Data Collection/Analysis Procedures Feedback
The first step in ensuring confidentiality is the coding process. All identifying information about the study participants will be coded (numbers or pseudonyms), and a key for each of the codes will also be created by the research team. The key will be only available to the research investigators, and any information about it that would allow third-party agents to decipher the codes will be stored using specific software for data security.
To secure the privacy of data during collection, no standard unencrypted e-mail services should be used (including popular e-mail providers) (CMOD, 2008). Personal and sensitive information will be encrypted via encrypted email services (e.g. protonmail, countermail, etc.). If the participants cannot or refuse to use encrypted services, the researcher can suggest using Zip file programs that secure the transmitted documents (e.g. SecureZIP) (Ijaz, Shahzadi, Riaz, & Sabir, 2014). No third party agent will be allowed to access the files.
To ensure data storage security, any sensitive or private data will be centralized (available only from the Department’s secure server room that has restricted access to stored information) so that neither the researcher nor any third party agents can copy the data to private PCs, mobile phones, laptops, etc. All remote access will be completed only via secure encrypted links. Two-factor authentication and strong, complicated passwords are also necessary for data security (Acharya, Polawar, & Pawar, 2013). It is also advisable not to store the data on mobile devices. The researcher aims to assess all the data remotely and not store any of the collected data on private mobile devices because they are more vulnerable to hack attacks (Wang, Johnson, Murmuria, & Stavrou, 2012).
As to personal security during interviews, the researcher suggests using one of the University’s classrooms that can be locked during the interviews or closed to avoid any de-identification. Each of the interviews will be conducted individually, without other participants present. Another suggested measure is to choose a place where the participant’s privacy will be more secured compared to the University, e.g. at their home or near it (Gubrium, 2012). All the materials necessary to the research will be prepared before the interview. Participants are to be provided with informed consent statement, where all the details about privacy security, data collection and transmission, and ethical considerations will be described in detail. Any identifying information (name, occupation, city, state, any specific data) will be changed in the study to avoid negative disclosure. The data collected during the interviews (papers and/or audio recordings) will be encrypted and not accessible to any third party agents.
Record Storage and Data Management Plan Feedback
There are various types to destroy or dispose of data that was collected for research. PTAC (n.d.) suggest either clearing the device (rewriting the document or setting to the factory state), purging it (renders data recovery), or physically destroying it (e.g. shredding for paper documents). The staff at security room will be asked to dispose of the data using the first method, and the researcher also aims to clean or format any personal devices that will be used in the research when data disposal is necessary. All paper used for data collection (interview notes, observations, etc.) will be shredded to avoid any disclosure.
Since the centralized data will not be available to the researcher personally, the staff can use the overwriting technique that successfully makes the data unrecoverable. Still, overwriting should only be completed with specific software that performs three overwriting passes and a secure pass as well (Auburn University, 2016). Merely deleting information from the device is not enough since it can be restored using specific software.
No identifying information will be used in the study and the published documents; instead, codes and pseudonyms will be used to maintain confidentiality. The file that relates codes to identities of the participants will be encrypted, stored on a separate device, and only available to the research team.
All identifiers will be removed from the survey instruments that contain data (VirginiaTech, n.d.). All records will be assigned with strong passwords, and the password information will be available to research team only.
No interview notes, recordings, and field notes will contain information that can lead to de-identification of the participants. The research team does not plan to use video recordings so that confidentiality of the participants remains uncompromised. If there is a need to use video recordings, participants’ faces will not be recorded or will be recorded using specific filters that complicate their identification. No commentaries regarding the identity of the participants will be made because they can lead to confidentiality breaches (Ritchie, Lewis, Nicholls, & Ormston, 2013). If the participants of the study mention other individuals (family members, friends, relatives, etc.) and provide sensitive information about them, the researcher needs to evaluate whether such information can be used in the study and how the individual’s identity related to this information can be protected. The researcher can directly contact the individual. If the information is too sensitive or private, and the researcher does not have any informed consent from this individual, such information should not be included in the study.
References
Acharya, S., Polawar, A., & Pawar, P. Y. (2013). Two-factor authentication using smartphone generated one-time password. IOSR Journal of Computer Engineering (IOSR-JCE), 11(2), 85-90.
Auburn University. (2016). Electronic data disposal policy. Web.
CMOD. (2008). Protecting the confidentiality of personal data. Web.
Gubrium, J. F. (2012). The SAGE handbook of interview research: The complexity of the craft. London, England: Sage.
Ijaz, I., Shahzadi, A., Riaz, K., & Sabir, S. (2014). A framework for data storage cloud to provide security. International Journal of Emerging Trends in Science and Technology, 1(6), 932-938.
PTAC. (n.d.). Best practices for data destruction. Web.
Ritchie, J., Lewis, J., Nicholls, C. M., & Ormston, R. (2013). Qualitative research practice: A guide for social science students and researchers. London, England: Sage.
VirginiaTech. (n.d.). Protecting confidentiality & anonymity. Web.
Wang, Z., Johnson, R., Murmuria, R., & Stavrou, A. (2012). Exposing security risks for commercial mobile devices. Web.