Confidentiality and Data Security
We must maintain the confidentiality and security of the data that we are collecting and using in all research. This is particularly important in the case of qualitative research, as the rich, in-depth nature of the data collected can increase the risk of individual identification. Qualitative methods can be used to explore sensitive research topics, and the implications of identification could cause harm to individual participants, or the wider population being studied.
Researchers should be transparent in their approach to data security and confidentiality to help participants better understand how their data is being protected. This can allow participants to be more trusting of the research, and therefore more honest and open in the answers they give to researchers.
It can be difficult to anonymise qualitative data as participants can give in-depth personal information about their own experiences. Removing personal characteristics, such as names and addresses may not be enough to ensure the privacy and confidentiality of the participants.
You should use your judgement to include enough detail and information in your report, without the risk for deductive disclosure. That is, even though their personal information has been removed, there is the possibility of an individual being identified through unique characteristics. This could include their behaviours, their experiences, or the opinions they express, and the combination of these. When presenting your outputs and findings, you must ensure that the data collected is carefully read and analysed to ensure that any information which could enable identification is found and removed.
Where possible, the amount of sensitive or re-identifiable information collected and stored should be minimised. This may be difficult when working with qualitative data, as context may play a large part in the accurate interpretation of the participant’s narratives. Data should be reviewed frequently and at the earliest opportunity. Any unnecessary data should be disposed of. It is therefore recommended that data is coded and analysed as an iterative process alongside data collection. This allows for the researcher to sooner determine what data is relevant to the research and what data can be disposed of. Data should be stored in a secure, safe location, with access limited to only the researchers that need it.
Researchers will often give their participants pseudonyms or unique identifiers to anonymise participant data. A pseudonym is a fictitious name, whilst unique identifiers will often be a mixture of numbers and letters.
Whether researchers choose to use pseudonyms or unique identifiers is often down to personal preference, and both have their benefits for anonymisation and confidentiality. Pseudonyms are often chosen by researchers as they allow some information to be kept about the participant which may be important to the study, for example, gender. They also help to better reflect real life and may feel more personal to the participant than unique identifiers. You can choose the names themselves or ask participants to choose their own pseudonyms. This may also be a good way to build rapport with participants.
It is important to remember that the reason for choosing to use pseudonyms or unique identifiers is to maintain participant confidentiality. This should be at the forefront of your mind when deciding which is most appropriate for your research.
In some qualitative research projects, researchers may ask participants for information on third parties, or this information may be disclosed by the participant in discussions with the researcher. Third parties include any individual identified or described by a participant. For example, family members, spouses, medical professionals, and friends. Third party privacy concerns may be an issue if the data collected is within a unique or rare contextual environment, or when data is collected longitudinally, even if it is anonymised. Harm to third parties may include the release of private information that they may not wish to have been disclosed, social stigma, or discrimination. Researchers are encouraged then to consider the risk of third-party disclosure at the research design stage. Where it is not beneficial for the research to collect information on third parties, this should be explained to participants, and they should be encouraged not to disclose this type of information.
Limits to Confidentiality
There may be occasions when researchers are given information by participants that requires them to report this to a safeguarding officer. As a researcher, you should stay alert to the signs of harm and abuse. If a participant discloses information to you that makes you worried for their safety, or the safety of someone else, you should follow safeguarding procedures or alert the appropriate authorities.
This may be more likely in some research projects than others, dependent on the topic being studied. However, all researchers should be aware of this risk, and try to identify any safeguarding issues that may occur and strategies to deal with these, during the planning phase. It should be made clear to participants the limitations to confidentiality based on these moral and legal obligations, prior to consent.
Where you are conducting research with groups of participants, there may be confidentiality and anonymity issues due to limited control over what participants may discuss outside of the group. Although participants should be asked not to share information disclosed during the focus group once it has ended, you can’t guarantee this and have very little control over what people will choose to share with others following the focus group. It is also important that participants are made aware of the potential risk for others to disclose information given within the focus groups, as this may affect their willingness to participate. This may affect the information that they share with the group.Back to top
Mitigations and Advice
- All processes and decisions made in relation to the security and confidentiality of data collected and used should be clearly documented for transparency. These processes should be clearly communicated to participants prior to data collection.
- Where secondary data is being used, transparency is still very important, and researchers should not assume that the data they are using has been adequately deidentified without additional assurance from the data provider or processor.
- Researchers should consider specific techniques for deidentifying their participants. This may include using pseudonyms or unique identifiers. However, this may not be sufficient in completely de-identifying participants. Further consideration should be taken as to the sensitivity of the data, and the risk of identification, and mitigated against appropriately.
- Data should be reviewed at the earliest opportunity. The data should be anonymised, and any unnecessary data should be disposed of. It is therefore recommended that data is coded and analysed as an iterative process alongside data collection. This allows for the researcher to sooner determine what data is relevant to the research, and therefore what data can be disposed of.
- Researchers are encouraged to consider the risk of third-party disclosure at the research design stage. Where it is not beneficial for the research to collect information on third parties, this should be explained to participants, and they should be encouraged not to disclose this type of information.
- If disclosure of criminal or harmful activity is seen to be a risk within your research project, this should be discussed at the outset, and any limitations to the confidentiality of research participants should be clearly articulated both in the project outline, and participant information materials.
- Researchers should further consider the legal obligations they may have to disclose certain behaviours, such as criminal activity. This will be dependent on the jurisdiction they are working in, and so researchers should ask for further clarification from their research institution and legal experts.
- Researchers should be alert to situations where an individual’s wellbeing could be at risk and know the appropriate action to take.