Confidentiality and Privacy (Cont.)
What is the difference between privacy and confidentiality?
The Common Rule defines "identifiable private information" as:
"information about behavior that occurs in a context in which an individual can reasonably expect that no observation or recording is taking place, and information which has been provided for specific purposes by an individual and which the individual can reasonably expect will not be made public (for example, a medical record)." (§690.102(f))
- PRIVACY refers to persons; and their interest in controlling the access of others to themselves.
- CONFIDENTIALITY refers to data; and to the agreements that are made about ways in which information is restricted to certain people.
- Identifiable information collected through research should be kept confidential as much as possible, as a matter of professional courtesy, no matter whether there is an identified harm or not (unless the research is such that respondents clearly understand that identities will be published, as in historical studies).
- Successful confidentiality begins from the top, and implies a research culture which involves everyone, whether they normally have access to project files or not, aware that identifiable private information must be kept confidential.
- There are many techniques of ensuring confidentiality and of de-identifying data. The level of confidentiality should match the level of risk inherent in the project.