Chapter 3: Data Collection and Storage

Module 11: Ethical Data Storage and Privacy

Would you feel comfortable engaging in a research project if you knew your data would have no security protocols to keep it private? No!

This module details the importance of ethical data storage and privacy, legal compliance, secure data management, and participants’ rights to their data.

Learning Objectives

  • Learn about and apply understanding of data privacy and storage in research

🧐 Consider This!

Who should have control over research data, participants, researchers, or institutions? Why?

Case Study

Quinn’s research on negative healthcare experiences involves collecting sensitive survey data. While working at a cafĂ©, she connects to what she believes is the café’s Wi-Fi and begins sorting through participant responses. Later, she learns the network was a malicious hotspot used to steal data from unsuspecting users. Unsure of the extent of the breach, Quinn must decide what steps to take next.

The Importance of Privacy

Protecting participant data is a central pillar of ethical obligation in research. Privacy breaches can undermine trust and compromise the integrity of findings. Ethical data storage makes sure that sensitive information is handled securely, reducing risks of unauthorized access, misuse, or loss.

In working with structurally and systemically marginalized groups, privacy and data leaks are even more devastating. Consider the following commentary:

For historically marginalized groups, the right to privacy is a matter of survival. Privacy violations have put these groups at risk of ostracization, discrimination, or even active physical danger.  (Lai & Tanner, 2022)

This remains true today. Marginalized groups experience disproportionate levels of harm when their privacy is violated. This makes ensuring data security and privacy on all fronts is clearly defined and maintained at a high level.

For example, for individuals living in countries with highly monitored digital ecosystems may avoid participating in research to avoid penalization or persecution. How do you think this can change how you would do your digital research?

Researchers must implement clear protocols for data storage, ensuring confidentiality from collection to long-term retention. Consider that what is considered sufficiently de-identified or private for a participant may vary. As such, consulting with members of historically marginalized groups to determine comfortability, data sharing agreements, data security, and privacy will inform best practices for your work.

Finally, be sure to learn the legal obligations of your jurisdiction, as well as participant rights in data control as you plan your research. In Canada, TCPS 2 (2022) is a useful resource to source, however make sure that you also consider the data management plan of your institution.

For more information around the TCPS 2 data laws, feel free to review the following policy and guidance from the Tri-Council.

Best Practices For Data Management

So how can you make sure that your research maintains these standards? Go through the following points.

Can you identify when there might be added concern when it comes to digital research? 

Limit Personal Information Collected
  • Only collect the minimum necessary details (ex. use initials instead of full names, age instead of date of birth).
  • Anonymize or de-identify data as soon as possible
Use Secure and Long-Lasting File Formats
  • Store data in simple, widely accessible formats like .CSV or .TXT rather than brand name ones (ex. Microsoft Office).
  • Keep a codebook or readme file to explain the data structure for future use.
Backup Data Safely – Follow the 3-2-1 Rule
  • Keep 3 copies of your data.
  • Store them on 2 different types of storage media.
  • Keep 1 copy off-site using a secure provider.
Protect Data with Secure Storage & Encryption
  • Use secure servers and access them only through encrypted remote connections (ex. VPNs).
  • Avoid storing confidential data on personal devices like desktops or laptops
  • Keep any data stored outside a secure server encrypted at all times unless actively in use.
Restrict Access & Maintain Data Logs
  • Set clear rules on who can access research data.
  • Consider non-disclosure agreements (NDAs) for anyone handling confidential data
  • Keep an updated log of how personally identifiable or sensitive data is used and protected.
Ensure Data Privacy & Report Security Issues
  • Only store and share personally identifiable data as approved by ethics board and organization  policies.
  • Immediately report any security concerns (ex. data loss) to the organization (ex. university)
Proper Data Retention & Disposal
  • Retain records only as long as legally or ethically required
  • Securely destroy personally identifiable or confidential information once it’s no longer needed
Avoid Storing Sensitive Data on Networked Devices
  • Do not keep sensitive personal data on internet-connected servers or computers, especially those exposed to external networks.

License

Accessible Digital Research: Strategies For Overcoming the Digital Divide in Online Survey Research Copyright © by Eunice Tunggal and Christina Vassell. All Rights Reserved.

Share This Book

Feedback/Errata

Comments are closed.