As stated in the MHRA GCP Guide, a formal system should be in place that complies with the Data Protection Act 1998 to ensure access to the confidential information is restricted and that the subjects of the clinical trial are aware that a sponsor or third party may have access to their data (as mentioned in the earlier MHRA post). Therefore, the process used to transfer the information following a subject’s consent should be considered and risk assessed to ensure that only the intended recipient receives the fax/email containing identifiable data.