Personal and sensitive data
Collecting personal and sensitive data is not as common an issue in archaeological research as in some other fields such as sociology and political sciences which is often the reason why archaeologists might not be aware that they are handling those types of data.
Personal data are any piece of information that someone can use to identify (with some degree of accuracy) a living person which includes:
- A name and surname
- A home or email address
- An identification card number
- Location data
- Any other data about an identifiable individual.
Sensitive personal data are a specific set of “special categories” that constitute a high privacy risk and must be treated with extra security. Some examples of such data are:
- Racial or ethnic origin
- Political opinions
- Religious or philosophical beliefs
- Sexual orientation
- Genetic data (of living humans)
- Biometric data (e.g., fingerprints).
Archaeology specific personal and sensitive data
- Oral history and personal interviews, either transcripts or audio recordings
- Financial data relating to excavation (or other) projects, individuals involved within the excavation
- Personal correspondence, including emails
- Aspects of excavation ‘site diaries’ where individual archaeologists may be identified
- Skeletal or other burial data which can be linked to named individuals
- Fieldwork administration (might contain medical information)
- Photographs and videos were taken during fieldwork.
How to handle it?
To handle the personal and sensitive data safely and respectfully please follow these rules:
- Fill in the Leiden University DPIA form to determine whether you will be collecting such data or not because you might not be aware of it!
- Use these types of data only when necessary for your research.
- Always ask for consent.
- Follow the GDPR requirements.
- Delete personal and sensitive data after you no longer need it.
- To protect personal/sensitive data, you can use one, or the combination of, the following: Informed Consent forms; Data Embargo; Anonymisation; Pseudonymisation; Delete term/ Retention period; Data Generalization (Aggregation/categorization/partitioning).
- Store and transfer your data securely during your research.
- Be aware that the European law for “data leaks” is very strict: any personal data falling in the hands of unauthorized parties must be reported and this may potentially lead to serious penalties for the University.
In case you are handling such data or if you have doubts about it contact the Privacy Officer!