IASSIST 2008 Conference Session: Licensing, Privacy and Protection

Thomas Lindsay of the University of Minnesota gave a presentation entitled, The Digital Locked File Cabinet: A Problem Metaphor. His talk addressed: (a) interpreting Institutional Review Board (IRB) regulations and guidelines for human subject research – i.e. in relation to privacy and (b) data security where private information has been collected.

US Code: Protection of Human Subjects, created 1974 and revised 2005 – primarily biomedical and behavioural research, applied directly to all federally funded or conducted research – human subject research defined in 45 CFR 46.102(f)

Research obligations under law include:
1.minimise subjects risk through sound methodology
2.risks appropriate to benefits

Human subjects research in the digital age – online surveys, no face to face communication, written consent is often impossible (at least where a signature is required) and traditional data security measures do not apply.

Regulations that do not strictly translate to the digital age must be interpreted; panels make individualised case-by-case decisions (but often these decisions will conflict with other similar cases); do not always understand nuances of internet data security issues.

CLA Survey Services at the University of Minnesota has developed software and standards to deal with these problems. These include online consent forms, data security software etc.

CLA-OIT Survey Services (Case Study) –
Key Issues:

(1) Informed Consent

  • Title 45 part 46.117 – legislation requires informed consent – researchers must collect signatures from participants to indicate consent
  • Signature collection is not practical in most online research settings – vast majority of population is not set up for federally-recognised “digital signatures”
  • Compromise with IRB – consent form is first page of survey, consent form is identical to paper requirements, in place of signature a question is asked whether the participant consents, the participant can only continue with the survey if they say yes

(2) Required Answers

  • Can researchers require a participant to answer a question? This can conflict with the principle that a participant can withdraw consent at any time
  • Face to face is different to online – in face to face the researcher can intimidate – online a participant can never be truly forced to answer a question, because they can just shut the browser and walk away from the computer

(3) Data Security

  • Multiple layers of protection including encryption, dedicated database, passwords etc.

[I asked two questions:

(1)Have you developed a system whereby the participant can give varying levels of consent for use of their data when they begin the survey?
(2)What is the protocol if the participant does “close the browser and walk away”? Are they informed at the beginning of the survey that this will constitute a withdrawal of consent? Are they told what will be done with their data entered thus far if they decide to stop completing the survey?

Response: they have not done either of these things, but will consider both carefully. There may be some difficulties in convincing the researcher who is conducting the survey to agree to allow participants to give varying levels of consent, because the researcher usually wants to obtain consent to do everything they can with the data.]