{"id":111,"date":"2025-03-10T16:33:35","date_gmt":"2025-03-10T20:33:35","guid":{"rendered":"https:\/\/pressbooks.library.torontomu.ca\/accessibledigitalsurveyresearch\/?post_type=chapter&#038;p=111"},"modified":"2025-04-08T03:06:47","modified_gmt":"2025-04-08T07:06:47","slug":"module-8-ethical-data-storage-and-privacy","status":"publish","type":"chapter","link":"https:\/\/pressbooks.library.torontomu.ca\/accessibledigitalsurveyresearch\/chapter\/module-8-ethical-data-storage-and-privacy\/","title":{"raw":"Module 11: Ethical Data Storage and Privacy","rendered":"Module 11: Ethical Data Storage and Privacy"},"content":{"raw":"Would you feel comfortable engaging in a research project if you knew your data would have no security protocols to keep it private? <em><strong>No! <\/strong><\/em>\r\n\r\nThis module details the importance of ethical data storage and privacy, legal compliance, secure data management, and participants\u2019 rights to their data.\r\n<div class=\"textbox textbox--learning-objectives\"><header class=\"textbox__header\">\r\n<p class=\"textbox__title\">Learning Objectives<\/p>\r\n\r\n<\/header>\r\n<div class=\"textbox__content\">\r\n<ul>\r\n \t<li>Learn about and apply understanding of data privacy and storage in research<\/li>\r\n<\/ul>\r\n<\/div>\r\n<\/div>\r\n<div class=\"textbox textbox--sidebar shaded\">\r\n\r\n<strong>\ud83e\uddd0 Consider This!<\/strong>\r\n\r\nWho should have control over research data, participants, researchers, or institutions? Why?\r\n\r\n<\/div>\r\n<h2 style=\"text-align: center\"><span style=\"text-decoration: underline\">Case Study<\/span><\/h2>\r\n<em>Quinn\u2019s research on negative healthcare experiences involves collecting sensitive survey data. While working at a caf\u00e9, she connects to what she believes is the caf\u00e9\u2019s Wi-Fi and begins sorting through participant responses. Later, she learns the network was a malicious hotspot used to steal data from unsuspecting users. Unsure of the extent of the breach, Quinn must decide what steps to take next.<\/em>\r\n\r\n<hr \/>\r\n\r\n<h3>The Importance of Privacy<\/h3>\r\nProtecting participant data is a central pillar of ethical obligation in research. Privacy breaches can undermine trust and compromise the integrity of findings. Ethical data storage makes sure that sensitive information is handled securely, reducing risks of unauthorized access, misuse, or loss.\r\n\r\nIn working with structurally and systemically marginalized groups, privacy and data leaks are even more devastating. <strong>Consider the following commentary:<\/strong>\r\n<blockquote><em>For historically marginalized groups, the right to privacy is a matter of survival. Privacy violations have put these groups at risk of ostracization, discrimination, or even active physical danger.\u00a0 <\/em>(Lai &amp; Tanner, 2022)<\/blockquote>\r\nThis remains true today. Marginalized groups experience disproportionate levels of harm when their privacy is violated. This makes ensuring data security and privacy on all fronts is clearly defined and maintained at a high level.\r\n<div class=\"textbox textbox--examples\">\r\n<div class=\"textbox__content\">\r\n\r\nFor example, for individuals living in countries with highly monitored digital ecosystems may avoid participating in research to avoid penalization or persecution. <strong>How do you think this can change how you would do your digital research?<\/strong>\r\n\r\n<\/div>\r\n<\/div>\r\nResearchers must implement clear protocols for data storage, ensuring confidentiality from collection to long-term retention. Consider that what is considered sufficiently de-identified or private for a participant may vary. As such, consulting with members of historically marginalized groups to determine comfortability, data sharing agreements, data security, and privacy will inform best practices for your work.\r\n\r\nFinally, be sure to learn the legal obligations of your jurisdiction, as well as participant rights in data control as you plan your research. In Canada, TCPS 2 (2022) is a useful resource to source, however make sure that you also consider the data management plan of your institution.\r\n\r\nFor more information around the TCPS 2 data laws, feel free to review the following <a href=\"https:\/\/ethics.gc.ca\/eng\/policy-politique_tcps2-eptc2_2022.html\">policy<\/a> and <a href=\"https:\/\/ethics.gc.ca\/eng\/guidance-lignes_directrices.html\">guidance<\/a> from the Tri-Council.\r\n<h3>Best Practices For Data Management<\/h3>\r\nSo how can you make sure that your research maintains these standards? Go through the following points.\r\n<div class=\"textbox textbox--examples\">\r\n<div class=\"textbox__content\">\r\n\r\n<strong>Can you identify when there might be added concern when it comes to digital research?\u00a0<\/strong>\r\n\r\n<\/div>\r\n<\/div>\r\n<div align=\"left\">\r\n<table class=\"grid\" style=\"height: 733px\">\r\n<tbody>\r\n<tr style=\"height: 76px\">\r\n<td class=\"shaded\" style=\"width: 188px;height: 76px\"><strong>Limit Personal Information Collected<\/strong><\/td>\r\n<td style=\"width: 510px;height: 76px\">\r\n<ul>\r\n \t<li>Only collect the minimum necessary details (ex. use initials instead of full names, age instead of date of birth).<\/li>\r\n \t<li>Anonymize or de-identify data as soon as possible<\/li>\r\n<\/ul>\r\n<\/td>\r\n<\/tr>\r\n<tr style=\"height: 92px\">\r\n<td class=\"shaded\" style=\"width: 188px;height: 92px\"><strong>Use Secure and Long-Lasting File Formats<\/strong><\/td>\r\n<td style=\"width: 510px;height: 92px\">\r\n<ul>\r\n \t<li>Store data in simple, widely accessible formats like .CSV or .TXT rather than brand name ones (ex. Microsoft Office).<\/li>\r\n \t<li>Keep a codebook or readme file to explain the data structure for future use.<\/li>\r\n<\/ul>\r\n<\/td>\r\n<\/tr>\r\n<tr style=\"height: 90px\">\r\n<td class=\"shaded\" style=\"width: 188px;height: 90px\"><strong>Backup Data Safely \u2013 Follow the 3-2-1 Rule<\/strong><\/td>\r\n<td style=\"width: 510px;height: 90px\">\r\n<ul>\r\n \t<li>Keep 3 copies of your data.<\/li>\r\n \t<li>Store them on 2 different types of storage media.<\/li>\r\n \t<li>Keep 1 copy off-site using a secure provider.<\/li>\r\n<\/ul>\r\n<\/td>\r\n<\/tr>\r\n<tr style=\"height: 138px\">\r\n<td class=\"shaded\" style=\"width: 188px;height: 138px\"><strong>Protect Data with Secure Storage &amp; Encryption<\/strong><\/td>\r\n<td style=\"width: 510px;height: 138px\">\r\n<ul>\r\n \t<li>Use secure servers and access them only through encrypted remote connections (ex. VPNs).<\/li>\r\n \t<li>Avoid storing confidential data on personal devices like desktops or laptops<\/li>\r\n \t<li>Keep any data stored outside a secure server encrypted at all times unless actively in use.<\/li>\r\n<\/ul>\r\n<\/td>\r\n<\/tr>\r\n<tr style=\"height: 108px\">\r\n<td class=\"shaded\" style=\"width: 188px;height: 108px\"><strong>Restrict Access &amp; Maintain Data Logs<\/strong><\/td>\r\n<td style=\"width: 510px;height: 108px\">\r\n<ul>\r\n \t<li>Set clear rules on who can access research data.<\/li>\r\n \t<li>Consider non-disclosure agreements (NDAs) for anyone handling confidential data<\/li>\r\n \t<li>Keep an updated log of how personally identifiable or sensitive data is used and protected.<\/li>\r\n<\/ul>\r\n<\/td>\r\n<\/tr>\r\n<tr style=\"height: 92px\">\r\n<td class=\"shaded\" style=\"width: 188px;height: 92px\"><strong>Ensure Data Privacy &amp; Report Security Issues<\/strong><\/td>\r\n<td style=\"width: 510px;height: 92px\">\r\n<ul>\r\n \t<li>Only store and share personally identifiable data as approved by ethics board and organization\u00a0 policies.<\/li>\r\n \t<li>Immediately report any security concerns (ex. data loss) to the organization (ex. university)<\/li>\r\n<\/ul>\r\n<\/td>\r\n<\/tr>\r\n<tr style=\"height: 76px\">\r\n<td class=\"shaded\" style=\"width: 188px;height: 76px\"><strong>Proper Data Retention &amp; Disposal<\/strong><\/td>\r\n<td style=\"width: 510px;height: 76px\">\r\n<ul>\r\n \t<li>Retain records only as long as legally or ethically required<\/li>\r\n \t<li>Securely destroy personally identifiable or confidential information once it\u2019s no longer needed<\/li>\r\n<\/ul>\r\n<\/td>\r\n<\/tr>\r\n<tr style=\"height: 61px\">\r\n<td class=\"shaded\" style=\"width: 188px;height: 61px\"><strong>Avoid Storing Sensitive Data on Networked Devices<\/strong><\/td>\r\n<td style=\"width: 510px;height: 61px\">\r\n<ul>\r\n \t<li>Do not keep sensitive personal data on internet-connected servers or computers, especially those exposed to external networks.<\/li>\r\n<\/ul>\r\n<\/td>\r\n<\/tr>\r\n<\/tbody>\r\n<\/table>\r\n<\/div>","rendered":"<p>Would you feel comfortable engaging in a research project if you knew your data would have no security protocols to keep it private? <em><strong>No! <\/strong><\/em><\/p>\n<p>This module details the importance of ethical data storage and privacy, legal compliance, secure data management, and participants\u2019 rights to their data.<\/p>\n<div class=\"textbox textbox--learning-objectives\">\n<header class=\"textbox__header\">\n<p class=\"textbox__title\">Learning Objectives<\/p>\n<\/header>\n<div class=\"textbox__content\">\n<ul>\n<li>Learn about and apply understanding of data privacy and storage in research<\/li>\n<\/ul>\n<\/div>\n<\/div>\n<div class=\"textbox textbox--sidebar shaded\">\n<p><strong>\ud83e\uddd0 Consider This!<\/strong><\/p>\n<p>Who should have control over research data, participants, researchers, or institutions? Why?<\/p>\n<\/div>\n<h2 style=\"text-align: center\"><span style=\"text-decoration: underline\">Case Study<\/span><\/h2>\n<p><em>Quinn\u2019s research on negative healthcare experiences involves collecting sensitive survey data. While working at a caf\u00e9, she connects to what she believes is the caf\u00e9\u2019s Wi-Fi and begins sorting through participant responses. Later, she learns the network was a malicious hotspot used to steal data from unsuspecting users. Unsure of the extent of the breach, Quinn must decide what steps to take next.<\/em><\/p>\n<hr \/>\n<h3>The Importance of Privacy<\/h3>\n<p>Protecting participant data is a central pillar of ethical obligation in research. Privacy breaches can undermine trust and compromise the integrity of findings. Ethical data storage makes sure that sensitive information is handled securely, reducing risks of unauthorized access, misuse, or loss.<\/p>\n<p>In working with structurally and systemically marginalized groups, privacy and data leaks are even more devastating. <strong>Consider the following commentary:<\/strong><\/p>\n<blockquote><p><em>For historically marginalized groups, the right to privacy is a matter of survival. Privacy violations have put these groups at risk of ostracization, discrimination, or even active physical danger.\u00a0 <\/em>(Lai &amp; Tanner, 2022)<\/p><\/blockquote>\n<p>This remains true today. Marginalized groups experience disproportionate levels of harm when their privacy is violated. This makes ensuring data security and privacy on all fronts is clearly defined and maintained at a high level.<\/p>\n<div class=\"textbox textbox--examples\">\n<div class=\"textbox__content\">\n<p>For example, for individuals living in countries with highly monitored digital ecosystems may avoid participating in research to avoid penalization or persecution. <strong>How do you think this can change how you would do your digital research?<\/strong><\/p>\n<\/div>\n<\/div>\n<p>Researchers must implement clear protocols for data storage, ensuring confidentiality from collection to long-term retention. Consider that what is considered sufficiently de-identified or private for a participant may vary. As such, consulting with members of historically marginalized groups to determine comfortability, data sharing agreements, data security, and privacy will inform best practices for your work.<\/p>\n<p>Finally, be sure to learn the legal obligations of your jurisdiction, as well as participant rights in data control as you plan your research. In Canada, TCPS 2 (2022) is a useful resource to source, however make sure that you also consider the data management plan of your institution.<\/p>\n<p>For more information around the TCPS 2 data laws, feel free to review the following <a href=\"https:\/\/ethics.gc.ca\/eng\/policy-politique_tcps2-eptc2_2022.html\">policy<\/a> and <a href=\"https:\/\/ethics.gc.ca\/eng\/guidance-lignes_directrices.html\">guidance<\/a> from the Tri-Council.<\/p>\n<h3>Best Practices For Data Management<\/h3>\n<p>So how can you make sure that your research maintains these standards? Go through the following points.<\/p>\n<div class=\"textbox textbox--examples\">\n<div class=\"textbox__content\">\n<p><strong>Can you identify when there might be added concern when it comes to digital research?\u00a0<\/strong><\/p>\n<\/div>\n<\/div>\n<div style=\"text-align: left;\">\n<table class=\"grid\" style=\"height: 733px\">\n<tbody>\n<tr style=\"height: 76px\">\n<td class=\"shaded\" style=\"width: 188px;height: 76px\"><strong>Limit Personal Information Collected<\/strong><\/td>\n<td style=\"width: 510px;height: 76px\">\n<ul>\n<li>Only collect the minimum necessary details (ex. use initials instead of full names, age instead of date of birth).<\/li>\n<li>Anonymize or de-identify data as soon as possible<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr style=\"height: 92px\">\n<td class=\"shaded\" style=\"width: 188px;height: 92px\"><strong>Use Secure and Long-Lasting File Formats<\/strong><\/td>\n<td style=\"width: 510px;height: 92px\">\n<ul>\n<li>Store data in simple, widely accessible formats like .CSV or .TXT rather than brand name ones (ex. Microsoft Office).<\/li>\n<li>Keep a codebook or readme file to explain the data structure for future use.<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr style=\"height: 90px\">\n<td class=\"shaded\" style=\"width: 188px;height: 90px\"><strong>Backup Data Safely \u2013 Follow the 3-2-1 Rule<\/strong><\/td>\n<td style=\"width: 510px;height: 90px\">\n<ul>\n<li>Keep 3 copies of your data.<\/li>\n<li>Store them on 2 different types of storage media.<\/li>\n<li>Keep 1 copy off-site using a secure provider.<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr style=\"height: 138px\">\n<td class=\"shaded\" style=\"width: 188px;height: 138px\"><strong>Protect Data with Secure Storage &amp; Encryption<\/strong><\/td>\n<td style=\"width: 510px;height: 138px\">\n<ul>\n<li>Use secure servers and access them only through encrypted remote connections (ex. VPNs).<\/li>\n<li>Avoid storing confidential data on personal devices like desktops or laptops<\/li>\n<li>Keep any data stored outside a secure server encrypted at all times unless actively in use.<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr style=\"height: 108px\">\n<td class=\"shaded\" style=\"width: 188px;height: 108px\"><strong>Restrict Access &amp; Maintain Data Logs<\/strong><\/td>\n<td style=\"width: 510px;height: 108px\">\n<ul>\n<li>Set clear rules on who can access research data.<\/li>\n<li>Consider non-disclosure agreements (NDAs) for anyone handling confidential data<\/li>\n<li>Keep an updated log of how personally identifiable or sensitive data is used and protected.<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr style=\"height: 92px\">\n<td class=\"shaded\" style=\"width: 188px;height: 92px\"><strong>Ensure Data Privacy &amp; Report Security Issues<\/strong><\/td>\n<td style=\"width: 510px;height: 92px\">\n<ul>\n<li>Only store and share personally identifiable data as approved by ethics board and organization\u00a0 policies.<\/li>\n<li>Immediately report any security concerns (ex. data loss) to the organization (ex. university)<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr style=\"height: 76px\">\n<td class=\"shaded\" style=\"width: 188px;height: 76px\"><strong>Proper Data Retention &amp; Disposal<\/strong><\/td>\n<td style=\"width: 510px;height: 76px\">\n<ul>\n<li>Retain records only as long as legally or ethically required<\/li>\n<li>Securely destroy personally identifiable or confidential information once it\u2019s no longer needed<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr style=\"height: 61px\">\n<td class=\"shaded\" style=\"width: 188px;height: 61px\"><strong>Avoid Storing Sensitive Data on Networked Devices<\/strong><\/td>\n<td style=\"width: 510px;height: 61px\">\n<ul>\n<li>Do not keep sensitive personal data on internet-connected servers or computers, especially those exposed to external networks.<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n","protected":false},"author":554,"menu_order":6,"comment_status":"closed","ping_status":"closed","template":"","meta":{"pb_show_title":"on","pb_short_title":"","pb_subtitle":"","pb_authors":[],"pb_section_license":""},"chapter-type":[],"contributor":[],"license":[],"class_list":["post-111","chapter","type-chapter","status-publish","hentry"],"part":84,"_links":{"self":[{"href":"https:\/\/pressbooks.library.torontomu.ca\/accessibledigitalsurveyresearch\/wp-json\/pressbooks\/v2\/chapters\/111","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pressbooks.library.torontomu.ca\/accessibledigitalsurveyresearch\/wp-json\/pressbooks\/v2\/chapters"}],"about":[{"href":"https:\/\/pressbooks.library.torontomu.ca\/accessibledigitalsurveyresearch\/wp-json\/wp\/v2\/types\/chapter"}],"author":[{"embeddable":true,"href":"https:\/\/pressbooks.library.torontomu.ca\/accessibledigitalsurveyresearch\/wp-json\/wp\/v2\/users\/554"}],"replies":[{"embeddable":true,"href":"https:\/\/pressbooks.library.torontomu.ca\/accessibledigitalsurveyresearch\/wp-json\/wp\/v2\/comments?post=111"}],"version-history":[{"count":9,"href":"https:\/\/pressbooks.library.torontomu.ca\/accessibledigitalsurveyresearch\/wp-json\/pressbooks\/v2\/chapters\/111\/revisions"}],"predecessor-version":[{"id":586,"href":"https:\/\/pressbooks.library.torontomu.ca\/accessibledigitalsurveyresearch\/wp-json\/pressbooks\/v2\/chapters\/111\/revisions\/586"}],"part":[{"href":"https:\/\/pressbooks.library.torontomu.ca\/accessibledigitalsurveyresearch\/wp-json\/pressbooks\/v2\/parts\/84"}],"metadata":[{"href":"https:\/\/pressbooks.library.torontomu.ca\/accessibledigitalsurveyresearch\/wp-json\/pressbooks\/v2\/chapters\/111\/metadata\/"}],"wp:attachment":[{"href":"https:\/\/pressbooks.library.torontomu.ca\/accessibledigitalsurveyresearch\/wp-json\/wp\/v2\/media?parent=111"}],"wp:term":[{"taxonomy":"chapter-type","embeddable":true,"href":"https:\/\/pressbooks.library.torontomu.ca\/accessibledigitalsurveyresearch\/wp-json\/pressbooks\/v2\/chapter-type?post=111"},{"taxonomy":"contributor","embeddable":true,"href":"https:\/\/pressbooks.library.torontomu.ca\/accessibledigitalsurveyresearch\/wp-json\/wp\/v2\/contributor?post=111"},{"taxonomy":"license","embeddable":true,"href":"https:\/\/pressbooks.library.torontomu.ca\/accessibledigitalsurveyresearch\/wp-json\/wp\/v2\/license?post=111"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}