CLS houses four national longitudinal cohort studies: 1958 Child Development Study; 1970 British Cohort Study; Next Steps; and Millennium Cohort Study. Information governance (IG) ensures we have governance, systems and processes in place so that study participants’ personal information can be processed in line with their expectations, relevant laws, standards and UCL policy.
Data collection is funded from a number of sources, including the Economic and Social Research Council (ESRC), the Medical Research Council (MRC), charitable trusts and government departments and agencies. Data are collected during regular surveys of all study participants and follow up studies of particular sub-groups. The information that we hold also includes linked administrative records, geographical linked data and data extracted from biological samples.
CLS is committed to keeping study participants’ data secure. The following registration, self-certification, and assessment is in place to support this commitment:
We are committed to processing study participants’ data safely in line with the UK General Data Protection Regulation (UK GDPR) tailored by the Data Protection Act 2018. Study participants are made aware of our privacy information and study frequently asked questions (FAQs) which contain full details of our lawful basis for processing their data. Further details are included on each of the study participant websites:
A consent process is in place to meet our ethical obligation to ensure that after receiving full information about each study data collection and how their data will be used, study participants are able to make a voluntary decision about whether to take part and, if applicable, whether to consent to administrative records being linked to their data.
All study participants are given information about each study data collection and asked to give their consent to take part. All study participants are also given information about how to withdraw from the study and data linkage.
We ensure that study withdrawals, or objections, are processed properly and contact details are suppressed effectively. All research involving personal data are scrutinised and approved by a research ethics committee and registered with UCL’s Data Protection Office. Further details are included on each of the study participant websites:
We process study participant data with the GDPR principles in mind:
CLS completes Data Protection Impact Assessments (DPIAs) in line with UCL policy to ensure that data flows are recorded, individual rights are respected and controls are put in place to minimise any risks to study participants’ privacy. The CLS IG risk register is reviewed at each CLS IG Steering Group meeting, and risks are escalated to the UCL Senior Information Risk Owner (SIRO) as necessary.
We only retain personal information when we have a lawful basis or reason for doing so. Our Records Management Policy and Records Retention Schedule ensure that all of CLS’s records, are managed in accordance with records management principles. We keep records of original signed consent forms, any destruction of records and our data sharing and processing activities as well as individual rights requests.
We have roles and governance structures in place to facilitate accountability and assurance for our processing activities including:
Information Asset Owner (IAO)
The CLS Director and chair of CLS Senior Leadership Team (SLT) and CLS Information Governance Steering Group (CLS IG SG) is IAO and is accountable to the UCL Senior Information Risk Owner (SIRO) for ensuring risks associated with processing personal data at CLS are properly managed. The IAO is assisted by other roles (including an Information Asset Administrator) across CLS who help ensure that participant data are processed according to relevant laws and standards.
CLS Data Access Committee (DAC)
Access to CLS research data is controlled by the DAC. Further information is available at DAC Terms of Reference; CLS Research Data Access webpage; CLS Research Data Access Framework.
CLS IG Steering Group (CLS IG SG)
CLS IG SG, which is chaired by CLS’s Director and attended by representatives from across CLS, facilitates the IG agenda at the Centre and is accountable to the CLS Senior Leadership Team. Information rights requests, comments, compliments and complaints are reported in summary to the CLS IG SG.
Technical and physical security arrangements are in place at CLS to prevent unauthorised access to study participants’ data. Our data breach guidelines ensure that any data breaches are identified to the CLS Information Governance and Data Protection Officer and reported to UCL ISG immediately, in line with UCL policy.
Updated March 2021