We often hear from researchers who want to collect impact evidence or write about the impact resulting from their projects, but are worried about maintaining confidentiality and meeting data protection requirements. While this can be a bigger concern in some projects than others, it’s always important to ensure that you are meeting any beneficiaries requirements and expectations, and strike a balance between communicating your impact and maintaining boundaries.

Here are some top tips to help you manage confidentiality and data protection concerns when reflecting on your impact, whether for your own purposes or promoting your work, meeting grant requirements, or for a REF case study. 

  • Consider what information actually contributes to your reflection, and what might be an unnecessary use of data.
  • Consider anonymising information where appropriate. This could mean redacting names, but also could include any other identifying details.
  • Make sure that you are aware of (and understand the implications of) any relevant confidentiality agreements, such as non-disclosure contracts and UK GDPR.
  • Think about how you’re storing your data, such as using data protection or encryption. Exercise caution if you need to share any attachments by email, and remember that you can encrypt attachments so that they can only be accessed with a password known to the recipient.
  • Are you using the data in the context that it was collected? If not, you may need to request consent if you’re using personal data. 
  • Remember to check whether the analysis that you are undertaking is covered by ethical approval for the project, or whether you should seek separate approval.

If you’re not sure, ask. You might want to ask the stakeholder themselves, the University’s data protection team (data-protection@port.ac.uk), or the Impact team (impact@port.ac.uk) for impact-specific questions.

Confidentiality and REF

REF takes confidentiality very seriously and has various measures in place to protect this. These include.

  • Redaction of confidential commercial information and/or personal/confidential quotes in the body of the ICS.
  • Case studies that are deemed confidential are assessed by panel members who have signed confidentiality agreements, and not published following assessment. 
  • Highly sensitive case studies are only viewed by selected members of assessment panels with National Security Vetting, and all materials are destroyed after assessment
  • Internally, materials related to any REF ICS are only accessible to the relevant designated individuals on a case-by-case basis.

We also have information and measures to reassure external parties on how any information will be used. You can find more information as well as a university consent form template and privacy notice in our Collecting Evidence resource folder.

You can find an overview of the REF (2021) Confidentiality levels here. We don’t expect to see any significant changes to confidentiality considerations going into the next submission, but if there are, this will be communicated to those involved.