Frequently asked questions about ethics guidance

All research involving human participants or identifiable personal data has some ethical implications. Even if the research is low risk, issues such as data protection, confidentiality and anonymity need to be considered. There is also a widening body of professional and legal requirements with which research projects must comply.

Ethical approval must be obtained before the research commences.

City's indemnity will not cover research without approval and failure to obtain approval may also result in disciplinary procedures being instigated.

Please note that there are no exceptions, exclusions, retrospective approval or blanket permissions.

In the case of a staff member conducting research, that staff member is the Principal Investigator.

In the case of students, whilst the student may be the principal researcher, for the purposes of the institution the supervisor must act as the Principal Investigator and as such must sign off the application form. This is because the supervisor is a City staff member (usually) and must sign the application to undertake responsibility for the conduct of the research.

In the first instance you will need to follow the guidelines and policies provided by your Department / School. Senate Research Ethics Committee (SREC) will only deal with applications from Schools without local Research Ethics Committees, instances where a local Research Ethics Committee refers an application to SREC in accordance with agreed local policies and procedures, or where the risk to the research participants and/or the researchers or the sensitivity of the project is particularly high.

Note that applications submitted to SREC for convenience (e.g. more suitable deadlines or missing a local deadline) will not be accepted.

You can find information of your local REC contact at the bottom of this page.​

Projects which involve the recruitment of School staff and/or students require approval by the School you intend to recruit from. This ensures that the same group of staff or students are not repeatedly contacted to become involved in research projects.

Principal investigators should not contact students or staff directly. Approval should be sought from the relevant Dean(s) of School(s), Head(s) of Department(s) and/or Programme Director from which you are recruiting.

Your request should include a brief summary outlining which students or staff you wish to recruit, information of which REC has approved the study and why you are seeking to recruit this particular population, including details of the particular recruitment method.

Note that in some areas of City, permission to recruit staff/students is not needed. For information about the arrangements in your School/Department, please contact your local research ethics committee.

Researchers wishing to recruit staff or students from City, University of London will need to submit a request to the Senate Research Ethics Committee Secretary. This includes City staff and/or students who have obtained approval from a research ethics committee external to the institution.

Read guidelines for how to apply for approval to recruit staff and/or students.

Most applications will require a participant information sheet and a consent form. Copies of questionnaires and interview questions to be used in connection with the research must be provided to the Committee with your application. For informal interviews a one-page summary of discussion topics should be provided. If letters of permission from organisations are necessary, copies of these should be attached.

Templates for the participant information sheet and consent form are available.

If your research includes personal data that will be shared with third parties e.g. transcription services or partners, you should include copies of any contracts, data sharing or confidentiality agreements you have with them.

Retrospective approval of research protocols cannot be given. Any data collected before approval has been gain cannot be used.

Retrospective approval of research protocols cannot be given. If you collect data before you have gained approval, you will not be able to use that data. Additionally, you will not be covered by City’s indemnity insurance. Failure to obtain approval may also result in disciplinary procedures being instigated.

Retrospective approval of research protocols cannot be given. You will not be able to use the collected data.

Yes. All research involving human participants or identifiable personal information has some ethical implications. Even if the research is low risk, issues such as data protection, confidentiality and anonymity need to be considered. Ethical approval must be obtained before any research involving human participants or identifiable personal data is undertaken.

If the study will recruit patients and/or relatives or carers through the NHS, or access their medical records or personal details, approval from the Health Research Authority (HRA) will be required. Guidance on how to make an application can be found online, the application form here, and information about the HRA assessment here.

You can use the HRA decision tool to establish if you require HRA REC approval.

This platform is widely used for consumer and psychology research and it’s quite common to see studies with MTurk experiments in many issues of prestigious psychology and marketing journals. It is often regarded as a platform to collect high quality data rapidly and inexpensively.

If you have obtained ethics approval from another institution, for example if you're transferring a project from a previous place of work/study, you will usually not be required to reapply for ethics approval, but a simpler process ratifying the approval from the other institution will take place.

Please note that this is not the same as ethical approval – your response will not be submitted for additional review.

It is a requirement that at least an initial assessment of risk be undertaken for all research and if necessary a more detailed risk assessment be carried out.

Please contact the Health and Safety Office for advice on risk assessments and/or how to complete it.

If you are collecting data to inform a larger study you will need to apply for ethics approval. If the findings of the pilot / feasibility study will determine how the main study is managed, it is recommended that a separate application is submitted for that part of the study.

You may test your survey or interview questions without applying for ethics approval as long as you are not collecting data. This could for instance involve testing that questions are appropriate and understandable for a certain age group.

You can find forms and templates to download on this page: https://www.city.ac.uk/research/support/integrity-and-ethics/guidance-and-resources/participants

In instances where researchers will not be undertaking the transcription or translation themselves and wish to hire a company to undertake this work, please contact the Research Ethics team for information on the University's approved supplier.

In the first instance, you should contact your Department / School. If you are a student you may also wish to speak to your supervisor.

You can find information of your local REC contact at the bottom of this page.​

Only collect the personal data you need to collect for your research. Under the legislation you must be able to justify why you are collecting the personal data and the lawful basis for processing.

Detailed guidance is provided on City’s Research ethics forms and templates.

It is important to consider whether you are treating survey respondents fairly and lawfully at all times. It is one of the fundamental principles underpinning the data protection legislation.

Will the respondents object to how their personal data is used? How you told them all they need to know before completing the survey?

If you were the survey respondent, how would you interpret the information have provided? Look carefully at your questions from the survey respondent’s point of view? Is it a clear and accurate?

From May 25th 2018, there is a statutory requirement to provide the information below before you collect personal data from individuals if it is applicable.

Further guidance on fulfilling these provisions will be provided in due course at Information Compliance (internal access only).

• Identity and contact details of the controller (and where applicable, the controller’s representative) and the data protection officer, Dr William Jordan who can be contacted by emailing Dataprotection@city.ac.uk
• Purpose of the processing and the lawful basis for the processing. Detailed guidance is provided on City’s Research ethics forms and templates
• The legitimate interests of the controller or third party, where applicable
• Any recipient or categories of recipients of the personal data
• Details of transfers to third country and safeguards
• Retention period or criteria used to determine the retention period
• The existence of each of data subject’s rights
• The right to withdraw consent at any time, where relevant
• The right to lodge a complaint with a supervisory authority
• Whether the provision of personal data part of a statutory or contractual requirement or obligation and possible consequences of failing to provide the personal data
• The existence of automated decision making, including profiling and information about how decisions are made, the significance and the consequences.

• Withdrawal of research data: in addition to the requirements above, it is best practice to inform individuals if there is a date beyond which, personal data cannot be withdrawn from the survey, because it has been fully anonymised, this needs to be clear to individuals before they complete the survey
• Free text boxes: if you use free text boxes, please inform individuals against providing additional sensitive or personal data in addition to the information required and if the survey is anonymous against providing personal or sensitive personal data that may identify them
• Consent to use quotations: you must obtain individual consent to use anonymised or attributable quotations from survey responses
• Signposting to sources of further information and support: If you are collecting personal data on a sensitive topic for anonymous and surveys where the participants are known to the researchers, you have a duty to provide links to additional sources of help and guidance at appropriate points throughout the survey and at the end
• Duty to disclose information: You should make clear if there are circumstances (for example statutory requirement to report safeguarding issues) in which you have a duty to disclose information provided by respondents.

This can be achieved by asking everyone to tick a box to confirm that they have read the information about the survey and agree to take part in it.

Research data needs to be held on City IT systems or on a City approved third party e.g. city.figshare.com

City ensures that its IT systems and those of approved third parties met the security requirements of the data protection legislation. All research data in transit must be held on an encrypted device.

City’s standard research data retention policy is for the research data to be kept for 10 years after the research project is completed. However, some research funding organisations have much longer retention periods. It is the researcher’s responsibility to abide by these requirements. If you have any queries about retention of your research data please contact the Information Compliance Team by emailing dataprotection@city.ac.uk.

City has put in place an agreement with Qualtrics, which sets out rights and responsibilities for both organisations with regard to personal data – how it is processed, who owns and has access to the data, security arrangements and where it is stored. City insists that the personal data is held within the European Economic Area (EEA) and not in the USA. Whilst the agreement has been set up to protect personal data, it also affords the information governance protection required for all research data.

How do I access Qualtrics?
https://cityunilondon.eu.qualtrics.com/

If you sign up to use other online survey tools – for example Google Survey or Survey Monkey - the agreement is between you and the company. Any data you collect will be held by the company and not by City, University of London.

If this is personal data , you will be in breach of City’s Data Protection Policy (internal access only).

If any of the personal data collected is lost, stolen or used inappropriately, City will be liable for any fines under the DPA/GDPR, even though the agreement will be between you and the survey company, because the research is conducted as part of your work or studies at City.

Failure to follow City’s policies and procedures to protect personal data, may result in disciplinary proceedings.

Focus group online: Whenever a focus group is proposed online, consideration and careful planning needs to be given to having a remote focus group. As part of protecting participants and/or informed consent, how do we support protecting the data of participants from each other?

The issue is when the researcher does not recognise that the risk exists, especially in an age when data security and the theft of one’s data is top of organisation risk issues.

1. Accessible technology allows for a participant in a remote focus group being able to record the entire discussion without the knowledge or consent of the researcher and/or other participants, whereas in person focus discussions allow for preventative measures.
2. It may not be resolvable, but consideration does need to be given as to how to mitigate this and/or how to give informed consent with the knowledge of these further risks.

Anonymity: Very often, there is indication that research will involve complete anonymity of participants. This is usually indicated in answering D2 in data section. Then there is indication data, which is collected through interviews.

1. Interviews allow for the interviewee to provide personal data even if not requested by the researcher.
2. If the interviews are recorded, this can also be  constituted as personal data and should be treated as such. Any recording of one’s face/voice, regardless of content, needs to be treated as personal data. There is no grey area in this as many security functions now involve face/voice recognition.
3. If consent forms indicate name of participant and signature, these are personal data.
4. If a questionnaire/survey contains any free text options, even a single option of free text, it needs to be treated as a personal data request, because the researcher has no control over what the interviewee inputs.

Data gathering outside UK in person or remotely: There is often mention of data gathering across international borders, either in person or remotely, with no indication of awareness of the risks.

1. Is there consideration of the risk and potential for data interception?
2. Is the data stored direct to City St George’s (CStG) servers or portable devices which can be lost or stolen?
3. Are the portable devices personal devices which may share storage space with other data used for other circumstances which increase the risk of data corruption/loss from an external source?
4. The issue is not that the gathering is occurring, but that the researcher does not acknowledge that danger exists or provides information requiring follow-up clarifications.
5. Common occurrences are performing the research overseas and the data are to be stored to a local non-CStG device and/or backed up to a portable, non-CStG personal device.
6. Recognition and reference should be made to City St George’s data security procedures and storing/backing up should always be to City St George’s approved devices.

Inconsistencies: Answering “Yes” to one item, and later indicating a response which equates to “No” for the same
item. Time is taken by all parties as, when noticed, the proposal needs to be returned and changed.

1. An example is R10 indicating a “No” for access to personal data and then later indicating interviews will occur with thematic analysis. R10 should then be a “Yes”.
2. Dates are inputted indicating inconsistencies of process, and a red flag is used to indicate the research has already occurred and the application is now being retroactively sought without clarifying why.

Access to confidential business data: Any form of indicated collaboration, limited access, data access, or agreed allowance to survey/interview staff of a business (large or small), should always have evidential agreement. At the least, a signed letter from a decision maker indicating they are aware and the company has agreed.

1. If any part of the proposal indicates that some form of collaboration is occurring, even informally (such as just asking employees about a topic separate to the company) should still be accompanied by some form of informed consent/agreement.
2. If the employees are taking part in their private capacity, items to consider are:
• If all are from the same companies, why is this?
• If private, why do companies even need to be mentioned?

Missing document: Any missing consent forms, Information sheets, and/or questionnaires will be returned as there is no way to make an informed risk assessment regarding the research. Examples are inadequate because it may bear no relation to the actual document used.

1. Surveys and questionnaires are particularly important as often, once they are seen, there is a free text/open question, but the research is indicated as totally anonymous (see item 2 above).