Anonymity, Confidentiality & Privacy

CER projects prioritize the safety of participant and community identities, and any sensitive data that they may share. Attention to anonymity, confidentiality and privacy in a CER project involves a close collaboration with community to understand and enact both institutional and community systems of protection, while also recognizing that individuals have the right to be identified if they choose to be (and if it is safe) through informed consent.

In traditional research paradigms, anonymity, privacy, and confidentiality are typical expectations in order to protect research participants and sensitive data. Anonymity can be described as “the degree to which the identity of a message source is unknown and unspecified; thus, the less knowledge one has about the source and the harder it is to specify who the source is among possible options, the more anonymity exists” (Scott, 2005, p. 243). In subtle contrast, confidentiality is a state in which a researcher may know the identity of the participant, but that information is not made public. In CER, these ideas are also of utmost importance, but they become more complex notions (and less discussed in the literature) when participants are also involved as co-researchers and/or co-authors. For this reason, sometimes the anonymity of a participant-researcher might stand in opposition to their agency to be named and acknowledged as a co-researcher. Indeed, there are some community collaborators who wish to be named in a study for a variety of reasons, including recognition or pride.  Regardless of tensions that arise, it is the primary researcher’s job to ensure the anonymity, confidentiality and privacy of participants insofar as they would like to have it, and insofar as it reasonably mitigates risk. Included in this principle is the safe and secure storage of data in locations that are determined not only by the research institution, but also and especially by the community whose data has been collected.

Tips & Considerations

Seek out and follow institutional (university-oriented) systems / procedures that are built to protect participants

Institutionally, there must be infrastructure in place to support confidentiality and privacy. Ross and colleagues suggest that in any CER situation “there are adequate provisions to protect the privacy of subjects and to maintain the confidentiality of data” (Ross et al., 2010, p. 34). In institutional settings, research ethics boards will require you to write a detailed plan outlining how you will protect the privacy and confidentiality of your participants; Part of this plan usually entails keeping electronic data encrypted in a password protected computer, and any hard copies in a locked and secure area. 

Seek out and follow community-based systems that are built to protect community members

Community organizations typically develop systems and strategies for ensuring the protection and privacy of community members who they serve. Community engaged researchers should align their plans to the community organization or local culture in which the research is taking place.

Identify specific local concerns

Ask community partners and collaborators about which aspects of anonymity, confidentiality, and privacy are of most concern in this community; Assign additional importance and effort to areas identified.

Recognize that for many communities, privacy is not just an individual matter, but also a collective matter

For example, “First Nations share and respect values of personal privacy with other Canadians. However, in addition to personal privacy, First Nations also value community and collective privacy. Recognition of collective privacy interests is based upon the principle that groupings of people, and not just individuals, have an interest in controlling access to information, particularly sensitive information, regarding that specific group or community” (FNIGC, 2011, p. 12).

Maintain confidentiality of documents shared

Many studies involve the sharing of confidential community information and documents, including maps, informal communications, travel records, forms, and other documents; Researchers have the responsibility to maintain the confidentiality not only of the people involved, but also of the authors and people identified in those documents (Minkler & Wallerstein, 2008).

Follow data security and storage protocols as determined by the community that is engaged in the research

For example, the First Nations Information Governance Centre mandates that in the case of a national health survey, “All national core raw data will be stored at the FNIGC which assumes the responsibility for all First Nations health information. Raw data will be kept on a server in FNIGC. All data will be password protected and confidentiality of data is maintained as outlined in the Data Protection and Stewardship Protocol and Survival of Confidentiality Requirement of the regional contribution agreement” (FNIGC, 2011, p. 5). 

Questions to Ask Yourself

  • To what extent has the community been involved in early conversations about their most pressing concerns related to anonymity, privacy, and confidentiality?
  • What types of information are being gathered through the data collection process? To what extent is that information necessary to the study? (Take time to ask why each question is being asked, and consider removing questions that are unimportant or unnecessary)
  • What steps can be taken at the institutional level to ensure the protection of the anonymity, confidentiality, and/or privacy of the information or data?
  • What steps can be taken at the community or organizational level to ensure the protection of the anonymity, confidentiality, and/or privacy of this information?
  • In what ways are community partners involved in the conversation about anonymity, confidentiality and privacy? How can they be continually involvement in this aspect of the research?
  • Are there circumstances in which community partners or collaborators would rather be identified than anonymized (e.g. for recognition or for co-authorship purposes)? What potential risks are involved in this move away from anonymity? To what degree have there been open conversations about the risks and rewards of identification versus anonymity?
  • In relation to the previous question, in what ways has the informed consent process offered participants options related to the level of anonymity and confidentiality they prefer?