Restricting Access to Data

There are a number of reasons why you can justify withholding your research data. Withholding data means taking a decision not to openly publish them, even if there are obligations to funders or publishers to openly share the outputs of research.

If you receive a request for research data or information about your research under the Freedom of Information Act (see Freedom of Information) or the Data Protection Act (see Data Protection) for further information.

Research funders with data sharing policies typically require that research data are made as openly available as possible, recognising that there may be legal, ethical or commercial reasons why access to some data may need to be restricted. These restrictions typically apply at all stages of a project so that the research process is not damaged by inappropriate release of data.

Access to research data does not have to be completely open. If there are justified reasons why some research data cannot or should not be made openly available, it may still be possible to share subsets of your data either through use of consent and anonymisation, or by regulating and restricting access to specific users. This should always be considered in preference to a blanket restriction.

Even if data are identified as unsuitable for open access, other data management requirements will still apply. A data management plan should be used to identify and document reasons for withholding data and publications should still include a data access statement. This statement should include reasons why the data are not openly available and, if possible, conditions for access being granted.

The information below provides guidance to help you determine whether you may be justified in withholding your research data from publication. If you are unsure as to whether you could or should make your data openly available, please email the research data team at [email protected] before you publish your data.

Information security

The University of Westminster recognises that information and the associated processes, systems and networks are valuable assets and that the management of personal data has important implications for individuals. Through its security policies, procedures and structures, the University will facilitate the secure and uninterrupted flow of information, both within the University and in external communications. The University believes that security is an integral part of the information sharing which is essential to academic and corporate endeavour and associated policies are in place to support information security measures throughout the University.

For further information on IT security see Information Security and Compliance.

Freedom of Information

If you receive a request to access your research data or for information about your research under the Freedom of Information Act, please do not attempt to answer the request yourself but instead refer the request to the Freedom of Information web pages.

Types of access restriction

Access to data doesn't mean that everything has to either be openly available to the public or completely restricted. There are many types of access control that can be applied to all or part of your data, some of which will still allow you to share your data, but only with specific users under regulated conditions. This should always be considered in preference to a complete restriction on the whole dataset.

Access restrictions can apply to all types of research data and at any stage of a project. It is also possible that access restrictions can change over time. For example, it would be unusual to share any data during the active phase of a project before findings have been published and continued access restrictions may be required to allow time for commercialisation. However, after the end the project and once patent applications have been filed, it may be possible to release the data.

In some cases access restrictions might need to apply to an entire dataset. However, in many cases it is likely that restrictions need only apply to a subset of the data, such as raw data containing personal identifiers, allowing you to openly share the remaining data where access constraints do not apply.

In rare situations it might be necessary to restrict access to both the data and to metadata describing the data. If you think this might apply to your research, please email the research data team at [email protected] who will be able to advise on how best to comply with policy requirements for sharing data.

Types of access

The type of access that can be applied is not as simple as open or closed. Access to data can be restricted and regulated, allowing you more control over who is granted access to your data and when.

Publicly open access to data

Publicly open access to data would be suitable if there are no justifiable legal, ethical, contractual or commercial constraints on releasing data. This might apply only to final datasets supporting a publication, or to the completed outputs of a project, depending on your funder’s requirements for data sharing.

A privileged period of exclusive access

A privileged period of exclusive access is permitted, allowing you time to analyse and publish the results of the data you have created or collected. During a project, and assuming no other constraints apply, you would only need to provide access to the subset of data supporting published findings. This would allow you time to continue to analyse and publish from your wider dataset. However, funder data policies differ on how long this period of exclusive use should last - you may be required to publish all final datasets within a defined period from either the end of project funding or the date of data collection.


Embargoes allow you to delay access to data, during which time access would be completely restricted. Embargoes can be used to ensure that your archived data are not published until the articles based upon them are accepted for publication or published. This might be a condition of publication for some journal publishers. Embargoes can also be used to delay access whilst patents are filed or while research is commercialised. The Contracts and Commercialisation Manager ([email protected]) would be able to advise on how long this process might take and how long the embargo would need to be.

Registered access

Registered access is provided by some data archives, which require potential users to register before they are able to access data files. Registered access allows the data archive to monitor who access data, enabling reminders about conditions of use to be issued.

Access upon request

Access up request might be required for some types of confidential or sensitive data. In order to manage this type of access a named contact is required for the dataset who would be responsible for making decisions about whether access is granted..

Non-disclosure agreements

Non-disclosure agreements can be used to share confidential or sensitive data with specific individuals for specific purposes and under specific terms. Contact the Contracts and Commercialisation Manager ([email protected]) if you require a non-disclosure agreement for your data

More information

Ethics and data protection

Personal data

Research data involving human subjects must be handled in accordance with the Data Protection Act 1998. The confidentiality of participants must be maintained and personal data should not be made available to any third party without the explicit, written, informed consent of the person to which it relates. If you are unsure about how data protection might apply to your research data, there is data protection guidance (log-in to intranet to view) available. See Research ethics for further advice and help with wording consent statements.

Anonymised data should remove both direct and indirect identifiers, so that variables cannot be combined to reveal an individual's identity. This would apply not only to personal data but also to research data about organisations and businesses.

Although consent for sharing only relates to research data containing personal data, it is best practice to seek written informed consent from research participants for data to keep and openly share anonymised data after the project ends. Some external data archives will not accept anonymised data unless informed consent for data retention and publication was obtained.

It is possible to share only a subset of the data, where participants granted consent both to participate in the study and for their data to be retained and shared. This should be made clear in the data access statement and in any accompanying documentation so that potential users understand that the data can be re-used for new analyses, but not for validation of the original findings.

Other ethical considerations

There may be other ethical reasons why data should not be made openly available. Inappropriate release of some types of data might put research participants, the public or vulnerable groups at risk. For example:

Domestic energy usage data could be used to determine occupancy patterns in participants' homes.

Disease statistics might require anonymisation to avoid them being used to identify the location of villages in a war zone.

Spatial data that would reveal the location of an endangered species can be justifiably withheld to protect the species from poachers. This would also apply to the location of rare fossil specimens.

In these or similar situations it may still be possible to share other information from the dataset, in which case it should be made clear to future users which variables have been redacted, aggregated or anonymised in the dataset and why. Please email the research data team at [email protected] for advice if you think that there may be legal or ethical reasons why your data should be withheld.

More information

Contractual obligations

Intellectual property rights

Before you can openly share research data you need to ensure that you have the right to do so, including ownership rights and conditions of use.

The University's intellectual property policies and guidelines are intended to address both the rights and property aspects of IP generated within the institution.

See Intellectual Property and Research Ethics (log-in to intranet to view) for further information.

Where research is funded by an external partner, or where an external partner makes a contribution to a project, the partner may be awarded Intellectual Property Rights in the results, including the research data. This usually means that the results must be kept confidential by the University and only released under a publication protocol. It is recommended that all collaboration agreements should address the basis on which research data will be stored, accessed and published.

Third party data

If you have re-used any existing datasets that you have obtained from third parties then you need to ensure that you understand and comply with any terms under which the data may be used and shared. These data might include datasets you have downloaded from online repositories or databases, or research data shared by project collaborators.

In some situations, typically for software, you may be required to share any modifications under the same licence as the original data. There are a number of licences with this requirement and common examples include the GNU General Public Licences and the Creative Commons ShareAlike licences.

If you are not permitted to re-share or distribute the third party data directly, your documentation and data access statement should, as far as possible, provide details of where the study data were obtained so that other researchers can obtain or request access to the same data. This is particularly important for publicly available data.

See Copyright for further information.


If your external research partners have provided you with any research data, or if you have collaboratively created new data, conditions for how these data may be used, retained and shared should be set out in any contracts or collaboration agreements covering the research. Please contact Commercial and Business Development Support (log-in to intranet to view) for further advice.

If your existing research-related agreements include any confidentiality clauses, or if the University owes your external partners any obligations of confidentiality in respect of certain research data, you must ensure that data publication would not breach these.

The need to comply with confidentiality clauses and contractual obligations would be valid justifications for withholding research data. However, it may be possible to share such data with other researchers, subject to non-disclosure agreements. Commercial and Business Development Support (log-in to intranet to view) should be consulted if you need to set up any research related agreements.

It is recommended that future research-related agreements ensure that publicly funded research involving third parties is planned and executed in such a way that published findings can be scrutinised and, if necessary, validated by others.

More information

Digital Curation Centre FAQ on open source software

Digital Curation Centre guidance on How-to Licence Research Data

We acknowledge the work of the University of Southampton (and the University of Bath) in the development of this guidance.