Researchers naturally require safeguards on the use of their study data and wish to ensure that it will be stored securely and used appropriately. For this reason, a signed confidentiality agreement is often used as a ‘contract’ between the original investigators and the IPD review team. The details of such agreements will vary, but most will state that data will be held securely, be accessed only by authorized members of the project team and will not be copied or distributed elsewhere. It is also good practice to request that individual participants are de-identified in supplied data, such that individuals are identified only by a study identifier code and not by name. This seems to be an increasing requirement for obtaining IPD from some countries where data protection legislation requires that a participant cannot be identified from the data supplied. Data sent by email should be encrypted wherever possible.