Managing data

Effective data management makes sure that user research is secure, ethical, reusable, and aligned with our organisational governance standards. Proper handling of research data protects participants, supports transparency, and enables teams to build on existing insights rather than duplicating work.

We structure our data management across two core repositories:

  • Data Library (SharePoint) – for raw research data
  • Insight Library (SharePoint) – for synthesised findings and outputs
    Understanding the differences of these libraries is important in maintaining compliance.

Data Library

The data library is the secure repository for raw research data. It’s a controlled environment designed for compliance with:

  • data protection legislation
  • NHSBSA information governance requirements
  • agreed retention schedules

It contains materials that may include personal data or identifiable information so must be handled carefully and stored appropriately.

The data library includes:

  • session recordings (audio and video)
  • transcripts (where applicable)
  • discussion guides
  • consent forms
  • participant information sheets
  • participant logs
  • screener questionnaires
  • survey raw data exports
  • field notes (pre-anonymisation where necessary)

Handling raw data

There are several standards that you must meet when handling raw data from user research.

  • Define your research objectives to confirm what data you need to collect and why.
  • Always get informed consent from participants before starting a recording and only collect data that is proportionate and necessary.
  • Do not store raw data on personal drives or local desktops.
  • Delete temporary downloads of recordings immediately after use.
  • Upload session recordings promptly to the data library after sessions.
  • Complete folder naming conventions and metadata accurately to improve findability and provide context to the research.

Metadata fields include the:

  • name of researcher
  • research session unique ID
  • consent declaration
  • date of research
  • research method
  • incentive declaration

Insight Library

The insight library contains processed, synthesised, and anonymised outputs from research activities. This is where insight becomes reusable organisational knowledge.

The insight library supports:

  • evidence-based decision making
  • GDS audit readiness
  • avoiding duplication of research
  • cross-service learning
  • knowledge continuity when researchers move roles

The insight library includes:

  • research playbacks and reports
  • executive summaries
  • thematic analysis outputs
  • user personas
  • user journey maps
  • user needs logs
  • survey findings (anonymised)
  • recommendations and evidence decks

Unlike the data library, this space is designed for wider visibility across teams.

Anonymisation standards

Anonymisation protects participants and makes sure insight can be safely shared.

Before uploading to the insight library:

  • remove names and personal identifiers
  • remove specific locations if they’re identifiable
  • replace identifiable references with neutral descriptors (for example, “Participant 1’’)
  • avoid including verbatim quotes that could identify someone in small cohorts
  • make sure screenshots do not display personal information

Access and permissions

As a user researcher, it’s your responsibility to check permissions before sharing links externally.

To comply with data protection legislation, the NHSBSA restricts access to the data library to only user researchers, the research operations (ReOps) team and project leads. In certain circumstances, ReOps can grant access to other members of the project team.

The insight library is more widely accessible to relevant BSA staff but should not contain raw identifiable data. If you want to restrict access to a particular folder, you can limit the access using ‘manage access settings’.

Avoid duplication of research

Good data management is about storage and using existing knowledge effectively. Before initiating new research:

  • review the insights library for relevant findings
  • contact previous researchers in the service area
  • check with customer insight (CI) colleagues for historic data
  • confirm with the product owner that evidence gaps exist

Retention and deletion

We have retention schedules in place to manage data.

  • All data on Microsoft Teams is deleted every 30 days, so you should download and upload session recordings and playbacks immediately.
  • Data is retained in the data library for 12 months after upload before it’s deleted.

Improve the playbook

If you spot anything factually incorrect with this page or have ideas for improvement, please share your suggestions.

Before you start, you will need a GitHub account. Github is an open forum where we collect feedback.