With the rise of global action around data privacy and protection laws, researchers need to think about how participant privacy is maintained before, during, and after a research study. While the data collected is valuable to researchers, it is even more important to the participants in a research study. It is our responsibility to make sure we do not violate research- ethics principles and we respect participant involvement every step of the way. Show
Why Protecting Participant Data Is ImportantAs data collection and dependence on the Internet have risen, so have data breaches and cyber threats. Research participants are more vulnerable than ever as researchers conduct remote usability tests, use third party applications, or store and share data online. In 2021, according to Politico, nearly 50 million people in the U.S. faced a health-data breach. Data breaches pose huge privacy and security concerns for consumers and cost the health-care industry billions of dollars. To avoid such data losses and privacy infringements, regardless of industry, we need to develop privacy and security practices that seamlessly fit into the user-research process. Key TermsData-privacy terminology isn’t always the easiest to understand. Before discussing best practices for data privacy and protection, we need to define a few terms.
6 Best Practices for Protecting Participant Data in User ResearchWhile data-protection efforts should be considered carefully for each study, below you will find a list of foundational best practices to follow before, during, and after a study. Before Data Collection Begins1. Establish a data-management process. When it comes to data, you want to be proactive. Create guidelines about how data should be collected, stored, protected, and shared with others. Then make sure you communicate these to all the members of a team. A designated editor can update the guidelines as laws or company policies change. Guidelines should include information about:
2. Develop a data-collection plan for preserving participants’ confidentiality. Before collecting your data, understand the laws and regulations that require data to be confidential. Laws are dependent on where you live, but a good place to start is European Union’s General Data Protection Regulation (GDPR), which is considered the strictest privacy and security law in the world. While laws and regulations are complex, they exist to minimize the risk of data breaches and cyber threats. Researchers need to follow the law and use it as a guiding framework when developing a data-collection plan. Your data-collection plan should include what data will be collected, how it will be used, and who it will potentially be shared with. Developing a data-collection plan around confidentiality requires researchers to ask themselves the following questions:
3. Informed Consent Informed consent creates a two-way street between the researcher and the participant before the start of data collection. Researchers inform participants about what their involvement in the study entails, what data will be collected, and how it will be used. Then, participants are given the opportunity to make an informed decision about their involvement based on the information that is provided. This communication is typically presented as a consent form, which should include the following:
During and After Data Collection4. Maintain participant anonymity. Anonymity should be preserved while taking notes, while cleaning data and preparing it for storage, or while disseminating results. Qualitative researchers need to pay close attention to how they present participants’ personal details. While they may not be using names and other key identifiers, personal information can still be deduced based on individual or group traits represented in the data. With that in mind, research teams should follow these best practices:
5. Share files in a secure way with only those people who need them. In general, researchers should control who has access to data and when they have access to it. Access should only be given to people who actually need it. Researchers should not collect and share data on cloud-storage services like Google Drive, Dropbox, and One Drive. The challenging part about cloud storage is that you don’t have complete control over data. For example, if cloud services are down or hacked, you don’t have the control to fix the issue. While using cloud services makes it easy to share information, researchers do not have complete control over data stored in the cloud and further expose research participants to data breaches and cyber threats. Instead, researchers should consider using an external drive to storing encrypted data and find more-secure ways to share data (e.g., using secure file-transfer services like Hightail). 6. Delete data that is no longer needed. It can be tempting to hold on to data but one of the best ways to protect data is to delete it once you are done with it. This practice reduces data-breach risks. There will also be instances where your client or participant wants data permanently removed. To make this as easy as possible, researchers should have:
Applying Best PracticesApplying privacy and security best practices shouldn’t involve extra work. Rather, it should fit seamlessly into the 5 steps of the user-research process:
To heighten the value and impact of privacy and security of research participants at scale, these best practices should be implemented into existing Research Operations (ResearchOps). ResearchOps streamlines dedicated roles and efforts toward managing operational aspects associated with privacy and security. Building in these practices and finding ways to operationalize them allows researchers to spend more time conducting studies and uncovering insights at scale, in a safe and secure way. ConclusionMaintaining participant data privacy and security should be a priority for all researchers. As researchers continue to develop new technologies and work with more research participants to do so, following these best practices is an important place to start. ReferenceKaiser, K., 2009. Protecting Respondent Confidentiality in Qualitative Research. [ebook] Chicago: Qualitative Health Research. (Nov. 2009), DOI: https://doi.org/10.1177/1049732309350879 Which group protects human subjects as they are involved in research activities?The Office for Human Research Protections (OHRP) provides leadership in the protection of the rights, welfare, and wellbeing of human subjects involved in research conducted or supported by the U.S. Department of Health and Human Services (HHS).
At what age can a researcher first seek to obtain assent from a potential child subject?The IRB presumes that children ages 7 and older should be given an opportunity to provide assent. Generally, oral assent through the use of a script should be obtained from children 7 - 11 years of age. Written assent using a written document for the children to sign may be sought for older children.
Why is the facilitated communication method considered by many psychology professionals to be pseudoscience quizlet?Why is the facilitated communication method considered by many psychology professionals to be pseudoscience? It is not backed by research.
Which of the following is the most accurate statement about health in all policies?Which of the following is the most accurate statement about Health in All Policies? Health in All Policies implies that the health consequences should be considered in the making all public policies.
|