Data Protection

If you own the copyright to your data, you can provide it with a Creative Commons license and publish it. However, if you collect data from individuals, you must additionally observe the legal regulations of data protection to protect the privacy of individuals.

All data of persons that can be used to identify them must be securely processed following data protection laws. Personal data does not only include names, email addresses or similar, but also pictures, videos, information on occupation and age, even dance movements can identify people. A special type of personal data that needs extra precautions are called "sensitive data". Which data is classified as sensitive is conclusively defined in the Data Protection Act.

Just like any other data, personal and sensitive data can be stored, (collaboratively) edited and shared. In contrast to non-personal data, additional security measures need to be taken:

1. During data management planning: you organize secure data storage and prepare the consent forms. Consent forms should describe all steps of data processing, preferably also the possibility to share the data at the end. Inform yourself via your faculty's ethic commission about important steps to prepare and fill out the DESAT tool for self-information.
2. During data collection: you obtain consent from participants to collect, process and potentially also publish the data at the end (in anonymized form). If you use survey tools to collect data, these also have to adhere to legal requirements of data protection. Personal data must also be stored on a server that ensures only authorized access.
   • Informed consent forms: The Data Protection Office of the UZH offers a template for informed consent forms.
   • Surveys: UZH offers the tools Limesurvey and Unipark.
   • Storage: The UZH central IT department provides UZH-internal servers for this purpose. Please contact your institute's IT department for help.
3. During data processing: Data can only be shared with others for collaborative processing via secure connections, e.g. via SWITCHfilesender.
4. When publishing data: In order to publish the data, participants must have given their consent to do so. Data can be then published in anonymized form (depending on the informed consent) and made available via restricted access. Additionally, you can also regulate with a license  how the data can be reused.

Important links

The Data Protection Office of the University of Zurich offers a first overview of important topics concerning the handling of sensitive data (see especially their glossary).

Data protection in research projects

The DMLawTool provides help on all legal aspects of research data management. With the help of a decision tree, you receive information on data protection, copyright and licenses specifically geared to your own research project.

DMLawTool 

Website of the University Library on copyright and licenses

With the Self-Assessment Tool of the Data Protection Office at the UZH, you can quickly gain an overview of whether you work with personal data at all in your project, where you need to take a closer look, and whether you need to submit an application to an ethics committee.

To the Self-Assessment Tool Data Protection DESAT

In order to share personal or sensitive data publicly, you must anonymize or pseudonymize it. Anonymized data do not count as personal data and can be shared openly. In contrast to pseudonymized data they are no longer subject to data protection laws.

Anonymize

Personal or sensitive information is aggregated, regrouped, or deleted in such a way that no one can re-identify individuals in the data without a great deal of additional effort.

Pseudonymize

Personal or sensitive information is aggregated, regrouped, or deleted in such a way that the people behind the data can no longer be identified. However, with the help of the key, the original data can be restored.

Tools for automatic anonymization

• QualiAnon (qualitative data, German only)
• UK Data Archive: Anonymisation Tool (qualitative data, mostly for English data)
• ARX Data Anonymization Tool (quantitative data)
• Amnesia by OpenAIRE (quantitative data)
• SDC with SDCmicro in R (quantitative data)

If you can't share your data for ethical, legal, or technical reasons, you still have the option to share the associated metadata or data documentation. This way, the dataset itself is not public, but the information that it exists is. 

Are you unsure whether your study is ethically sound? You can find procedures for the ethical evaluation of research projects with the relevant UZH faculty below.

As a researcher in the humanities or social sciences, you can use the Ethics Committee checklist to determine whether your study requires an ethics application:

Download: Ethics Checklist of the Faculty of Art and Social Sciences
For further guidance, please refer to the Faculty Ethics Committee 

At the Faculty of Business, Economics and Informatics, there is an ethical clearance process for economic science projects. For more information, contact the head of the ethics committee, Prof. Michel Maréchal

The Ethics Committee of the Faculty of Medicine examines those research projects that do not fall under the Human Research Act from an ethical point of view. The "Data Protection and Ethics Self-Assessment Tool" (DESAT) of the University of Zurich should be consulted prior to submission.

Ethics Committee of the Faculty of Medicine

Researchers of the Faculty of Science are invited to consult Stephan Neuhauss: stephan.neuhauss@imls.uzh.ch.

At the Faculty of Theology there is an ethical clearance process for projects from Theology and the Study of Religions. Checklist and applications form for the Ethics-Committee Faculty of Theology are provided here.

Research projects from all areas of human research are assessed by the Kantonale Ethikkommission (KEK). It verifies compliance with the guidelines of the Human Research Act.