Use the following checklist to better understand which activities lead to significant privacy concerns for research studies.
- In some cases it may be necessary to share fully identifiable participant data such as full date of birth instead of month and year. In such cases, participants should explicitly consent to these activities during the informed consent process. The reasons for sharing fully identifiable data must also be carefully justified.
- For studies that plan to share and link data it is important to include a data management plan that details the entire lifecycle of these data. Failure to include such a plan with your ethics application makes it very difficult for the REB and other reviewers to evaluate your study and may result in a deferral. If you need help constructing a plan, please contact the Research Privacy Advisor for support.
- Security is a key concern when conducting a privacy review. It is important to make sure that you are using systems and platforms that have been approved by PHSA and have undergone appropriate security and privacy reviews.
- It is not sufficient to state that research data will be de-identified. You must carefully explain what process you will use and how this process will manage the risk of re-identification. Reviewers want to make sure that study participant codes do not include a participant’s actual initials, full date of birth, SIN, or any other identifiable information. They want to make sure these codes are unique and cannot be linked back to the participant or accidentally applied to the wrong participant (in the case of initials).