Your research design means you are collecting data using an online survey instrument. You have ethical clearance to collect data from your participant population anonymously. You then embed a question in the survey asking the participants to provide their email address if they would like a summary of the results of the research; as per your ethical obligation.
Later....
When looking at the raw data from your instrument, you see a row of the responses provided by the participant... next to their email address.
Now tell me how this is anonymous... and show your working!
Why is this a problem?
1) You know the population that was invited to participate.2) You know some or all of the email addresses of those participants. By elimination you may be able to guess more identities. With additional demographic information you can further refine your guesses.
3) You now need to store and secure the data from your instrument at a much higher level of security.
4) You are now required to store ALL this data for seven years in such a way that it can be reivewed by third parties (who you do not know) at any time in the future.
5) This data exists on multiple computer systems already.
6) This data may leak in a number of obvious and in-obvious ways.
7) You are ledgislated to handle and secure this data as of 12/3/2014.
8) It's really hard to be sure that data is actually deleted. Sooner or later, a search engine will find it.
How is this ethical research? How are you in compliance with the NHMRC guidelines? How are you in compliance with the Australian Privacy Legislation? How are you in compliance with the University Policies?
The government has passed some updates to the privacy laws and now they have real and specific applicability to this data.
Penalties for non-compliance
You are individually liable for penalties if you do not comply (up to $220,000 for individuals, $1.7 Million for organisations... I.e your employer, the University) See the Privacy Legislation below.What is Personal Information?
Personal information has the meaning as set out in s 6 of the Privacy Act:information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.Sensitive information is a subset of personal information. The Privacy Act defines sensitive information as:
- information or an opinion about an individual’s:
- racial or ethnic origin; or
- political opinions; or
- membership of a political association; or
- religious beliefs or affiliations; or
- philosophical beliefs; or
- membership of a professional or trade association; or
- membership of a trade union; or
- sexual preferences or practices; or
- criminal record;
- health information about an individual; or
- genetic information about an individual that is not otherwise health information.
What are your obligations once you collect Personal Information in a research data set?
- Securely storing the data (Copying, publishing, data requests, integrity investigations)
- Securely destroy the data
- Authentication of access to the data
- Manditory reporting of data breaches
- Transfer of control of the data
- Hosting the data on foreign servers
- Implications of the Freedom of Information Act
Academic Email is subject to the Freedom of Information Act under Australian Law. This means that if your data set has been emailed (say between the student and their supervisor) then it could be leaked via that mechanims.
What can Students and Supervisors do?
Avoid this whole mess by not collecting personally identifying information (Email Addresses specifically) as part of the data set. Design around this potential risk.Do not sample very small, specific, known populations.
Beware when the Ethics review hands back a requirement for this kind of mechanism in your study. Be prepared to push back with some alternate design strategies to avoid this problem.
Be aware of the legislation and the implications of compliance.
Design research to seperate identity and data, if the participants are known. Do not embed their identities in the data set or research materials (which must then be stored and shared)
Alternate Design Strategies
Case 1 - Ethical Requirement for optional feedback of research results to research participants.
The recomended (by me) strategy is to provide the particiants with a contact email address (researcher or supervisor) from whom they can request a copy of the results of the research.This strategy avoids the issue of collecting and holding a list of email addresses with their associated cost and the risk of violating the anonymity of the participants.
Case 2 - Repeated measures design requiring followup contact with participants.
Request participants to contact the researcher and be added to a pool prior to the data collection starting. Then the researcher can broadcast to this list an anonymous link to the data collection instrument at each measure time.This provides a dis-connect between the participants activity and their identity. Unless the researcher has a very small pool or makes other attempts to link the particiant and their data... there is no way to identify who has provided which data record.
This then allows the list of email addresses to be stored seperatly and destroyed securely independ of the data set that results from the research.
Further Reading
10 Steps to Protect Other Peoples Personal Informationhttp://www.oaic.gov.au/privacy/privacy-resources/privacy-fact-sheets/other/privacy-fact-sheet-7-ten-steps-to-protect-other-people-s-personal-information
How to de-identify data
http://www.oaic.gov.au/privacy/privacy-resources/privacy-business-resources/privacy-business-resource-4-de-identification-of-data-and-information
The 17 Australian Privacy Principles (APPs)
General information on Information security
http://www.oaic.gov.au/privacy/privacy-resources/privacy-guides/guide-to-information-security
