids. Human tissue does not include fingernails or human hair. Regulated by the Human Tissue Act 2004 • Research which seeks to analyse DNA for identifiable data. Regulated by the Human Tissue Act 2004 • Research which works with radioactive or other dangerous materials or in dangerous environments. Regulated by Management of Heath and Safety and Work Regulations 1999 (Regulation 3 Risk Assessment); Ionising Radiations Regulations 2006; Hazardous Waste (England and Wales) Regulations 2005; and Health and Safety at Work Act 1974. Tissue which is regulated can only be collected, processed, retained, stored, and disposed of in specific ways. Institutions must be licensed for human tissue to be used in other ways. Any research which may incidentally involve human tissues is also affected, if tissue is collected or stored in any way, even if incidental to the purposes of the research. The extraction of DNA from human tissue for non-identifiable purposes is allowed as long as consent has been gained for such work. Other uses for the purposes of DNA analysis are strictly regulated and are illegal unless conforming to specific parameters. The use of tissue for purposes not strictly defined as a specific exemption from regulation, when used in an institution without a license, is illegal. Work with radioactive materials is also regulated. Research using other dangerous materials such as chemicals and research conducted in dangerous or risky environments needs to undergo risk assessment and comply with the Health and Safety at Work Act 1974 and associated Regulations, much in the same way as other sorts of activities within the course of employment. Risk assessments form part of ethical Clearance procedures and paperwork associated with such assessments needs to be included with ethical Release or Approval forms.

Conflict of Interests

A conflict of interest is any involvement between the researcher(s) and other parties, such as funding sources or external agencies to which reports or other materials will be divulged, which if undisclosed could be interpreted as compromising the researcher(s)’ objectivity. For instance, if a project looking at the effects of childhood obesity were funded even in part by a fast food organisation and such funding were undisclosed, then a conflict of interest between the funding organisation’s interests and those of objectivity of outcome could result. In such cases, involvement of all funding bodies with an interest in the outcome of the research should be disclosed to ensure transparency. This disclosure would normally be included in information given to potential participants enabling them to decide on whether to participate, but such disclosure should also be included in any reports or publications resulting from the research. If in doubt about a potential conflict of interest, then always disclose. If disclosed a conflict of interest -- in the sense defined above -- cannot arise.

Publication Ethics

There are two main areas of concern in the ethics of publication: • The duty or requirement to publish research • The transparency and accreditation of authorship and involvement in research which is published The first area concerns whether or not research results are published when there are reasons why certain parties may not find this desirable. There are two possibilities to this. Firstly, the researcher themselves may not find publication of research desirable if the results conflict negatively with previous research or prove to have other negative consequences. This is a question of the duty of researchers to publish research if it is of sufficient quality or interest to others, regardless of their own personal interest. Secondly, there could be other parties –such as funding sources- for whom the results of the research are unwelcome. In such cases, pressure could be placed upon a researcher to withhold publication altogether or to censor the publication in order to make it appear more positive. In both cases, it is unethical to not publish research if the quality of the research would be of a standard high enough to pass through peer review or other quality control and editorial processes, if the results of the research would have an impact on the public good. It should also be noted that changing the results or outcomes of a piece of research significantly in order to censor or present results in a more favourable way is also a form of research misconduct akin to fabrication or falsification of data which carries severe consequences if discovered. Authorship is a complex area ethically. The criteria for crediting authorship on papers are as follows: • Any party who has contributed to the research itself is considered an author. Such contribution includes data gathering or generation, analysis or interpretation, and drafting, editing, or proofing text used in the publication. It does not include securing funding or any other support functions, such as facilities. These contributions are not authorship related. They can be credited but not as part of the authorship credits. The difference is between claiming authorship itself and the authors acknowledging the input of others in achieving funding or providing facilities. Failure to give credit for authorship according to the criteria above is unethical, as is deliberately weighting accreditation so that an impression is given of less input to a project than actually occurred. • Any party who has not contributed to the research as stipulated above in either authorship or other actual support function and whose name is included as a favour, even if reciprocal, is not an author and such inclusions –whether common tacit practice or not – are unethical. Again, this is a case of wishing to acknowledge rather than give a credit for authorship itself. ‘Ghost’ authorship in research publication brings the notion of academic authorship into disrepute. It should be noted that the question of questionable authorship credits in publications published in major international journals is increasingly considered a form of research misconduct by journal editors and the professional bodies which represent them. Researchers who engage in such practices put the reputations of themselves and other colleagues are risk. It should further be noted that an author of work, if in the event he/she is no longer the proprietor of the work (ie: he/she has assigned it over to a 3rd party), is entitled to moral rights under the Copyright Design and Patents Act 1988 (section 77) which, inter alia, grants the author the right to be recognised for his or her work. Therefore, this should be borne in mind when attributing work.

Potential Legal Liabilities of Researchers

1) Harm occurs to participants, property, resulting in claim of negligence a) Negligence involves lack of proper process of risk assessment and can be intentional or reckless b) Going via institution’s REC procedures constitutes protection c) Research conducted without proper procedural accountability severs the protection of the institution’s indemnity arrangements and leaves the researcher open to personal liability for negligence. In practice, this means that if a researcher chooses not to apply for ethical Clearance, using either Release or Approval, and a claim is made against them by a participant for any reason, then the researcher may be personally liable. This may also apply in cases where a researcher has applied for ethical Clearance but who chooses to ignore requirements placed upon the research protocol by the REC in order for it to proceed; or who subsequently changes the research design previously approved in the protocol submitted to an REC without notification. 2) Lack of valid consent Researcher may be exposed for criminal and/or civil assault or battery which may attract a criminal punishment of a fine and/or imprisonment and a civil claim for damages. Potential legal liabilities for data breaches Liability for the institution under the Data Protection Act, which attracts criminal liability, financial fines and potentially financial claims for damages.