Chapter5. Privacy and Confidentiality

Question 1

What is Privacy?

Answer 1

Privacy refers to an individual’s right to be free from intrusion or interference by others.

It is a fundamental right in a free and democratic society.

Individuals have privacy interests in relation to their bodies, personal information, expressed thoughts and opinions, personal communications with others, and spaces they occupy.

Question 2

the ethical duty of confidentiality

Answer 2

The ethical duty of confidentiality refers to the obligation of an individual or organization to safeguard entrusted information.

The ethical duty of confidentiality includes obligations to protect information from unauthorized access, use, disclosure, modification, loss or theft.

Question 3

Researchers must maintain confidentiality of personal information, subject to any legal and ethical duties to disclose confidential information by:

Answer 3

Using code numbers to identify the results will protect anonymity;

Ensuring that the subject’s name will not appear on any documentation;

Keeping all interview results and questionnaires in a locked cabinet to ensure data confidential;

Identifying all personnel who have access to raw data or identifying information;

Describing how to handle documentation once the study is complete (e.g. destroyed, archived) and in what time frame (e.g. immediately, after five years);

Describing what will happen to the data collected to date if a participant withdraws midstream;

Providing statements to participants being audio-taped, video-taped or photographed to reflect the following:
Permission has been sought to dispose of the tapes, and the stipulated time frame for disposal;

Respondents have had the opportunity to decline taping and only participate in the questionnaire;

Permission has been granted to use recordings, transcriptions of recordings or photographs in a public exhibition.

Question 4

SECURITY

Answer 4

Security refers to measures used to protect information.

An individual or organization fulfills its confidentiality duties, by adopting appropriate security measures

Question 5

Physical safeguards

Answer 5

use of locked filing cabinets

location of computers containing research data away from public areas.

Question 6

Administrative safeguards

Answer 6

development and enforcement of organizational rules about who has access to personal information about participants.

Question 7

Technical safeguards

Answer 7

use of computer passwords, firewalls, anti-virus software

encryption and other measures that protect data from unauthorized access, loss or modification

Question 8

IDENTIFIABLE INFORMATION

Answer 8

Where researchers seek to access different information about participants, they are expected to determine whether the information may identify an individual.

Question 9

TYPES OF INFORMATION

Answer 9

Directly identifying information – identifies an individual directly (e.g., name, social insurance number, personal health number).

Indirectly identifying information – identify an individual through a combination of indirect identifiers (e.g., date of birth, place of residence or unique personal characteristic).

Coded information – direct identifiers are removed from the information and replaced with a code. Depending on access to the code, it may be possible to re-identify specific participants (e.g., the principal investigator retains a list that links the participants’ code names with their actual names so data can be re-linked if necessary).

Anonymized information – the information is irrevocably stripped of direct identifiers, a code is not kept to allow future re-linkage, and the risk of re-identification of individuals is low or very low.

Anonymous information – the information never had identifiers associated with it (e.g.,anonymous surveys) and risk of identification of individuals is low or very low.

Question 10

Ethical Duty of Confidentiality

Answer 10

Researchers shall safeguard information entrusted to them and not misuse or wrongfully disclose it. Institutions shall support their researchers in maintaining promises of confidentiality.

Researchers shall describe measures for meeting confidentiality obligations and explain any disclosure requirements:
in application materials, they submit to the REB;
during the consent process with prospective participants.

Question 11

Safeguarding Application

Researchers shall provide details to the REB regarding their proposed measures for safeguarding information, for the full life cycle of information: its collection, use, dissemination, retention and/or disposal
Application?

Answer 11

the type of information to be collected;
the purpose for which the information will be used, and the purpose of any secondary use of identifiable information;
limits on the use, disclosure and retention of the information;
risks to participants should the security of the data be breached, including risks of re-identification of individuals;
appropriate security safeguards for the full life cycle of information;
any recording of observations (e.g., photographs, videos, sound recordings) in the research that may allow identification of particular participants;
any anticipated uses of personal information from the research; and
any anticipated linkage of data gathered in the research with other data about participants, whether those data are contained in public or personal records

Question 12

SAFEGUARDING INFORMATION
Institutions or organizations where research data are held have a responsibility to establish appropriate institutional security safeguards.
Application

Answer 12

These data security safeguards should include adequate physical, administrative and technical measures and should address the full life cycle of information.
This includes institutional safeguards for information while it is currently in use by researchers and any long-term retention.

Question 13

Consent and Secondary Use of Information

Answer 13

Secondary use refers to the use in research of information originally collected for a purpose other than the current research purpose. (e.g. statistical data)

Reasons to conduct secondary analyses of data include:
avoidance of duplication in primary collection and the associated reduction of burdens on participants

corroboration or criticism of the conclusions of the original project.

comparison of change in a research sample over time

application of new tests of hypotheses that were not available at the time of original data collection

confirmation that the data are authentic

Question 14

Secondary data type

Answer 14

Internal sources
Open access sources
Published sources
Syndicated sources

Question 15

Researchers who dont have consent from participants for secondary use of identifiable information shall only use it for these purposes if they have satisfied the REB that:

Answer 15

identifiable information is essential to the research;
the use of identifiable information without the participants’ consent is unlikely to adversely affect the welfare of individuals to whom the information relates;
They will take appropriate measures to protect the privacy of individuals and to safeguard the identifiable information;
the researchers will comply with any known preferences previously expressed by individuals about any use of their information;
it is impossible or impracticable to seek consent from individuals; and
They have obtained any other necessary permission for secondary use of information for research purposes.

Question 16

If a researcher satisfies all the conditions in Article 5.5A(a) to (f),

Answer 16

the REB may approve the research without requiring consent from the individuals to whom the information relates.

Question 17

For research that relies exclusively on the secondary use of non-identifiable information,

Answer 17

Researchers shall seek REB review, but are not required to seek participant consent

Question 18

When secondary use of identifiable information without the requirement to seek consent has been approved underArticle 5.5A, researchers who propose to contact individuals for additional information or for reasons related to the welfare of the participant,

Answer 18

prior to contact, seek REB approval of the plan for making contact.

Question 19

Data linkage

Answer 19

Researchers who propose data linkage shall obtain REB approval prior to carrying out the data linkage. The application for approval shall describe the data and the likelihood that identifiable information will be created.

Where data linkage involves or is likely to produce identifiable information, researchers shall satisfy the REB that:
the data linkage is essential to the research; and
appropriate security measures will be implemented to safeguard information.

Question 20

REVIEW: CONFIDENTIALITY Vs ANONYMITY

Answer 20

Confidentiality and anonymity are ethical practices designed to protect the privacy of human subjects while collecting, analyzing, and reporting data.

Confidentiality
Only the investigator(s) or individuals of the research team can identify the responses of individual subjects
Refers to separating or modifying any personal, identifying information provided by participants from the data.
Maintained in qualitative studies

Anonymity
Means either the project does not collect identifying information of individual subjects (e.g., name, Email address, etc.), or the project cannot link individual responses with participants’ identities
Refers to collecting data without obtaining any personal or identifying information.
Is the procedure followed in quantitative studies

Question 21

ESOMAR ARTICLE 6 - Recording and observation techniques

Answer 21

Respondents shall be informed before observation techniques or recording equipment are used for research purposes, except where these are openly used in a public place and no personal data are collected.

If respondents so wish, the record or relevant section of it shall be destroyed or deleted.

In the absence of explicit consent respondents’ personal identity shall be protected.