I’ve been to two very good workshops recently at the University of Leeds, both on research ethics. These workshops are always informative, and they end with a session where you discuss a few thorny case studies with people sat at your table.
At the most recent one, my group got immersed in a debate about whether and how a researcher should disclose knowledge gained about someone who knows they are HIV positive and who is having unprotected sex with someone they name who is not aware of their HIV status. Very difficult. Its best to think about these things in advance, before the research gets started! (See for instance this KSPope website, scrolling down to the heading ‘Is there a legal duty to protect or warn third parties’)
Here are some of the main points that were made by the University of Leeds Research Ethics Training and Development Officer Alice Temple at the July workshop on ‘Ownership, Confidentiality and Secrecy‘:
Anonymity: means ensuring the people who take part in research cannot be identified.
Confidentiality: relates to who has right of access to data provided by participants, and is guided by data protection legislation.
Confidentiality is enshrined in many codes, such as the Hippocratic Oath and ESRC Framework for Research Ethics (we have used this framework extensively at Bradford College in developing our policy and procedures).
Be clear about the boundaries: At the outset, you should explain to potential research participants when and why you might disclose, and that you will discuss this with them. In exceptional circumstances you may need to breach without prior discussion.
You need to be clear about this in advance (the HIV example I gave at the outset is an instance where this was not thought through) and know what your procedures will be if a breach seems necessary.
Where boundaries are set out: in the consent form. And possibly in the research contract. Informal promises must be honoured. Sometimes there is an implied requirement to be confidential – newspapers are often in a very grey area here, arguing that information a celebrity sees as private should be in the public domain. In court, you need a very strong case to claim that publication is in the public interest.
When you breach confidentiality: this is necessary where there is significant risk of harm. In rare cases there may also be a ‘public interest’ justification.
Sometimes researchers become aware of inadequate performance or malpractice at public or other organisations – the decision then is whether to go public or not. A middle road may be advising the organisation of the findings and giving them six months in which to go public. If they do not publish the information in that time, the research body releases the findings.
Get guidance and support on confidentiality disclosures: it may be necessary to have legal advice if you think you have to breach confidentiality. Sometimes it may be that sensitivie information disclosed to you in research is already in the public domain – check this is the case before you disclose the information yourself, as there are different understandings of where ‘public domain’ begins and ends.
‘Off the record’ information: if something is given to you off the record you cannot include it in the research.
Checking for approval: You may send transcripts and research text back to interviewees for checking – there is no obligation on this, but it can be good practice.
The requirements of sponsors: this is an area where tensions can arise. A sponsor may reserve the right to edit, annotate or withhold publication. The role of Univresity is to put things in the public domain. There is also a distinction between ‘research’ and ‘consultancy’ that can become blurred, and may compromise the independent, objective and public requirements of research. It is necessary to consider secrecy clauses carefully, and get all involved (including the researchers) to declare any conflicts of interest.
Ownership: any research conducted as part of an employee’s work for a university, or by staff or students using university facilities and resources, belongs to the university. With regard to inventions and commercialisation of research products, there may be agreements whereby a percentage of the profit goes to the individual(s) involved.
Where a sponsor commissions or pays a university to carry out research, the issue of ownership may require definition in the initial contract. It is here that secrecy clauses may be proposed, and these must be handled with caution.
The Data Protection Act:
This underpins most research practice relating to confidentiality. In summary, the Act has the following implications for research:
- Personal data will be processed fairly and lawfully: for research this means a really good consent form is usually key, with researcher name and contact details, purpose, and who has access to raw data.
- Personal data can only be used for one or more specified and lawful purposes. Research data is apparently exempt from this, but where possible participants should be informed if their data is going to be used in a different research project.
- The personal data gathered should be adequate, relevant and not excessive to the purpose of the research
- The data must be accurate and kept up to date. Keeping data up to date can be challenging: one option is to ask all participants to contact you if details change.
- Data should not be kept longer than necessary (5-7 years is seen as reasonable).
- Data should be processed in accordance with the rights of data subjects.
- Researchers must implement measures to protect data from loss, damage, destruction, hacking etc. Encryption is important. Many mobile devices are not secure, but it is hard to avoid using them, at least short term. Data should be encrypted and stored securely.
- The final point relates to sharing data outside the European Economic Area
Text and photos by Ruth Wilson.
Contact Ruth for a copy of the College’s model consent form and other research ethics guidance: r.wilson2 at Bradford College.