Module 5

Ethics of Data Collection and Management

Youtube link to lecture

You can also download the lecture from here

Ethics of Data Collection and Management – Module 5 – DE Costea

Case for discussion

 

You are completing a study evaluating the different factors contributing to the health conditions in a refugee camp. As part of your project, you have access to a database containing all of the personal and medical information of your participants. Since you have an important meeting that you need to attend the next day, you decide to transfer the data onto a USB key, and onto your personal laptop. Later that night, you go to a restaurant with your friends and leave your bag
unattended. When you return to your bag after a few hours of dancing, you realize that your laptop has been stolen.

What are the ethical issues involved in this scenario?

The scenario presents several ethical issues related to the handling and security of sensitive data.
1. You have stored personal and medical information on unsecured devices. This had the risk of unauthorized access to sensitive data.
2. You have breached the trust if the participants that have signed the informed consent. Participants likely consented to the use of their data under the assumption that it would be securely managed.
3. You failed to implement adequate security measures to protect the data and in this way you violated ethical guidelines and potentially legal requirements for data protection.

Should you have transferred the data onto a USB key or onto your computer?

You should not have done that without encryption. Transferring sensitive data onto a USB key or personal laptop, especially without encryption, is generally considered poor practice. Such devices are easily lost or stolen and may not have adequate security measures in place compared to institutional systems designed for data protection.

What is the issue now that your laptop has been stolen?

The primary issue is the potential breach of participant confidentiality. If the laptop contains unencrypted personal and medical data, there is a significant risk that this information could be accessed by unauthorized individuals that can lead to
1. Identity Theft: Personal information could be misused for fraudulent purposes.
2. Stigmatization and Discrimination: Medical information, particularly in a refugee camp context, could expose participants to stigmatization or discrimination.
3. Loss of Trust: Participants and the broader community may lose trust in the research process and in the institution conducting the study.

What are the possible consequences for the participants of this study?
Participants could face several adverse consequences, including:
1. Privacy Violations: Unauthorized access to their sensitive information.
2. Physical and Psychological Harm: Exposure of their medical conditions could lead to stress, anxiety, or even physical harm in extreme cases.
3. Legal and Social Repercussions: In some cases, particularly in sensitive populations like refugees, exposure of certain data could lead to legal issues or social exclusion.

How could you have prevented this from happening?
There are several ways you could have prevented this:
1. Encryption: as a rule, always encrypt sensitive data before transferring it to portable storage devices or personal computers.
2. Secure storage: as a general rule, always use secure, institutionally-approved storage solutions for sensitive data, such as encrypted institutional cloud services.
3. Data minimization: avoid transferring or storing more data than necessary. Only carry the data needed for immediate use.

NOTE: In the case this had happened, it is very important to have a clear plan in place for responding to data breaches, including immediate reporting and mitigation steps.

 

*Please let your reflections/questions/comments related to the cases for discussion in the box bellow.

8 thoughts on “Module 5

  1. Q1. Prompt Notification: as researchers have an ethical obligation to promptly inform affected
    participants and relevant authorities of any data breaches.
    Develop and maintain a data breach response plan that includes immediate
    notification procedures. Ensure transparency about the nature and extent of the breach.
    Mitigation of Harm: take responsibility to mitigate any harm caused by a data breach is critical. This includes steps to prevent further unauthorized access and to address any
    immediate risks to participants.
    on the top of that implement immediate containment measures, such as revoking access
    privileges and securing vulnerable systems. Provide support and resources to affected
    participants.
    Q2: invasion of privacy through access to their sensitive information of vulnerable individuals
    social risk particularly the data involves sensitive or stigmatized topics, with consider mow days we are living in fast news of social media.
    Psychological Risks: These risks can be particularly significant in studies involving
    sensitive topics and vulnerable populations.
    could Loss confidentiality
    Q3: to prevent this from happing through Data Storage and Security: Data has to be stored in secure, backed-up locations to
    prevent loss due to hardware failure or other issues. It is advisable to use cloud storage or
    institutional servers with robust security measures. Various methods of control of access
    should be implemented to ensure that only authorized personnel can access sensitive data.
    It is advisable to use encryption where necessary to protect data privacy.

    Reply

  3. What are the ethical issues involved in this scenario?
    1- Data Storage had been breached. The investigator should not keep the data on a personal USB and use a personal laptop to store the information. He also should secure backed-up locations (e.g., cloud storage), encrypt the data, and control access to it.
    2- data security is at risk (confidentiality of participants, and handling sensitive data is at risk).

    Reply

  4. Should you have transferred the data onto a USB key or your computer?
    no data should be stored in a personal storage location, it should be in Secure, backed-up locations (e.g., cloud storage provided by the institution), with Encryption and access control of investigators and trained team.
    the instigator should abide by the data security principles.

    Reply

  5. What is the issue now that your laptop has been stolen?
    Data security breaches are the main issue at hand.
    1- The confidentiality and privacy of participants are at risk and may lead to physical or emotional harm or exploitation of their information.
    2- this will lead to vulnerable participants not trusting further research conducting data to them and this will lead to losing trust in the scientific community.

    Reply

  6. How could you have prevented this from happening?
    1- securing the storage of data.
    2- Compliance with legal and ethical standards governed by the General Data Protection Regulation (GDPR).
    3- putting Mitigating Harm regulations if a breach happens.
    4- Transparency and Accountability to participants by informing them of the breach and the authorities.
    5- Restoration and recovery (work with cyber experts)
    6- Ethical Reflection and Improvement

    Reply

  7. Keeping information in a personal computer is risky.
    The participants abd authority should be notified immediately.

    Reply

  8. Reflections and Comments:

    1. Handling of Sensitive Data:
    • The researcher failed to prioritize data security. Sensitive information should never be stored on unsecured devices, especially without encryption.
    • Institutional guidelines for handling participant data should be strictly followed to prevent breaches.
    2. Ethical Responsibility:
    • Researchers have a duty to safeguard participants’ information as part of their ethical and professional obligations.
    • Breaches compromise the trust participants place in the research process and the institution.
    3. Preventive Measures:
    • Encryption and secure storage solutions should be mandatory for sensitive data.
    • Clear protocols for data handling and storage need to be established and enforced by institutions.
    4. Consequences for Participants:
    • Unauthorized access to medical and personal data could lead to significant harm, including identity theft, stigmatization, or discrimination.
    • Refugees, as a vulnerable population, face unique risks that amplify the ethical responsibility of the researcher.
    5. Researcher Accountability:
    • The researcher should have assessed the risks involved and sought institutional solutions for secure data management.
    • Awareness and training on ethical research practices are crucial for preventing similar incidents.

    Questions for Further Discussion:

    • How should institutions ensure compliance with data protection standards?
    • What steps should researchers take when handling data outside institutional settings?
    • How can researchers rebuild trust with participants after a data breach?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *