Data Handling Principles

When collecting data, HCIS aims to:

• Limit collection to what is necessary to answer the research question
• Avoid collecting identifiers unless required for the study design
• Clearly distinguish between anonymous, pseudonymous, and directly identifiable data

Examples include survey responses, interaction logs, or sensor data recorded during driving simulations.

Research data is stored using secure, access-controlled systems. Typical measures are:

• Use of THI-managed infrastructure or approved external systems
• Role-based access control for project members
• Encryption in transit and, where appropriate, at rest

Access is granted only to team members who need the data to work on the project.

Whenever possible, data is:

• Pseudonymized (replacing direct identifiers with codes)
• De-identified before analysis, especially for sharing within larger teams

The key that links pseudonyms to real identities is stored separately and with additional protection, if it needs to exist at all.

Retention periods depend on:

• The requirements of the research project
• Legal or contractual obligations (e.g., funding conditions)
• Reusability for follow-up studies where participants have consented

After the retention period, data is securely deleted or anonymized in such a way that re-identification is no longer reasonably possible.

Data may be shared in anonymized or aggregated form:

• Within the HCIS lab or the broader THI research community
• With external collaborators under appropriate agreements
• Publicly, as open data, if the consent and risk assessment permit it

Any data sharing complies with data protection law and the promises made to participants in the consent documents.