Confidentiality, anonymity and ownership in research

I’ve been to two very good workshops recently at the University of Leeds, both on research ethics. These workshops are always informative, and they end with a session where you discuss a few thorny case studies with people sat at your table.

At the most recent one, my group got immersed in a debate about whether and how a researcher should disclose knowledge gained about someone who knows they are HIV positive and who is having unprotected sex with someone they name who is not aware of their HIV status. Very difficult. Its best to think about these things in advance, before the research gets started! (See for instance this KSPope website, scrolling down to the heading ‘Is there a legal duty to protect or warn third parties’)

Dr Alice Temple at the University of Leeds research ethics workshop.

Dr Alice Temple at the University of Leeds research ethics workshop.

Here are some of the main points that were made by the University of Leeds Research Ethics Training and Development Officer Alice Temple at the July workshop on ‘Ownership, Confidentiality and Secrecy‘:

Anonymity: means ensuring the people who take part in research cannot be identified.

Confidentiality: relates to who has right of access to data provided by participants, and is guided by data protection legislation.

Confidentiality is enshrined in many codes, such as the Hippocratic Oath and ESRC Framework for Research Ethics (we have used this framework extensively at Bradford College in developing our policy and procedures).

Be clear about the boundaries: At the outset, you should explain to potential research participants when and why you might disclose, and that you will discuss this with them. In exceptional circumstances you may need to breach without prior discussion.

You need to be clear about this in advance (the HIV example I gave at the outset is an instance where this was not thought through) and know what your procedures will be if a breach seems necessary.

Where boundaries are set out: in the consent form. And possibly in the research contract. Informal promises must be honoured. Sometimes there is an implied requirement to be confidential – newspapers are often in a very grey area here, arguing that information a celebrity sees as private should be in the public domain. In court, you need a very strong case to claim that publication is in the public interest.

When you breach confidentiality: this is necessary where there is significant risk of harm. In rare cases there may also be a ‘public interest’ justification.

Sometimes researchers become aware of inadequate performance or malpractice at public or other organisations – the decision then is whether to go public or not. A middle road may be advising the organisation of the findings and giving them six months in which to go public. If they do not publish the information in that time, the research body releases the findings.

Get guidance and support on confidentiality disclosures: it may be necessary to have legal advice if you think you have to breach confidentiality. Sometimes it may be that sensitivie information disclosed to you in research is already in the public domain – check this is the case before you disclose the information yourself, as there are different understandings of where ‘public domain’ begins and ends.

‘Off the record’ information: if something is given to you off the record you cannot include it in the research.

Checking for approval: You may send transcripts and research text back to interviewees for checking – there is no obligation on this, but it can be good practice.

The requirements of sponsors: this is an area where tensions can arise. A sponsor may reserve the right to edit, annotate or withhold publication. The role of Univresity is to put things in the public domain. There is also a distinction between ‘research’ and ‘consultancy’ that can become blurred, and may compromise the independent, objective and public requirements of research. It is necessary to consider secrecy clauses carefully, and get all involved (including the researchers) to declare any conflicts of interest.

Ownership: any research conducted as part of an employee’s work for a university, or by staff or students using university facilities and resources, belongs to the university. With regard to inventions and commercialisation of research products, there may be agreements whereby a percentage of the profit goes to the individual(s) involved.

Where a sponsor commissions or pays a university to carry out research, the issue of ownership may require definition in the initial contract. It is here that secrecy clauses may be proposed, and these must be handled with caution.

The Data Protection Act:
This underpins most research practice relating to confidentiality. In summary, the Act has the following implications for research:

  1. Personal data will be processed fairly and lawfully: for research this means a really good consent form is usually key, with researcher name and contact details, purpose, and who has access to raw data.
  2. Personal data can only be used for one or more specified and lawful purposes. Research data is apparently exempt from this, but where possible participants should be informed if their data is going to be used in a different research project.
  3. The personal data gathered should be adequate, relevant and not excessive to the purpose of the research
  4. The data must be accurate and kept up to date. Keeping data up to date can be challenging: one option is to ask all participants to contact you if details change.
  5. Data should not be kept longer than necessary (5-7 years is seen as reasonable).
  6. Data should be processed in accordance with the rights of data subjects.
  7. Researchers must implement measures to protect data from loss, damage, destruction, hacking etc. Encryption is important. Many mobile devices are not secure, but it is hard to avoid using them, at least short term. Data should be encrypted and stored securely.
  8. The final point relates to sharing data outside the European Economic Area

Text and photos by Ruth Wilson.

Contact Ruth for a copy of the College’s model consent form and other research ethics guidance: r.wilson2 at Bradford College.

Research ethics and internet research

At Bradford College, staff and students are using the internet in various ways to develop dissertations and research projects. There are lots of possibilities: online interviews and focus groups; questionnaires; observing or participating in forums; using information from blogs, Twitter, Facebook, and more.

Involving humans in research on or through the internet raises complex ethical issues, so I went to a workshop at the University of Leeds to find out more.

The workshop: Is one of a series on research ethics, held by the University of Leeds. (You can read about an earlier workshop I attended, about involving humans in research, here on the blog).

Dr Alice Temple, University of Leeds

Dr Alice Temple, University of Leeds

The workshop was led by Dr Alice Temple, who works with the University Research Ethics Committee, other University Ethics Working Groups, the Inter-disciplinary Ethics Applied Centre for Excellence in Teaching and Learning and the UK Universities Research Ethics Committees Group, concerned with national issues of the ethical review process in Universities.

Recent situations: During the talk, Alice mentioned real instances to show how ethics can play out with regard to the internet. Here’s an example:

  • participants in a sexual abuse survivors online forum found their words had been used for research. Their response was that this was a form of violation, and their online support community no long felt like a safe place.

Sitting on park bench? Alice explained that one academic asks people to visualise that they are sitting on a park bench (a public space) chatting to friends. If you then found you were being recorded for research purposes, how would you feel? (Waskul, 1996)

The workshop explored these and other issues raised by internet research. A summary is set out below. For the best set of guidelines, Alice recommended a report from the Association of Internet Researchers (AoIR) titled ‘Ethical Decision-Making and Internet Research’.

Privacy and confidentiality
The internet presents greater risks to individual privacy than many other forms of communication. Many people aren’t aware that IPS addresses can be traced back to them. You may think you are participating anonymously in a discussion, but in all likelihood you can be identified. And people don’t realise how public or permanent information is, or how easily it can be picked up by search engines.

This means that a researcher must be clear about anonymity, including the instances when anonymity might not be respected (for instance if a participant discloses something illegal).

The internet offers researchers the possibility of eavesdropping – of observing behaviours and attitudes, of taking part in conversations without disclosing that you are doing research. Nearly all these approaches are likely to be unethical.

What is public and what is private?
This is no easy matter, but it is vital that researchers assess how ‘public’ an online environment is before they make it part of their research. Most blogs, and some forums, are in the public domain, easily accessible. Other groups you have to register to join and it is clear that a greater degree of privacy is expected. However, people who comment in more open online environments can be unaware of how easy it is to find what they are saying, and that it is a permanent record, so they may have shared information openly that was meant to be private.

Other factors to take into consideration when defining the degree of confidentiality that might apply include the sensitivity of the information that is shared or discussed. There is a considerable difference between a group that meets to talk about sports fixtures and a group that is reflecting on sexual abuse.

The vulnerability of participants is also a concern, and the profile of the people involved – people who are high profile have an expectation that their words will attract attention and that their privacy will not be respected. The potential harm that the research process or publication could cause is another consideration.

Participants as subjects and participants as authors
This has been put forward as a useful way of determining the degree to which privacy should be respected. Where participants are subjects, they are taking part in discussions without seeing their communication as something they intend for wider publication. Where people author material, for instance on a website or blog, they are deliberately placing information in the public domain for others to read.

Informed consent
The guidance on best practice from AoIR deems that consent is essential if using private or semiprivate sources, such as email groups and closed chat rooms. With regard to open access forums (newsgroups, bulletin boards) consent is not always a necessity – the more open the place, the less onus for consent.

How to get informed consent: If you are using material on a blog, you can contact the author and ask their permission. But on a chat forum it can be much harder because people come and go.

One option is to post comments on the forum several times, explaining your research and their role in it. You can do this before and during the research. Seeking retrospective consent is more problematic, because the people may be harder to contact.

Even on a public site, such as a newspaper with comment forums, you should try to gain consent if you intend to quote participants. If you use aggregated data from an open forum, without quoting participants, this lessens the need to get consent.

Options include contacting the owner of a forum and requesting their consent, and/or arranging for people to tick a box to indicate they consent to taking part. With online surveys and questionnaires, if a clear introduction is given to the participant, their consent is implied once they choose to take part.

The credibility of the researcher is important to securing consent. You should have a link to somewhere online that explains who you are, the research you are doing, and how to contact you. You also need to consider whether you are confident that people taking part in the research are who they say they are, including whether children might be taking part in appropriately.

Acknowledgement
It is standard research practice to acknowledge sources. Copyright law can apply, requiring acknowledgement. This is to be balanced with providing confidentiality and anonymity where appropriate – this requires the stripping out of demographic data and names. Sometimes it is impossible to ensure confidentiality, and in these cases the ethics issues should be considered very carefully before research goes ahead.

Digital divides
The ethical issue here is whether your sample is representative or inclusive if you use only online sources: many people do not or cannot access the internet. In addition, it becomes harder to be ethically sensitive online, where so many different cultures can be present. Language is another factor – in international or transnational research, it is possible that many or the majority of participants will not have English as a first language.

Data security
There are a number of risks: emails can go to unintended recipients, messages in a chat room can be copied, and in general security can be breached in a number of ways.

Feedback procedures
Good practice in ethics requires the researcher to feedback to those involved in the research. This is also important to building a long-term positive research environment – poorly conducted research can alienate participants and make them reluctant to be part of future studies.

The law
Key areas of law are libel, harassment and intellectual property. These vary from one country to another. EU legislation has been increased recently: it is necessary to have tobtain explicit, freely given, specific and informed consent from individuals in order to be able to lawfully process their personal data under EU data protection laws.

What is legal falls short of what is ethical here,” Alice explained, “because there isn’t sufficient legislation to deal with all situations.”

Using the internet in research: University of Leeds workshop, May 2013

Using the internet in research: University of Leeds workshop, May 2013

At Bradford College, all research is submitted to ethics review. Student research up to masters level is reviewed by staff within the relevant Department. Individual research proposals that cause concern are then referred to the College Research Ethics Committee. All research conducted by staff and outside researchers is reviewed by the Committee. Contact me (Ruth Wilson) for further information.