User research

Save and store user research data

Keep your promises to participants

On consent forms used in Defence, we promise user research participants that we will:

  • store any notes, transcripts and videos securely
  • only share quotes and video clips with their consent
  • protect their personal information
  • delete user research data after 2 years

Participants have a legal right to check what information public bodies hold on them. They can also withdraw their consent to be part of the user research at any time.

Read more about collecting data from participants.

How to save user research data in Defence

When you do user research in Defence, you need to follow a standard way of saving data. This is so that we can:

  • protect participants’ information
  • keep track of what needs to be deleted when
  • answer any Freedom of Information (FOI) requests

When you leave a project, you are responsible for making sure your team can access the user research data.

What you need to do

As soon as possible after collecting user research data, you need to:

  1. Download all of the relevant files, including notes, videos and transcripts.
  2. Save files in a secure folder that only the necessary people in your team can access.
  3. Remove any personal or sensitive data.
  4. Follow the format for naming user research files in Defence.
  5. Delete all files from your local devices.

Naming user research files in Defence

It is important that all user research data is saved in the same way.

Start with the date

The date should be in digits, starting with the year: YYYYMMDD. For example: 20220824.

Do not include:

  • spaces or punctuation like hyphens or slashes
  • any fields, like the date, that update automatically

Add the project and participant number

Add the name of your project. For example: 20220824 Defence Service Manual.

If it is participant data, add the participant number. For example: 20220824 Defence Service Manual P04.

Manage handwritten notes carefully

When you do research at some Defence sites, you may only be allowed to use a pen and paper. You might also make handwritten notes as part of any user research session.

If you make handwritten notes, you need to:

  1. Convert them to digital files as soon as possible.
  2. Delete any images of them taken on a phone or other devices.
  3. Destroy your notes in a secure way.

If it is not possible to convert handwritten notes immediately, keep them with you and out of sight.

You may need to add a security classification. There is no need to label OFFICIAL information. If you are working at SECRET or TOP SECRET, check how to classify and label information.

Anonymise user research data

Only ask participants for personal or sensitive information if it is relevant to your research. For example, you probably do not need to know someone’s sexual orientation when doing usability testing.

When you collect personal information, like name and contact details, it needs to be kept separately from other user research data.

To make sure individuals cannot be identified, you need to:

  1. Create a master document with their details and participant number

    This must be password protected. Only share it with people in your team who need it. If you leave a project, make sure someone on the team knows the password.
  2. Remove personal information from all other documents

    This includes notes, reports, presentations and transcripts. If you have consent from the participant and want to share a video clip, check that it does not include personal information.
  3. Use participant numbers not names

    Before saving user research files other than the master file, replace participant names with the participant numbers. For example, P04.

Check how to protect sensitive data.

Delete user research data

To meet the General Data Protection Regulation (GDPR), you must delete all user research data when you no longer need it or after 2 years.

User research data includes:

  • videos and transcripts
  • consent forms
  • anything with personally identifiable data
Do not delete anonymised user research reports or findings.

What you need to do

When you collect user research data, make it clear when it has to be deleted.

You need to:

  1. Save user research data with the date it was collected. Check how to name user research files in Defence.
  2. In your master document, add a deletion date. This must be no longer than 2 years after you collected the data.
  3. Regularly check your master document and delete data.

If you leave a project

Before you leave a project, tell people in your team:

  • that they need to delete user research data
  • how to access the master document and the user research data

When a project ends

Consider deleting all of the user research data or contact your user research community for advice.

Updated December 2022