Leszek A. Kosinski, International Social Science Council, Paris

1. Introduction

1.1 In discussing empirical bases for the social sciences in the recently released World Social Science Report, Richard Rockwell argued very convincingly that at the present time:

“inductive, observation-based social science research…dominates in the universities and research centres of the west and is rising in importance elsewhere” (Rockwell 1999: 157).

This type of research orientation cannot exist without empirical data either derived from existing data sources or obtained in the process of scientific inquiry. Not surprisingly, the recent growth of various data bases, the application of newly developed technologies and, last, but not least, increasing interest in the use (and misuse) of data as reflected in scholarly literature, all point to the importance of data for social science research, both theoretical and applied.

1.2 In this paper an attempt will be made to examine the existence and availability of social science data in Europe, and the problems of accessibility to existing data sources and data banks.

1.3 In preparing this paper the author was in a privileged position of having access to a recently completed report based on a world-wide survey undertaken by the International Social Science Council concerned with archiving and accessibility of social science data (Mochmann 2002). This project, funded by UNESCO, reflected the interest of this organization in data for social science research, as shown by the first World Social Science Report (1999) where several chapters dealt with issues directly, or indirectly, related to this topic (Rockwell, 1999; Denzin, 1999; Hobohm, 1999; McKie, 1999). The recently published International Encyclopedia of Social and Behavioural Sciences contains several entries where the question of data has been discussed (Smelser and Baltes, 2001).

1.4 Another source was a survey of European data-bases, undertaken as part of the present study in Summer 2002. Some 300 centres were approached and asked for information about the conditions for accessing their files. They were asked if they were open to the general public, to qualified researchers or only to their own research staff. Furthermore, the information was requested on financial aspects, if the access was free of charge or a payment (for each service or in the form of term subscription) was required and what were the conditions concerning their access policy and rules, in case they had them. In all, 75 answered, with the details provided by respondents varying considerably, and only a minority supplying extensive answers (Table 1).

TABLE 1: Results of a 2002 survey of data access

 Source: Survey by the author in Summer, 2002. 

Unfortunately too, some of the material obtained was of limited value as a number of respondents misunderstood the question and referred to the personal data on file [1] .

Examples of the responses received can be found in Appendix A. The responses sent from Ireland, Romania and Switzerland were very short. A response from the University of Leeds was, on the other hand, extremely long and detailed.

2. Sources of Data

2.1 Data of interest to students of social process has been collected for various reasons for thousands of years, but its availability, and quality has always varied a great deal. In modern times, the amount of data available has increased exponentially and questions of quality, comparability and accessibility are of primary importance to users of such data. Conventional classification of the methods of data collections distinguishes between censuses, surveys, administrative records, experiments, field-work and observation as well as personal narratives (Rockwell, 1999). Data may be used immediately as a base for policy makers and researchers to prepare recommendations, but their value as a primary source requires archiving so that other researchers may have access to them and use them either for verification of earlier findings, or for answering new and different research questions. In addition to primary data, there may exist partially processed data, which are of value to interested or specialist researchers and therefore should also be maintained for further use.

2.3 In Europe, the tradition of population censuses is well established and, in spite of occasional protestations that they can violate privacy and should be abandoned, they are carried out regularly and data made publicly available. The problem with this type of data, for comparative studies, is with their comparability - the need for similar concepts and measures, similar timing and coverage. In spite of repeated efforts to improve comparability, carried out by various international organizations, the situation is far from satisfactory.

2.4 Likewise, government records were collected and kept for administrative purposes by national, regional or local authorities for centuries. But their accessibility was not universal. It was either restricted by confidentiality (the clause removed after some time) or simply by their operational usage.

2.5 Relatively new data source are results of surveys, experiments and observations, derived from public or private research, including individual research. Sometimes, this primary material was kept by individuals or deposited in local or national archives. Sometimes it was simply discarded after having been used for a particular research project. It is in this domain that recent changes have been most remarkable.

2.6 The need for preserving original data even after their initial use was recognized long ago. In fact, an early statement to this effect (in relation to biometric data) was made by Sir Francis Galton in 1901 [2]

2.7 One should keep in mind that data sources have been preserved for centuries in different forms by various institutions and agencies, including public and private archives, government offices and libraries of different types. Recently established social science data archives are only a new addition to this honorable family of record keepers. Needless to say, methods of collecting, preserving and making data available have changed over time, as their quantity evolved and as demands for data varied.

2.8 In discussing access to data sources, a distinction should be made between technical questions, legal and ethical aspects and, last but not least, financial dimensions of the whole issue. For most of the time data existed in hard-copy form. Historical records were of course subject to various types of risks which affected their availability and quality. After all, even today floods, fires and other disasters can strike archives and libraries.

2.9 Computerization began after World War II and the idea of data archives developed in the early 1960’s. Initially, most data sets were in the form of decks of electronic data processing cards. Later tapes were used for storing data before electronic data storing became a standard form (Campbell, 2001). Computerisation made access easier and, at least, in principle, data transfer is possible wherever exists computer capacity. In practice, diversity and dependability of equipment and programmes as well as cost of using them may influence real accessibility to data sources even if other restrictions are overcome. Principle of data sharing may also be phrased in ethical terms. In other words, ‘scholars should share with other scholars a crucial part of their intellectual property, data they have collected’ (Rockwell, 2001, p.3228). This requirement can be extended to publicly generated data, paid for by the public at large.

2.10 Sometimes, however, there exist legal restrictions regarding the use of data, or, inversely, a requirement that data derived from publicly funded research must be made accessible after some specific period. But, collection and storing data do not come free, and there is an increasing tendency to expect the user to share part of the cost. Depending on the fees this requirement can practically exclude many potential users.

3. Data collections in Europe

3.1 Social Science data archives developed in the second half of the twentieth century. The first such archive, the Roper Center, was founded in the United States in 1947. The first European archive was established in Germany in 1960 at the University of Cologne (Scheuch and Brüning, 1964). It was followed in 1962 by the Steinmetz Archive in Amsterdam, and the Inter-University Consortium for Political Research (ICPR) at the University of Michigan in Ann Arbor. The international dimension was recognized very early in this new development. However, the main thrust was in the growth of the national institutions – libraries, archives and various public and private collections.

3.2 The number of archives has increased very substantially, and now runs into hundreds. According to some estimates, the number of discrete datasets stored in social science data archives, worldwide exceeds 100 000 of which a substantial part is in European centres (Mochmann, 2002, p.5). In addition to individual archives there exists a Council of European Social Science Data Archive (CESSDA) established, as a European platform in the 1970’s. Its constitutional objectives include:

·  promotion of acquisition

·  archiving and distribution of data for social research throughout Europe

·  facilitation of exchange of data and technology among data organisations

·  support for new organisations

3.3 Special efforts were made to develop standards leading to better comparability of data, their classification and accessibility. Furthermore, continuity guides were drafted to assure long-term utility of data. Cooperation among CESSDA members is very close, and it includes annual business meetings (the last one was held in Ljubljana, Slovenia, in March 2002). The number of archives associated with CESSDA is now approaching twenty, and coverage is quite extensive and still growing (Mochmann, 2002, p.7-8) (Table 2)

 Table 2: European network of archives connected with CESSDA

Source: Map created by the NSD for CEESDA in http://www.nsd.uib.no/CESSDA/europe.html

The CESSDA network is electronically connected via the Internet and can be easily reached. In fact, an individual researcher is said to be able to have access to available resources directly from his/her desk (Mochmann, 2002:8).

3.4 Another international and, indeed, global organisation established in response to the growing needs of the international social science community is the International Federation of Data Organizations (IFDO). It was founded in 1977 and played a major role in assisting new archives by providing technical and organizational advice and help. At the present time IFDO forms a network of more than 30 data services around the world (Rockwell, 2001:3227 and Mochmann, 2002: 10).

3.5 These organisational efforts were accompanied or even preceded by the discussions led by social scientists interested in comparative research. A good example were two Standing Committees within the International Social Science Council – one on Comparative Research and another one on Social Science Data. They are said to have inspired national initiatives to coordinate transborder cooperation (Mochmann 2002: 6).

3.6 It is beyond the scope of the present paper to provide a full inventory of all data archives particularly since the list is continuously growing. A partial list can be found in ISSC-sponsored project (Mochmann 2002).

In his list, the entries were somewhat standardized which makes comparisons easier. Unfortunately, not all entries contain information about accessibility. Examples are shown in Appendix B.

4. The Contents of Data Archives

4.1 Most archives contain numerically coded data. They are not necessarily quantitative, as qualitative data can also be found there. Another distinction is between micro-data and macro-data. The micro-data on many distinct units of observation differ from macro-data measurements. The problem with micro-data is that of privacy, and in order to assure anonymity all identifiers have to be removed. On the other hand, they provide more detailed information which can be combined in different ways. Macro-data cannot usually be disaggregated and consequently, they provide less analytical power. The accurate use of data requires additional information on the conceptual meaning of the codes, procedures of acquiring the data etc. Unless researches are familiar with the ‘cuisine’ of data archives they may easily be lost without specialized expertise of data librarians/archivists (Rockwell, 2001).

4.2  Another way of categorizing data may be based on their availability. In the Austrian database WISDOM, four categories are identified (2002 own survey):

·  Available without restriction

·  Available only with the agreement of the donor/depository of data

·  Available only after disclosure limit has been reached

·  Only general documentation is available but not the data

Similar categories exist in other archives, for example, Italian ADPSS.

5. Accessibility of Data

5.1 From the point of view of a researcher the question of accessibility is of primary importance. It goes without saying that data sets generated by individual projects remain available to their authors. However, comparative studies require access to other data sets, either public or privately controlled. While macro-data remain usually in public domain, the use of micro-data is often restricted. Confidentiality concerns may lead to limitations of potentially important signifiers to the extent that micro-data are losing their usefulness. This is true for simple data sets but even more so when multiple data sets are to be used.

5.2 In the American context several approaches were tried to solve the problem (Campbell, 2001:3258). One method, utilized by the US Bureau of Census is closely controlled access. In fact, in several specially created Research Data Centres access to restricted data is permitted to qualified researchers. Another approach, mentioned by Campbell is based on development of disclosure limitation methodologies in order to protect individual identity in publicly available data files. Still another way to deal with the problem is to make documentation publicly available but require that the analysis be run remotely on agency’s own computer with agency control over the analysis.

5.3 It is clear that all these methods create a cumbersome machinery of control and the cost involved will affect the real accessibility of data. Only well-funded researchers will be able to afford to use the data under these circumstances.

5.4 The policy regarding access to collections vary a great deak. Many centers give priority to researchers and students. For example, more than 90% of data sets in ZA Cologne is dedicated to scientific users. Finnish and Estonian centers make data available free for scientific research and teaching.

5.5 Some archives give privileged access to their members. The example is the Interuniversity Consortium for Political and Social Research (ICPSR) in the USA which has a membership consisting of over 350 colleges and universities worldwide. Some data sets are available to members only. Others can be supplied to non-members for a fee. In some cases, national academics are given free access (Romanian RSDA), non-Romanians have to go via their own national centers.

5.6 Many universities pay subscription fees to obtain data, which are later made available free to their own academic community (University of Edinburgh, which obtains data from the UK Data Archive).

5. 7 Fee policy is far from uniform and the cost of obtaining data may depend on the status of customer and the character of research.Some archives provide data free for academic research but charge commercial users (Czech SDA, Romanian RSDA). Austrian WISDOM charges 15 euros for data in no-restriction category A but in restricted category B (donor’s agreement required) fee varies from 350 euros to 3000 euros. Several German archives have special fees for students at a level of 20% of general charges (ZA Cologne, University of Magdeburg). Dutch Steinmetz Archive, which is part of NIWI has a rather elaborate price list.

6. Challenges in the Future

6.1 There is no doubt that the trend to greater use of massive data will continue and challenges for archivists and users alike will only become more complex. R. T Campbell identified three issues, which in his mind are relevant to the question of more effective use of data (Campbell 2001: 3260):

·  The research community should pay more attention to comparability and replicability. There is still much to be done to develop efficient and effective electronic documentation and metadata.

·  Secondly, access for qualified researchers to data needs to be streamlined. One of the stumbling blocks here is the concern with privacy and the need to prevent disclosure.

·  Thirdly, and most importantly, with increasing availability of data sets related to the same question, a better way of using multiple data sets, including relevant macro-data, has to be found.

6.2 In other words, the challenges require different approaches as they relate to different types of problems. The first concern is with creation of data sets and methodology of surveys which would contribute to better comparability and replicability over a period of time. The second concern deals with matching different data sets. Both these concerns must be addressed by the scholarly community including survey promoters, researchers and archivists. The third challenge has wider ramifications, involving legal and financial communities and even the public at large. Increasing concern with privacy and intellectual rights as well as potential financial rewards will have to be addressed in a way acceptable to all parties involved.

6.3 At the present time, the tendency is to restrict rather than open access to data. There are various reasons behind this trend:

·  Fear of losing one’s monopoly over data (not unusual among researchers)

·  The fear of disclosure and its legal consequences

·  The desire to recover the cost of acquiring, storing and making data available leads to increasing the fees

·  The complexity of procedures introduced by data archives which discourage potential users

·  The preference for well-established and known researchers which makes life difficult for newcomers.

6.4 In order to address these problems a new approach is needed. Researchers have to be encouraged and, indeed rewarded for generating data that can be of wider use and for depositing the data set in the archives. This can be partly achieved by agreeing on widely acceptable rules of the game, perhaps in the form of a code of access as well as code of usage of data. On the other hand, data archives must be interested in making access easier by streamlining procedures, reducing accessibility restrictions and reducing the fees, at least for some users. This in turn will require subsidization from other sources, most likely public.

6.5  New theoretical perspectives created need for new data and this can be satisfied by new data generating projects and the ever-increasing computer capabilities. At the same time new databases themselves may stimulate new or modified theoretical perspectives. Research infrastructure of the social sciences will continue to expand as new developments in data management and analysis will provide new tools and methods for researchers (Miller, 2001: 7834).

6.6 Will this lead to a better and more relevant social science? Only time will tell but the research community must be aware that producing more efficient tools should not be seen as a substitute for critical and creative thinking.

1. Campbell, R.T. 2001 “Databases, Core: Sociology”, in Smelser and Baltes, 2001, pp.3255-3260.

2. Denzin, Norman K. 1999. “The uses of qualitative empirical materials in the social sciences “, in UNESCO 1999, pp. 167-171.

3. Hobohm, Hans-Christoph, 1999. “Social Science Information and documentation”, in UNESCO 1999, pp.172-181.

4. McKie, Craig, 1999. “A user’s guide to social science sources and sites on the web”, in UNESCO 1999, pp.182-186.

5. Miller, R. B., 2001. “International research: programs and databases”, in Smelser and Baltes, 2001, pp.7832-7834.

6. Mochmann, Ekkehard, 1998. “European cooperation in social science data dissemination”, in R. Walker and M.F. Taylor, eds. Information, Dissemination and Access in Russia and Eastern Europe: Problems and Solutions in East and West, Amsterdam: Press, pp.33-43.

7. Mochmann, Ekkehard, 2002. Social Science Research Data Archiving and Accessibility: Exploratory Approach. Report for the International Social Science Council.

8. Rockwell, Richard C., 1999. “Data and statistics: empirical bases for the social science”, in UNESCO 1999, pp.156-166.

9. Rockwell, Richard C.,2001. “Data archives: international”, in Smelser and Baltes 2001, pp.3225-3230.

10. Rothenbacher, Franz, 1994. “Statistical sources for comparative European social research”, International Social Science Journal, 142, pp.541-570.

11. Scheuch, E.K., 1964. A new Tool of Social Science Research: Archives for Survey Data. Report to the International Social Science Council.

12. Smelser, Neil J. and Baltes, Paul B. eds 2001. International Encyclopedia of the Social and Behavioural Sciences, Oxford: Elsevier, 26 Volumes.

13. Stigler, S.M., 2000. “The problematic unity of biometrics”, Biometric 56 (3), pp.653-658.

14. Tannenbaum, Eric and Mochmann, Ekkehard, 1994. “Integrating the European Databases: infrastructure services and the need for integration”, International Social Science Journal, 142, pp.499-512.

15. Thurn, G. and Neidhardt, F.,2001. “Infrastructure: Social/Behavioural Research (Western Europe)”, in Smelser and Baltes, 2001, pp.7511-7517.

16. UNESCO, 1999. World Social Science Report, 1999, Paris: UNESCO Publishing/Elsevier.

Selected Responses to ISSC Survey/ Summer 2002

1. Ireland:

Catherine Convery < >

I suggest that you look at the website www.ucd.ie/~foi as this will give you information the Freedom of Information Act. If there is not enough information there, please contact the FOI UNit directly

2. Romania:

Romanian Social Data Archive-RSDA

Mr. Adrian Dusa"

There is a Romanian data archive on the web at www.roda.ro where you can read all the information you need. On short, this is a public data archive, but not free for any person. Only academic users are given free access to the datasets, private market users or individuals will have to pay a certain amount of money, according to the requirements specified by the owners.

Secondly, any user will have to be registered to order datasets. This means filling a Registration Form, signing an Individual Access Form and only after that order specific datasets.

This is valid for Romanian citizens; foreign users will have to place the order to their national data archive (you can find all national data archives in Europe on the links page), and they will contact us. We cannot register users from all over the world, you can imagine that.

Switzerland:

Swiss Information and Data Archive for the Social Sciences-SIDOS-

Mr Reto Hadorn < >

Please look at the following page on our server: http://www.sidos.ch/data/default.asp?lang=e

United Kingdom:

University of Leeds,

See below our policy on data protection and access to files. Data Protection | Code of Practice THE UNIVERSITY OF LEEDS Code of Practice on Data Protection Set out below is the University's code of practice on data protection, which accords with the Data Protection Act. The code falls into two sections. The first, covered in paragraphs 1-43, constitutes a statement of general policy, which includes an indication of the University's obligations under the Act. The second section, covered in paragraphs 44-60, provides brief guidance notes for staff in connection with handling personal data. POLICY Introduction

1. The University needs to process certain information about its employees, students and other individuals, examples of which are set out in paragraph 7 below and in Appendix I. In so doing, the University must comply with the Data Protection Act 1998 [the Act]. The Act contains eight basic principles, which state that personal data must: be obtained and processed fairly and lawfully and shall not be processed unless certain conditions are met be obtained for a specified and lawful purpose and shall not be processed in any manner incompatible with that purpose be adequate, relevant and not excessive for those purposes be accurate and kept up to date not be kept for longer than is necessary for that purpose (see paragraph 15 and Appendix II) be processed in accordance with the data subject's rights be kept safe from unauthorised access, accidental loss or destruction not be transferred to a country outside the European Economic Area, unless that country has equivalent levels of protection for personal data.

2. Two of the main features of the Act are that: it places restrictions on what the University can do with personal data; certain conditions, which include obtaining data subject consent, must be met before processing can take place. The term 'processing' covers almost anything that is done to data by reference to individuals and the practical implications of these restrictions are wide-ranging it extends the right of access for staff and students to personal data that relates to them held in computerised systems to include 'organised'(1) manual filing systems within departments, services and the centre. (There is no entitlement to immediate or on-site access but the Act places a responsibility on the University to respond to access requests in good time(2); to this end, all data subject access requests will be handled centrally (see paragraphs 16-17 below).)

3. The University and all staff or others who process or use any personal information must ensure that the data protection principles and the law under the Act are followed and fully implemented.(3) In order to facilitate this, the University has developed a code of practice on data protection. The references to personal data made within this document apply to all data held on individuals within the University, not just students and staff. Status of the Policy

4. This policy forms part of the formal contract of employment for staff and part of the formal agreement between students and the University. Staff, and where appropriate students, must abide by this policy and any failure to comply with the code could result in disciplinary proceedings.

5. Those with honorary contracts or 'Visitor' status - for example, members of NHS staff who teach University students and Visiting Professors and Fellows - will also be expected to comply with this policy insofar as they come into contact with personal data through the University and in connection with the provision of their own personal data.

6. Staff or students who consider that the policy has not been followed in respect of personal data should raise the matter with one of the University's two designated data controllers. If the matter is not resolved with the help of the data controllers it should be raised under the appropriate grievance or complaints procedures(4). What is personal data?

7. Personal data is information about a living individual, who is identifiable by the information, or who could be identified by the information combined with other data, which the University has or may have in the future. This includes names and addresses, features such as hair and eye colour - which will often be in the form of photographs - student attendance records and marks, ethnic origin, qualifications and experience, details about staff sick and annual leave, dates of birth or marital status. Furthermore, any recorded opinion about or intentions regarding a person are also personal data; and this includes both student progress reports and staff review reports.

8. The Act covers ALL personal data processed by the University, irrespective of whether these are held by individual members of staff in their own separate files (including those held outside the University campus) or in departmental records systems or at the centre of the University.

9. The Act distinguishes between ordinary personal data such as name, address and telephone number and sensitive personal data including information relating to racial or ethnic origin, political opinions, religious beliefs, trade union membership, health, sex life and criminal convictions. Under the Act the processing of sensitive data is subject to much stricter conditions. In particular, processing of sensitive data requires explicit consent. However, in most instances consent to process ordinary and sensitive data is obtained routinely by the University (see paragraphs 13-14 below and Appendix I). Electronic data

10. Electronically-held data is already covered by the 1984 Act(5). For the avoidance of doubt, this data encompasses not just personal data held on databases but, for example, emails, letters and other documents held on disk or on hard drive. Manual filing systems

11. The new Act covers 'relevant' manual filing systems, which may have the following characteristics: grouping within a common criteria, even if not physically kept in the same file or drawer structuring by reference to the individual by name, number, student cohort, degree scheme or other mechanism, or by criteria common to individuals, such as sickness, type of job, membership of pension scheme or department and, most pertinently of all, structuring that allows specific information about the individual to be readily accessible.

12. In practical terms, however, it is seems prudent to assume that most, if not all, manual filing systems will fall under the provisions of the Act with effect from October 2001. Subject Consent

13. In many cases, the University can process personal data only with the consent of the individual. In some cases, if the data are sensitive, explicit consent must be obtained. The University has a duty, under certain circumstances, to ensure that staff are suitable for the job, and students for the courses offered. On occasion, police checks will be required to verify criminal records. (There are, for example, some jobs or courses which will bring the applicants into contact with children.) Where this is relevant to the job, the University may also ask for information about particular health circumstances.

14. As noted in paragraph 9 above, in most instances staff - and where appropriate, students - will not need to obtain consent to process from data subjects because such consent is obtained routinely by the University. All staff and students are asked to signify their consent to the University processing both ordinary and sensitive personal data on application for the purposes of processing that application. Upon student registration or acceptance of an offer of employment, students and staff are asked to give consent to processing a wider range of data. Agreement to the University processing this personal data is a condition of acceptance of a student onto any course and a condition of employment for staff; a refusal to provide consent may result in discontinuance of the application. Further information on this point is set out in Appendix I. Retention of Data

15. It is not in the interest either of data subjects or of the University to retain unnecessary or duplicative information. The University does, however, retain some data relating to former staff and students - most of which is held either in the Central Records Office or the University Archive - partly in order to comply with statutory requirements but also as a way of maintaining a complete historical record. Nonetheless, it is University policy to discourage the retention of personal data within files for longer than it is needed. Staff are encouraged to work towards the guidelines for the retention of personal data set out in Appendix II and files forwarded to Central Records Office or to the Archive should be 'weeded' beforehand in accordance with this guidance. Access to data

16. Staff, students and others in contact with the University will on most occasions have the right to access personal data that is being kept about them either on computer or, from October 2001, in 'relevant' manual files(6). This will normally be provided in the form of copies of the personal data or a report of the data held, depending on the type and format of the original data. Any person who wishes to exercise this right should complete the access request form University's Access (see Appendix III) and forward it to Melody Mellor (Assistant Secretary, Secretariat). The University will levy a charge of £10 on each occasion that access is requested.

17. Where required to do so under the Act, the University aims to comply with requests for access to personal information from data subjects as quickly as possible, but will ensure that it is provided within 40 days from the date of the request. Staff obligations

18. Staff have responsibilities for processing personal data about students (and in some instances, colleagues) but are also data subjects in their own right. In connection with personal data on students and colleagues, all staff must comply with University guidelines on data protection. In connection with their own personal data, all staff should: ensure that any information that they provide to the University in connection with their employment is accurate and up to date inform the University of any changes for which they are responsible, for example, changes of address (the University cannot be held accountable for errors arising from changes about which it has not been informed). Student obligations

19. Students must ensure that all personal data provided to the University are accurate and up to date. They must ensure that any changes, of address, for example, are notified to the Student Office, to their parent department and to other offices as appropriate (the University cannot be held accountable for errors arising from changes about which it has not been informed).

20. For the avoidance of doubt it is emphasised that students who come into contact with personal data through the University - for the purposes of research or study, in pursuit of an academic qualification and under the direct supervision of a member of staff - will be covered by the University's notification to the Data Protection Commissioner. In such cases, staff must notify students about - and students must abide by - the relevant provisions of the code of practice (and see in particular paragraphs 35-37). The University is not responsible for notification of personal data processed by students for their own use. Data Security

21. All staff (and where appropriate, students) must ensure that: any personal data which they hold are kept securely personal information is not disclosed either orally or in writing, intentionally or otherwise to any unauthorised third party.

22. Staff should note that unauthorised disclosure may be a disciplinary matter, and could be considered gross misconduct in certain cases. (Guidance on authorised disclosure is set out in paragraphs 49-52 below.)

23. Additionally, staff must ensure that, where a data processor processes data on the University's behalf (a mailing agency, for example) there is a written contract between the parties which specifies that the processor agrees to act on the University's instructions and to abide by the provisions of the Act in connection with data security. Further guidance on appropriate terms for such a contract can be obtained from Adrian Slater, the University's Legal Adviser.

24. Staff should make reasonable efforts to ensure that all personal information is kept securely but should pay particular attention to the security of sensitive data.(7) All personal data should be accessible only by those who need to use it and sensitive data must be either kept in a lockable room with controlled access, or: kept in a locked filing cabinet, or in a locked drawer, or if computerised, be password protected, or kept only on disks which are themselves kept securely.

25. While the security of the campus network is the responsibility of the University, individuals will need to take appropriate security precautions in respect of day-to-day PC usage. Care must be taken to ensure that PCs and terminals are not visible except to authorised staff and that computer passwords are kept confidential. Screens should not be left unattended when personal data is being processed and manual records should not be left where they can be accessed by unauthorised staff. When manual records are no longer required, they should be shredded or bagged and disposed of securely; and the hard drives of redundant PCs should be wiped clean (a procedure that is already standard practice in ISS).

26. Off-site use of personal data presents a potentially greater risk of loss, theft or damage to personal data; and the institutional and personal liability that may accrue from the off-site use of personal data is similarly increased. Staff and students should take particular care when laptop computers or personal machines are used to process personal data at home or in other locations outside the University; and staff and students should also be aware that this code of practice and their responsibilities under it apply when data are processed under such circumstances. Publication of University Information

&