Type of Data
Anonymous or de-identified information; identifiable information that a subject has consented to make publicly available; or identifiable information that a subject has been assured would remain confidential, even though no harm would be expected if this information were to be disclosed.
Examples
No risk/anonymous:
- An online Qualtrics survey is sent out to community college math instructors across the country. The survey asks about their influence on curriculum changes. Data anonymization is turned on in Qualtrics so that no IP addresses are captured.
- An online Qualtrics survey is sent to directors of drug rehabilitation programs. The survey asks about their opinions regarding counseling practices. Data anonymization is turned on in Qualtrics so that no IP addresses are captured.
No risk/identifiable:
- Community college math instructors in the Portland Metro Area are asked to participate in a short in-person interview about their influence on curriculum changes.
- Directors of drug rehabilitation programs are asked to participate in interviews about their opinions regarding counseling practices.
Minimal risk/de-identified:
- The researcher is collaborating with the Oregon Department of Education (ODE). ODE will send paper surveys out to math instructors at all Oregon community colleges. The survey will request information about what changes they would like their administrators to make with regard to curriculum. ODE will remove any identifying information before providing it to the OSU researcher.
Minimal risk/anonymous:
- An online Qualtrics survey is sent to directors of drug rehabilitation programs. The survey asks about the director’s experiences with difficult clients and situations in which they had to change their typical approach to rehabilitation. Data anonymization is turned on in Qualtrics so that no IP addresses are captured.
Security Requirements
Information should be shared and stored in a manner that provides access only to authorized individuals. If information is stored on a computer, the system should have fully patched operating systems and applications, and current antivirus software with current virus definitions. Information may be stored in cloud-based servers.
Security Recommendation
A plan for routine back-ups of all data should be in place.