NOTE: This procedure is consistent with the Tri-Council Policy Statement TCPS2: Chapter 5 Privacy and Confidentiality.
Privacy, confidentiality and security must be considered when conducting research.
1. Identifiable Information
This includes information that may reasonably be expected to identify an individual, alone or in combination with other available information, is considered identifiable information.
2. Types of Information
Researchers may seek to collect, use, share and access different types of information about participants. Such information may include personal characteristics or other information about which an individual has a reasonable expectation of privacy (e.g., age, ethnicity, educational background, employment history, health history, life experience, religion, social status). The Research Ethics Board (REB) will take this into consideration during the review of proposals. Specifically the REB will screen for:
a. Directly identifying information – the information identifies a specific individual through direct identifiers (e.g., name, social insurance number, personal health number);
b. Indirectly identifying information – the information can reasonably be expected to identify an individual through a combination of indirect identifiers (e.g., date of birth, place of residence or unique personal characteristic);
c. Coded information – direct identifiers are removed from the information and replaced with a code. Depending on access to the code, it may be possible to re-identify specific participants (e.g., the principal investigator retains a list that links the participants’ code names with their actual name so data can be re-linked if necessary);
d. Anonymized information – the information is irrevocably stripped of direct identifiers, a code is not kept to allow future re-linkage, and risk of re-identification of individuals from remaining indirect identifiers is low or very low;
e. Anonymous information – the information never had identifiers associated with it (e.g., anonymous surveys) and risk of identification of individuals is low or very low.
Researchers must maintain confidentiality of personal information about research participants, subject to any legal and ethical duties to disclose confidential information by:
a. Using code numbers to identify the results obtained from individual participants will protect anonymity;
b. Ensuring that the subject’s name will not appear on any documentation;
c. Keeping all interview results and questionnaires in a locked cabinet to ensure that all data collected remains confidential;
d. Identifying all personnel who will have access to raw data or other identifying information;
e. Developing protocols describing how all forms of records or documentation will be handled once study is complete (e.g. destroyed, archived) and in what time frame (e.g. immediately, after five years);
f. Describing what will happen to the data collected to date if a participant withdraws midstream;
g. Providing statements to participants being audio-taped, video-taped or photographed to reflect the following:
- Permission has been sought to dispose of the tapes, and the stipulated time frame for disposal;
- Respondents have had the opportunity to decline taping and only participate in the questionnaire; and
- Permission has been granted to use recordings, transcriptions of recordings or photographs in a public exhibition.
Researchers must describe measures for meeting confidentiality obligations and explain any limits on confidentiality:
a. In application materials they submit to the Research Ethics Board (REB); and
b. During informed consent discussions with potential research participants.
Researchers should assess privacy risks and threats to the security of information for all stages of the research life cycle and implement appropriate measures to protect information. Researchers must provide details to the REB regarding their proposed measures for safeguarding information, for the full life cycle of information - that is, its collection, use, dissemination, retention and disposal.
The REB will consider the above factors in its assessment of the adequacy of the researchers’ proposed measures for safeguarding information.
REB requires that researchers clearly articulate how research data will be stored and any related required security safeguards.
4. Secondary Use of Data
Researchers must seek REB approval for secondary research use of personal information. Researchers must satisfy the REB that:
a. Identifying or identifiable information is essential to the research;
b. They will take appropriate measures to protect the privacy of the individuals, to ensure the confidentiality of the data, and to minimize harms to participants;
c. Individuals to whom the data refer did not object in principle to secondary use at the initial stage of collection or otherwise make known their objection; and
d. They have obtained any other necessary (e.g., legal) permission to access personal information for secondary research purposes.
In highly sensitive situations, such as when personal information will be published or other instances where there is a substantial privacy risk, the REB will require that a researcher’s access to personal information for secondary use be dependent on the informed consent of individuals about whom the information relates or the informed consent of authorized third parties, unless it is impossible or impracticable to obtain consent. If the REB is satisfied that it is impossible or impracticable to obtain consent, it may require that access to personal information be dependent on:
a. An appropriate strategy for communicating to relevant groups that personal information is intended to be used for a specified research purpose; or
b. Consultation with representatives of individuals or groups about whom the information relates.
Researchers must report outcomes of communication or consultation under (a) or (b) to the REB at their earliest convenience.
Researchers who wish to contact individuals regarding personal information must obtain REB approval prior to contact.
Researchers who wish to engage in data linkage that may lead to identification of individuals must obtain REB approval prior to carrying out the data linkage. If the data linkage is deemed acceptable, the data must either be destroyed or stored securely after use.