Ethics and legal issues

Data and research integrity

Understanding your responsibilities

The University and its staff and students are bound by the Australian Code for the Responsible Conduct of Research (the Code). The Code is a principles-based document that articulates the broad principles and responsibilities that underpin the conduct of Australian research.

R22 Retain clear, accurate, secure and complete records of all research including research data and primary materials. Where possible and appropriate, allow access and reference to these by interested parties. (NHMRC, 2018)

Together with accompanying Guides on specific topics, the Code has broad relevance across all research disciplines providing guidance for institutions and researchers on responsible research practices.

Specifically, the Management of Data and Information in Research Guide, prescribes that researchers should:

  • retain clear, accurate, secure and complete records of all research data and primary materials
  • retain and be able to produce on request all relevant approvals, authorisations and other administrative documents, such as ethics and financial approvals, receipts and consent forms
  • where possible and appropriate, allow access to research data and primary materials, in particular, to enable to facilitate the sharing of research data. This access should be facilitated by the use of indexes or catalogues of data and information generated, accessed and used during the research
  • respect any project-specific conditions of consent or confidentiality obligations
  • adhere to project-specific protocols that require measures beyond those required by institutional policy or relevant laws, regulations and guidelines, or research discipline specific practices and standards
  • report any inappropriate use of or access to or loss of data, in accordance with applicable institutional policies and, where relevant, other reporting schemes such as the Notifiable Data Breaches scheme
  • ensure that agreements are in place to govern circumstances in which researchers leave the project or move from one institution to another during the course of the project
  • ensure that agreements are in place between institutions for managing responsibilities set out in this guide for data and information in multicentre or collaborative research projects

The Guide also outlines four key areas of responsibility for researchers:

  • Retention and publication
  • Managing confidential and other sensitive information
  • Acknowledging the use of others’ data
  • Engagement with relevant training

The Research Integrity and Misconduct Policy (RIMP) aligns with the principles and responsibilities articulated in the Code, and provides the standards and responsibilities for all researchers at the University.

As a researcher, it is your responsibility to ensure that your research data management practices align with the:

  • principles and responsibilities of the Code (and accompanying guides);
  • expectations outlined in the University’s policies; and
  • process supporting responsible research conduct at the University.

When something goes wrong

Research integrity breaches occur when there is a deviation from the principles and responsibilities described in the Code. Where there is a serious deviation from accepted practice that is intentional, reckless, or negligent, this is also described as research misconduct.

Examples of breaches of the Code relating to research data, as outlined in the Guide to Managing and Investigating Breaches of the Code include the following:

    • Fabrication of research data or source material
    • Falsification of research data or source material
    • Misrepresentation of research data or source material
    • Falsification and/or misrepresentation to obtaining funding

    • Plagiarism of someone else's work, including theories, concepts, research data and source material
    • Duplicate publication (also known as redundant or multiple publication, or self-plagiarism) without acknowledgment of the source

    • Failure to appropriately maintain research records
    • Inappropriate destruction of research records, research data and/or source material
    • Inappropriate disclosure of, or access to, research records, research data an/or source material

All researchers and other employees of the University are required to report research integrity concerns to the Office of Research Ethics and Integrity.  Bu reporting suspected research misconduct, you are helping to safeguard the credibility of our research and uphold the University's commitment to the highest standards of integrity, quality and transparency in research.

If you become aware of a research integrity issue, you must report it. Concerns that are raised or reported early on, often result in a local resolution or reduce the likelihood of the need for a research integrity investigation. You may choose to report anonymously. If you do so, that may limit our ability to address your research integrity concern.

Submit a concern or complaint

Need advice?

If you have a question about responsible research conduct, for example interpreting a policy, or following a research integrity related process, you should seek advice by contacting:

RIAs are available across all faculties and medical institutes, and you can contact any RIA for advice.  RIAs should be the first point of contact for staff and students with questions or concerns about the responsible conduct of research.  Information about the role and responsibilities of an RIA and how to contact them can be found on the RIA website

The Research Integrity Investigation team are based in the Office of Research Ethics and Integrity and can provide you with advice and guidance on research integrity policies and procedures.  Contact the team via their ServiceNow form

Intellectual property rights (IPR)

The World Intellectual Property Organisation (WIPO) has defined intellectual property (IP) to "include the rights in relation to:

  • Literary, artistic and scientific works
  • Performances of performing artists, phonograms, and broadcasts
  • Inventions in all fields of human endeavour
  • Scientific discoveries
  • Industrial designs
  • Trademarks, service marks, and commercial names and designations
  • Protection against unfair competition
  • And all other rights resulting from intellectual activity in the industrial, scientific, literary or artistic fields.

Conventions Establishing the World Intellectual Property Organization, Article 2 (viii)

Intellectual property rights (IPR) are like any other property rights. The owners of copyrighted works, trademarks or patents are granted certain exclusive rights by the country or territory in which that IPR is registered or held, such as the ability to decide who may use the patented invention. IPR also provides the owner with the ability to enforce their rights when their IP is infringed.

Under the IP policy, the University of Melbourne asserts ownership of IPR created by its staff and in some cases that created by students, with the exception of the copyright contained within a scholarly work, which is owned by the creator(s) of the work. There is an obligation on all staff and students to disclose to the University any IPR they create that may have commercial value.  While an application to secure IPR is in process you cannot disclose any information about the IP or the research around it until the IPR has been legally registered.

IP and research data

Ownership of intellectual property rights (IPR) in research projects can be complicated by a number of issues:

  • Collaboration with external parties (including research institutes and hospitals affiliated to the University)
  • Involvement of students, visitors and honorary fellows
  • Use of data, software and/or materials provided by external parties
  • The terms of funding agreements that govern the research project or collaboration
  • Ownership of earlier IP that may or may not belong to the collaborating parties

Research projects that require the most careful consideration of IPR are those funded by or with direct links to industry. The standard position of the University is that any IPR created by it when conducting collaborative research projects with industry, will be owned by the University. The industry partner will usually be granted an option to negotiate a fee-bearing licence to such IPR generated by the University in the collaboration project. In such circumstances it is important that all data and results (potential IPR) from the project are kept confidential and the industry partner consulted prior to any public disclosure of this IPR (e.g., posters, conference abstracts, public lectures, etc.). This may also impact on the options for data re-use and sharing with possible embargoes and restrictions on public release.

At the University, the Research Industry and Commercial Engagement team provides support in IP matters. Contacts for the IP & Licensing team can be found on the University's Solutions available for licensing page.

Additionally, research partners need to declare the ownership of all prior IP that they bring to a research project.

Copyright and research

Copyright is another form of intellectual property right (IPR) and covers literary works, films, music, sound recordings, artistic works and architectural design. Copyright owners have exclusive rights over their creative works. These rights include the rights to reproduce the work, film or record the work, publish the work, in print or electronically, communicate the work, on the web or via email, the right to perform the work, adapt the work, translate the work, broadcast or transmit the work. In Australia, copyright protection exists in the work as soon as it is created; therefore, unlike other forms of IP, such as patents, trademarks and designs, copyright does not require a formal application.

Copyright material in your thesis and data

You can include copyright material created by other people in your thesis under provisions for fair dealing for research or study. However, some conditions and limitations apply:

Fair dealing for research or study only applies for examination and assessment purposes;

If you intend to publish your thesis or make it available on open access, you will need to get permission from the copyright owner for any copyright material you have used.

You should also make sure that you acknowledge all copyright material in your thesis with a full bibliographic citation.

In terms of data management, you should keep records of all copyright material in your thesis and any permissions you have received, as well as any limitations or requirements around those permissions. Processes for managing your copyright material and permissions should be part of your data management plan.

The same rules apply if you plan to share your raw research data. There may be material subject to copyright in your research data. This is especially true for anyone working with textual sources such as policy documents, newspaper articles, even unpublished archival material. Audio and video recordings also hold copyright. The copyright in these resources rests in the creator or creators of the material. The University Copyright Office can provide further information.

Copyright infringement. It is important that you do not infringe on someone else's copyright as they can take legal action. You can also be subject to action from the University for plagiarism or copyright infringement. To avoid plagiarism and infringing copyright, make sure that you acknowledge any material that you use. .

The University’s Copyright Office provides an overview of copyright ownership and can provide advice to researchers about copyright issues. You can contact the Copyright Office for further advice.

Privacy and confidentiality of research data

Data collected during the course of research may be subject to confidentiality or privacy considerations. Reasons for this could include the following:

  • The data was collected from humans, who have a right to have their personal information treated with confidentiality and respect.
  • Funding agency agreements or contracts.
  • The data represents potentially patentable intellectual property (IP).
  • Other sensitivities, such as cultural or ecological sensitivities, or research that may cause public controversy for its methodology or subject matter.

These issues can affect the way in which your research data and data records can be stored, used, disseminated, and possibly re-used. You especially need to understand the importance of respecting human participants of research and your potential liability if human data are improperly disclosed. If you want to have the option to re-use data collected from humans you may need to include this in the consent form used to gain permission to do so. This would also need to be included in your ethics approval. Consult with your supervisor(s) and the Research Ethics team regarding this prospect.

The Privacy Act 1988 (Commonwealth), Privacy and Data Protection Act 2014 (Vic) and Health Records Act 2001 (Vic) require that University of Melbourne researchers handle personal information in accordance with the relevant privacy principles. These include limitations on the collection, use, and disclosure of data from human participants of research. The University’s Privacy Policy (MPF1104) provides clarity and a model for proactive privacy.

Briefly, you should ensure that you:

  • If possible, collect the necessary data without using personally identifying information.  If personally identifying information is required, de-identify your data upon collection, or as soon as possible thereafter, and store identification keys in a separate, secure location.

  • Sensitive research data is data that has the potential to cause significant harm if disclosed to or accessed by unauthorised parties, whether by accident (e.g., through mismanagement) or malice (e.g., through cybersecurity attacks).  It is important to identify that you may be working with sensitive data early on in your project and implement measures to safeguard your data including storing and managing it on appropriate research systems.

  • The University’s Research Data Classification Framework defines four sensitivity categories for data. They are negligible (least sensitive), limited, significant and severe (most sensitive).  Public data, de-identified data, personally identifiable data, culturally and ecologically sensitive data are just some of the different types of data defined within the framework.  
    Using the Classification tool, you can categorise your data into one of four levels helping you to make more informed decisions on how you are going to store, curate, share, publish and retain your data.

  • If your research involves the collection of personal information, you must take steps to minimise the risk of disclosing this information. The private and confidential issues associated with your data will affect the way in which data is to be stored and used throughout your project. As such these issues should be taken into account when dealing with documentation, storage and sharing and preservation in your data management plan.
    If personal information is inappropriately disclosed, you can be held personally liable for this if you had not taken reasonable steps to protect the information in line with legislation.

  • It is essential to obtain consent before collecting participant data for your research project.  Equally as important, is ensuring participants clearly understand what data you're collecting and how it will be used.  The Research Ethics and Integrity team can provide advice for human ethics related to confidentiality and participant consent.
    Once you have collected your data it is also important that you understand the legal requirements for how the data can be accessed, obtained and reused and what approvals or consent is required.  Visit the University's Privacy Office website for more information or to submit an enquiry.

You can use your data management plan to describe any such concerns surrounding your data, and how these concerns will be managed to prevent unwanted disclosure or irresponsible secondary use of this data. This information will also be used in ethics approval applications. It is also important to consider how confidentiality will be managed should the data be made available for re-use in the future, e.g. de-identification and anonymisation procedures. Again, remember that you may need to seek permission from participants to enable this to occur.

Other sensitivities

As well as the consideration of personal and sensitive information related to human participants, your data may be sensitive for other reasons.

Some funding agencies or agreements with commercial enterprises will prohibit the sharing of data and information, especially if there is potentially patentable intellectual property (IP).

If you are using data that is supplied by a research collaborator or third-party entity you will usually be asked to sign or agree to a data use agreement or similar. You should seek advice and consider the implications of signing such an agreement and how it might impact the conduct and dissemination of your research.  In terms of reproducibility, you should ensure that you document the source and version of the data you are using.

Some data, by its nature, is sensitive. For example, some ecological data may reveal the exact location of endangered species and put that species at risk from illegal collectors. In this case you should look at ways of obfuscating the location or use a lower degree of accuracy for these records. Another sensitivity can be architectural or engineering drawings or plans that could potentially reveal schematics for terrorist attacks. Likewise, data that could be used as the basis of weapons (biological, computer viruses, etc) should also be properly managed.

Ethical review and approval of research projects

Research involving humans or animals requires ethical approval, which must be obtained prior to the start of the project. The approval process can often directly benefit your project by helping you to refine your methodology. Failing to get appropriate approval, or acting outside given approvals, constitutes a regulatory breach and can make you personally liable.

The University of Melbourne's Human Research Ethics and Safeguards Policy (MPF1385), Biorisk Management Policy (MPF1384) and Research Integrity and Misconduct Policy (MPF1318) provide staff and students with information about conducting responsible and ethical research.  The Office of Research Ethics and Integrity (OREI) provides guidance and advice about the types of project approvals required at the University.

Some of the common types are summarised here:

Human research is regulated by the NHMRC through the National Statement on Ethical Conduct in Human Research. University of Melbourne staff and students who intend to conduct human research must apply for approval from the appropriate responsible ethics review body before research can commence. ‘Human research’ is broadly defined to include research conducted with or about people, or their data or tissue.

Animal Research is regulated by the NHMRC through the Australian Code for the Care and Use of Animals for Scientific Purposes. Animal ethics approval is required for research involving any live vertebrate, any live adult decapod crustacean (e.g., lobster, crayfish), or any live adult cephalopod (e.g., squid, cuttlefish). In some cases, protections apply to fetal animals. Killing, performing scientific procedures, handling, affecting the habitat of, or otherwise interacting with an animal always requires animal ethics approval. Even observational studies may require animal ethics approval.

The data you generate during your research may be subject to regulation for different reasons, you should also be aware of other approvals that your work may require, including:

Biosafety for work involving hazardous biological agents and materials

Gene technology  for work involving genetically modified organisms

Biosecurity for work requiring the import and safe handling of biological materials sourced outside Australia

Export controls for work involving the intangible export of technology with potential military or defence applications

Foreign interest and interference for projects involving collaborations with entities outside Australia

Clinical research investigating health outcomes of assigned interventions may involve clinical trials and trial sponsorship.

Rights of Indigenous peoples over Indigenous Knowledge

In 2023 the Indigenous Knowledge Institute at the University of Melbourne created the Charter for Research with Indigenous Knowledge Holders to recognise the rights of Indigenous Knowledge holders.

Principle 2 of the charter recognises article 31.1 of the United Nations' Declaration on the Rights of Indigenous Peoples and states that:

Indigenous peoples have the right to maintain, control, protect and develop their cultural heritage, traditional knowledge and traditional cultural expressions, as well as the manifestations of their sciences, technologies and cultures, including human and genetic resources, seeds, medicines, knowledge of the properties of fauna and flora, oral traditions, literatures, designs, sports and traditional games and visual and performing arts (UN, 2007).

The complex and inclusive nature of Indigenous knowledge systems is imperfectly reflected in Australian intellectual property law. Despite this lack of legal recognition, the rights of Indigenous peoples over their knowledge and cultural heritage must be recognised and respected. Indigenous knowledge must be protected in accordance with Indigenous peoples' perspectives and cultural values.

The Australian Institute of Aboriginal and Torres Strait Islander Studies (AIATSIS) have published the AIATSIS Code of Ethics for Aboriginal and Torres Strait Islander Research.  This code provides a framework of ethical principles that can serve as a guide, not only for research, but also for the management of data.  The National Statement (human ethics) provides further guidance on conducting research with or about Aboriginal and Torres Strait Islander Peoples and their communities.