Office of Research & Sponsored Programs

IRB Manual Privacy and Confidentiality

Privacy and Confidentiality



In most research projects, it is incumbent upon the researcher to protect the privacy and confidentiality of those who may volunteer to serve as participants in the study. 

In regard to privacy, researchers must consider whether or not others are present when individuals are invited to participate in a study as well as when they are actually participating.  During the recruitment process, it is often important to provide ways for individuals to say “yes” or “no” to the study without others being aware of their choices.  This is primarily important when the study topic is somewhat or very sensitive and/or when others’ knowledge might influence the decision that the potential participant might make.  Recruiting potential participants in individual situations helps avoid this issue, when it is a concern.  Inviting participation by phone (if others are not in the background listening to the conversation) or by email may be good options.  Researchers must strive for the degree of privacy that matches the sensitivity of the study.  It would be completely inappropriate to recruit domestic abuse victims by visiting their homes.  On the other hand, it is typically acceptable to ask students who are interested in participating in a study about reading habits to simply drop their surveys in a box at the front of the room.  Similarly, if the study topic or population has the potential to harm an individual’s reputation or might simply embarrass them if they were overheard, obviously then interviews must be conducted in a private setting.  Likewise, participants must not fill out sensitive questionnaires and then drop them in a box, or hand them directly to the researcher.  A better option is to have them sealed in an envelope first.  

Confidentiality pertains to what happens to the data or information collected or analyzed during the study.  The fact of an individual’s participation should typically be kept confidential, as well as the data provided, unless it is unnecessary (low risk) or there is a reason to do otherwise (see below).  There are a variety of methods that researchers use to maintain confidentiality, which again should be tailored to the study’s potential risks.  At the very least, if the study is at all sensitive, the names of participants should be kept in a separate electronic or physical file from the other data provided, and a password-protected master code list maintained to connect them.  Other methods include not putting names on videotape files of interviews and deleting the interviews when the study is complete (when appropriate to do so).  Researchers should always consider whether they actually need the names of participants in the first place – if not necessary for future contact or research purposes, the data should be anonymous.  (Note that video and audio files cannot be considered anonymous.) 

It is beyond the scope of this discussion to examine all of the procedures that can be used to track, connect, and/or protect the privacy of individuals and confidentiality of data.  It is simply important to note that all potential participants have a right to know what steps, if any, are being taken by the researchers to protect their privacy and confidentiality, in order to make an informed decision about whether or not to participate.

In some cases, even in sensitive studies, it may be appropriate for participants’ identities to be known.  In some qualitative studies, for example, participants may be considered partners in the research and the researchers may wish to offer the option for participant names to be associated with the results.  This is certainly acceptable – it simply needs to be documented one way or the other by each participant.  Similarly, the researcher may wish for some reason pertinent to the study to NOT protect the identities of participants.  This then needs to be clearly stated in the consent information for potential participants to consider when deciding whether or not to participate.

One final issue in regard to privacy and confidentiality is the question of direct versus indirect identifiers.  Direct personal identifiers include information such as name, address, telephone number, social security number, identification number, medical record number, license number, photographs, and biometric information.  Indirect personal identifiers include information such as race, gender, age, zip code, IP address, and major.  Researchers must be aware that, even in anonymous studies with no direct identifiers, indirect identifiers can sometimes be combined to ascertain the identity of a participant.  This is most common when one or more of the identifiers is relatively rare in the population (e.g., some racial/ethnic groups in some geographic areas in the state).  When this is the case, caution must be used to guard that information in order to prevent re-identification, particularly in higher-risk studies.  Different fields have various methods for doing this, but a common procedure is to not report certain information in the study results when identification becomes possible. Note that when researchers are studying their own students, there is a high likelihood that others might be able to determine participant identities because they know the researchers and where they teach, unless the researchers take care to reduce that risk.


Back to Table of Contents