Ethics and data protection

Ethics

It is sometimes the case that physical scientists are not familiar with obtaining ethical approval for their research and may (erroneously) assume that such approval is unnecessary for an educational research project. However, almost all educational research projects will deal with data or interaction with human subjects and consequently must be reviewed from the standpoint of ethical acceptability. When those subjects are vulnerable people (for example, under-18), you will find that your institution will have even more stringent guidelines.

At a more subtle level you need to be aware of the issues that can arise by using data that you have access to as part of your role as an academic or teacher. So, while it may be perfectly acceptable to use module grade data to inform an internal report, if you wanted to publish this externally or present it in a conference, ethical approval would be required. You should always check what your institution requires, and if you are in any doubt, you should query what is required and be prepared to make the relevant application for ethical approval.

Data protection

Data protection is a separate issue to ethical approval, noting that some ethics committees will want to see what you tell students or staff about how you will handle data. Your institution will have policies to ensure that it complies with the General Data Protection Regulation (GDPR), and again, you must find out what the local procedures are. Compliance with GDPR is likely to have several implications for your project, such as logging what information is being captured and describing how you will keep any personal data secure and your plans for data retention and destruction. Note that particular care is needed around handling what is termed sensitive personal data. You should also be aware that GDPR operates on a principle of informed consent, so you need to tell your subjects what you plan to do with their data, how you will ensure their privacy, and what the data retention policy is. In terms of your timeline, you need to factor in enough time to ensure that you have engaged fully with your institution’s data protection procedures.