When conducting research with human subjects, Research Ethics Board approval is necessary. Although there is no specific section for data, several sections of the REB request form require researchers to provide information on their data collection processes, data storage and data security. Here are some examples of questions with regards to research data management that researchers can expect when requesting REB approval .
Methodology
Provide a sequential description of the methods and procedures to be followed to obtain data. Describe all methods that will be used.
Privacy and Confidentiality
a) Describe the degree to which the anonymity of participants and the confidentiality of data and other identifiable study materials will be assured and the specific methods to be used for this, both during the research and in the release of findings.
b) Describe the use of data identification coding systems and how and where data will be stored. Describe any potential use of the data by others.
c) Who will have access to identifiable data?
d) What will happen to the identifiable data after the study is finished?
For more information on research ethics at McGill, consult the Research Ethics Board website.
Not all data can or need to be open.
Sensitive data/propietary data include:
Resources:
Portage has released a series of documents (October 2020) as part of a toolkit for researchers working with sensitive data in the Canadian research context (see below, available in French and English).
The Data Curation Network (US-based) has also released a comprehensive Primer on Human Subjects Data Essentials
The Finnish Social Science Data Archive hosts a guide on methods for anonymizing and de-identifying human subjects data, including both qualitative and quantitative approaches
OpenAire Sensitive Data Guide (Europe)
Quick Guide to HIPAA (Stanford University)
Guidance on the HIPAA Privacy Rule, includes a definition of Protected Health Information (US Department of Health and Human Services)
Harvard's DataTags project is working on secure transfer and storage solutions for publishing sensitive data to Dataverse
Further Reading:
Samarati, P., & Sweeney, L. (1998). Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression.
Sweeney, L. (2000). Simple demographics often identify people uniquely. Health (San Francisco), 671(2000), 1-34.
The CARE Principles for Indigenous Data Governance are people and purpose-oriented, reflecting the crucial role of data in advancing Indigenous innovation and self-determination. These principles complement the existing FAIR principles (www.go-fair.org) encouraging open and other data movements to consider both people and purpose in their advocacy and pursuits.
Collective Benefit:
Data ecosystems shall be designed and function in ways that enable Indigenous Peoples to derive benefit from the data.
Authority to Control:
Indigenous Peoples’ rights and interests in Indigenous data must be recognised and their authority to control such data be empowered. Indigenous data governance enables Indigenous Peoples and governing bodies to determine how Indigenous Peoples, as well as Indigenous lands, territories, resources, knowledges and geographical indicators, are represented and identified within data
Responsibility:
Those working with Indigenous data have a responsibility to share how those data are used to support Indigenous Peoples’ self-determination and collective benefit. Accountability requires meaningful and openly available evidence of these efforts and the benefits accruing to Indigenous Peoples.
Ethics:
Indigenous Peoples’ rights and wellbeing should be the primary concern at all stages of the data life cycle and across the data ecosystem.
To learn about the principles of Ownership, Control, Access, and Possession, please visit https://fnigc.ca/ocap-training/
The following information is quoted from the First Nations Information Governance Centre's website:
"OCAP® asserts that First Nations alone have control over data collection processes in their communities, and that they own and control how this information can be stored, interpreted, used, or shared.
Ownership refers to the relationship of First Nations to their cultural knowledge, data, and information. This principle states that a community or group owns information collectively in the same way that an individual owns his or her personal information.
Control affirms that First Nations, their communities, and representative bodies are within their rights in seeking to control over all aspects of research and information management processes that impact them. First Nations control of research can include all stages of a particular research project-from start to finish. The principle extends to the control of resources and review processes, the planning process, management of the information and so on.
Access refers to the fact that First Nations must have access to information and data about themselves and their communities regardless of where it is held. The principle of access also refers to the right of First Nations’ communities and organizations to manage and make decisions regarding access to their collective information. This may be achieved, in practice, through standardized, formal protocols.
Possession While ownership identifies the relationship between a people and their information in principle, possession or stewardship is more concrete: it refers to the physical control of data. Possession is the mechanism by which ownership can be asserted and protected."
Please note: “OCAP® is a registered trademark of the First Nations Information Governance Centre (FNIGC)”
McGill Library • Questions? Ask us!
Privacy notice