Data Confidentiality Procedure

Data Confidentiality Procedure

Data Confidentiality

The effectiveness of any research hinges on the willingness of individuals to participate in the research process actively. Often, individuals agree to take part in research activities and projects with the understanding that their input will be safeguarded and not traced back to them personally. Therefore, safeguarding the anonymity of research participants is of paramount importance. One method to uphold this anonymity is by evaluating the disclosure risk associated with each study, which gauges the likelihood that data from a study could be traced back to an individual or organisation, potentially revealing sensitive information that would otherwise remain undisclosed or uncertain. Concerns surrounding disclosure risk have escalated with the proliferation of online datasets and the ease of data linkage. CDAMAA diligently endeavours to maintain the appropriate level of confidentiality across all its data repositories.

Our Approach to Confidentiality

CDAMAA can only accept data with identifying information under conditions that are in sync with the consent provided by the participants and the relevant Institutional Review Board (IRB) approval. Collaborating closely with data depositors, CDAMAA staff dynamically manage disclosure risks. Upon submission of the data, rigorous protocols are applied by staff to safeguard the privacy of individuals and institutions whose personal data may be contained within the archived dataset. Measures undertaken by CDAMAA staff to ensure data confidentiality include:

  1. Conducting comprehensive evaluations of all datasets to evaluate the potential for disclosure risk and where necessary, data must be modified to lower disclosure risk.
  2. Restricting access to datasets if changing the data would significantly reduce their usefulness or where there is still a considerable danger of disclosure.
  3. The training of Staff and working together with data producers in techniques of disclosure risk assessment and mitigation.

Disclosure Risk

CDAMAA evaluates the disclosure risk of each dataset. CDAMAA provides training to data curators on how to implement protocols to safeguard respondent privacy in all of the data that the organisation collects, maintains, and disseminates. For example, CDAMAA checks each study for identifiers present in the data.

Identifiers

Two main identifiers could expose the identity of respondents in a number of social science-related research works. These identifiers could be direct or indirect. The direct identifiers could be variables in the data that could explicitly expose the identity of individuals, households or other units that responded to questionnaires used in the data collection. Examples of such direct identifiers could include:

  1. Names
  2. Address
  3. Phone numbers as well as
  4. Other identity card numbers that can be linked to the respondents

Indirect identifiers include variables that are by themselves not identifiers but can be used together with other key variables or information to identify the respondents. Examples of indirect identifiers include:

  1. Detailed geographic information
  2. Organisation to which the respondent works
  3. Detailed occupational titles
  4. Position held by the respondent
  5. The suburb of the organisation can be found. Etc.

To help reduce the identification of respondents, CDAMAA uses methods of re-coding data sets. However, CDAMAA may release a restricted-use dataset, or both public and restricted-use datasets, if altering address IDs to generate a public-use dataset will significantly lower the data's analytical usefulness. Access to restricted-use datasets is subject to specified restrictions and preserves sensitive, personally identifiable information.

Confidentiality, Informed Consent, and Data Sharing

Getting informed permission is the first step towards good research conduct, which includes protecting respondent confidentiality. The practice of communicating with a researcher to provide them the freedom to choose whether or not to participate in a study is known as informed consent. Human project participants must provide their consent and be fully informed about the nature of the study. A statement outlining the procedures for maintaining the confidentiality of subject records must be included in the informed consent. Informed permission must, however, be drafted so as not to excessively restrict an investigator's freedom to share data with the research community.

IRBs

Different strategies are used by Institutional Review Boards (IRBs) for secondary review of research datasets, such as those made available on the ICPSR website. Plans for secondary data analysis must undergo IRB review, according to some universities. For studies utilising secondary data, some universities offer IRB exemption if the data were obtained from preapproved sources like CDAMAA. To solve these problems, other institutions are putting in place distinctive policies. 
More about Institutional Review Board

Access to Restricted Data Sets

CDAMAA may recommend changing the data or disseminating it with further restrictions, depending on the findings of the disclosure risk evaluation. There are situations in which altering data to maintain anonymity won't materially impair its value as research material. In certain situations, data access is limited to enforce additional confidentiality measures.