We often make and keep lists of our research participants to re-contact for future research. We also often make or use lists of service users to contact for research recruitment.
It is important to manage these lists correctly. The basic rules and approaches you should follow are no different to when managing your user research raw data.
See also the UR participant recruitment standard
- Managing your own list of research participants in a project
- Building and managing larger lists of potential research participants (panels)
- Using large lists of service users for recruitment
Managing your own list of research participants in a project
You can keep a list of your research participants to re-contact again in your project, as long as they have consented to you doing this.
Make sure you don't over-contact them. Using the same research participant multiple times risks creating burden on them, and can be poor research practice.
If an individual asks not to be contacted again, you must respect this. Mark their record as 'do not contact' but do not remove them from your list until the 2 year retention period. If you contact an individual more than once and they don't reply, it is best practice to also mark them as 'do not contact'.
You must manage your list in the same way as any other personal data. Keep it as a spreadsheet in the same folder on SharePoint as your research raw data and consent forms, and give the file the same 'user research' retention label.
You should also mark the date when you last gained consent from the individual against their record. The spreadsheet will be deleted two years after the last time it was edited, but you should manually remove individual entries 2 years after their last consent.
Sharing your list of participants with other user researchers
Other user researchers can use your list, but only if participants have consented to this use of their data.
For example, if they consented to being recontacted about the same project, then another UR cannot contact them about a different project.
However, if they consented to their contact details being used by other user researchers in DfE, then another UR can contact them.
Building and managing larger lists of potential research participants (panels)
Sometimes we build larger lists of potential research participants to contact to invite to take part in research. These are often called 'participant panels', or just 'panels'.
When you are building a panel, you must gain consent from individuals to contact them in the future about research. If they subsequently agree to take part in research, you will need to gain a new consent from them for this.
There is some effort required to manage the data in a panel correctly. Because you will be adding people's data over time, you will need to manage retention of individual entries, rather than the whole spreadsheet/database. You must add the date that an individual consented to their record. Set yourself a weekly reminder to remove any entries.
If users ask to be removed from the panel, you should mark them as "do not contact". Do not delete their data until the 2-year retention period.
Using large lists of service users for recruitment
Many DfE services collect large datasets of service users. This data can be useful for identifying service users to invite to take part in research.
Whether you can use this data depends on two things:
- How the data was gathered under UK GDPR, and any consent given by the service users
- Rules and policies around the service, or by other DfE functions like Strategic Communications, about how and when the data can be used.
If individuals have consented to being contacted for research purposes by anybody in DfE, then you can use the data for this purpose.
If individuals have not explicitly consented to being contacted for research, you may still be able to contact them. You must discuss this with the person responsible for managing the data, and get advice from ODPO, before using the data.
As well as UK GDPR considerations, all services will have rules, policies and processes setting out how and when their data can or can't be used. You must follow these at all times. You may need agreement to use the data from the Senior Responsible Officer for the service, Strategic Communications, or other teams or individuals. Speak to the service team first.
Contacting organisations, not individuals
If the dataset does contain details of organisations rather than individuals (for example a list of educational establishments, rather than a list of individuals in those establishments) then you do not need to consider UK GDPR and consent. You must still only use the data within whatever rules, policies and processes are set around it.
Essential business versus marketing activity
When we contact people regarding user research, we are engaging in 'essential business'. This is not a marketing activity. If teams have a restriction on using data for marketing purposes, this should not restrict its use for user research.