Data @ Reed

Data Privacy

Working with data from or about people? Whether you are collecting data or reusing previously collected data that is personally identifiable take some time to consider data privacy issues. It is worth bearing in mind that data can be directly identifiable (includes names, IDs) and indirectly identifiable (where data points in combination allow for identification - such as age, occupation and census tract).

You will need to work with the Reed IRB to get approval for your research and the methods you will use to ensure privacy for the data involved. Not only is this process required, but once you have an approval in place, you have a plan to follow to help meet your legal and ethical responsibilities as a researcher.

Before designing a study that utilizes personally identifiable information (PII) or otherwise sensitive data, ask yourself if that information is truly necessary for your analysis. For example, do you need exact date of birth or will age suffice? Don't collect risky data if it isn't integral to your research question(s) and analyses.

Different types of data have different levels of risk associated with them. The nature of the data you are dealing with with inform the type of IRB review the project will need and also dictate the tools and technologies you can use while working with the data.  See the Reed CIS page on Reed data classification and handling guidelines to get an idea of the relationship between risk level of data and the implications for storage and access. As an institution, Reed has a data privacy policy that covers information provided by individuals to Reed College or who access Reed College websites.