Rules for researchers

Last modified: 18 Jun 2024

Introduction

Below is a summary of the conditions researchers agree to when accessing data in the UK LLC TRE. These include, but are not limited to, maintenance of confidentiality, IT equipment and reporting breaches or risks. This is followed by a summary of the penalties researchers may be subject to if they breach UK LLC conditions.

UK LLC policies of particular relevance to researchers are listed below:

• Information Security Policy

• Data Access and Acceptable Use Policy

• Reproducible and Reusable Research Policy

• Naming of Projects and Data-related Outputs Policy

• Audit Policy

• Output Review Policy

• Project Amendment Policy

• Publication Policy.

Rules for researchers

1. ONS Approved Researcher accreditation, DAA and DURA

To be active in the UK LLC TRE you must hold valid ONS Approved Researcher accreditation, be named on an approved project and have completed all necessary UK LLC paperwork - Data Access Agreement (DAA) and Data User Responsibilities Agreement (DURA).

2. IT equipment and security

You must only access the UK LLC TRE from the UK via a secure private or corporate network using organisation owned/approved machines, which are automatically maintained so that they are fully patched and up to date with relevant virus protection. Where using a private network, you must make all reasonable efforts to ensure this is maintained and the equipment is secure (strong password) and kept patched and up to date. You must keep your UK LLC TRE access password private and your 2FA secure and you must not share these with anyone else. You must ensure that your display screen is not overlooked by unauthorised persons when accessing the UK LLC TRE and you must lock your computer when you leave it unattended.

3. Confidentiality of data

You must maintain the confidentiality of the individual level data you access in the UK LLC TRE. You must not share this information with anyone, except researchers named on your approved project. You must not try to identify or contact any LPS participant. If you inadvertently identify an LPS participant you must notify the UK LLC Data Team immediately: support@ukllc.ac.uk.

4. Project scope and permissions

All your analyses must lie within the approved scope of your project and adhere to the terms and conditions set by data owners. You will not be permitted to file-out outputs that lie outside the scope of your approved project or that have breached data owner terms and conditions. You must only use the data accessed through the UK LLC TRE for genuine research for public good and never use the data for profit-making purposes. You should frequently revisit your approved project paperwork, taking particular note of the following fields:

• Title

• Abstract

• Lay summary

• Project overview

• Project methodology

• Outputs

• Data requested

• Any imposed ethical or data restrictions.

If you have any doubt regarding the scope and permissions of your project, you must contact the UK LLC Applications Team before proceeding further: access@ukllc.ac.uk.

5. Reproducible research

You must make your project workings (including syntax/scripts, code lists and other relevant documentation) accessible to other researchers. The documentation must be sufficient for future users to understand and replicate your analyses - see the Using Git guide.

6. Audit

You agree to your ONS Approved Researcher accreditation and the scope and permissions of your approved project being audited and you must provide full cooperation. All auditors commit to the confidentiality of the project. UK LLC Data Team staff will examine your syntax files and check that the variables you are accessing and including in functions, tabulations and visualisations align with your project documentation. If any potential non-compliances are identified, the Data Team will contact the lead researcher on the project for further information and copy in the UK LLC Information Security Team (IST). If any non-compliances are identified, the IST will consider whether an Information Security Case Report should be completed. If required, the IST will escalate non-compliances to the UK Statistics Authority’s Research Accreditation Panel (RAP) - see the UK LLC Audit Policy for further details.

7. Reporting concerns, breaches and other incidents

You must report to the UK LLC Data Team as soon as possible any concerns, or breach of data or other incident that may have compromised the security of data in the UK LLC TRE: support@ukllc.ac.uk.

Examples include, but are not limited to:

• Concerns you have about the quality of the data or the data not being reasonably de-identified

• The loss or theft of the computer used to access the UK LLC TRE

• Any unauthorised person gaining access to the UK LLC TRE

• Any sharing of login details or devices that permit access to the UK LLC TRE.

You should also notify UK LLC about risks and any weaknesses you identify in UK LLC systems, policies and procedures: support@ukllc.ac.uk.

8. Presenting/publishing your results

You must only include data in papers/presentations that have been approved through UK LLC’s output review process - see Moving files in and out guide.

You must share all papers and similar outputs with UK LLC for review at least two weeks prior to submission for publication - see Publishing or presenting your research guide.

Penalties for researchers

You must adhere to the terms of the DAA and DURA at all times. The DAA is a legally binding contract. Current and future access is at risk for you, your team and your organisation if you do not abide by the terms of these agreements. Serious breaches of these terms may be subject to prosecution to the full extent of civic or criminal law.