Can we protect the privacy of research subjects without blocking access to information?

Several members of the Living Archives on Eugenics in Western Canada project have experienced some of the problems of attempting to get access to personal information from government institutions that create barriers to, or outright denials of, access to information by  citing the need to protect the privacy of individuals to whom the information relates. All privacy legislation in Canada, whether federal or provincial, defines “personal information” as being information about an identifiable individual. There are many simple ways to alter records containing personal information, depending on the type of record and type of information, and this can and should be negotiated with researchers, many of whom have already factored privacy protections into their research as part of the ethics approval process.

An interesting piece in last week’s New York Times focused on just these issues, although in the US. New rules affecting researchers dealing with sensitive medical information will offer the necessary privacy protections to subjects who participate in studies or whose information is otherwise made available to researchers. At the same time, researchers are concerned that the new rules will result in limited access to various types of valuable data, such as census data, marketing research, and various types of statistics. Typically, denials of access to such information are based on the premise that even when personal identifiers are removed from the information, individuals can potentially be identified by matching data obtained from other sources. While this may certainly be a legitimate issue, common sense should prevail when dealing with aggregate data, or with historical documents. Unfortunately, in Canada and the US alike, common sense doesn’t always factor into decision making, since denying researchers access to information is often the result of risk management by the institution holding the information, not wanting to be held liable for making mistakes. Usually, the best approach is to draft a research agreement between the researchers and the institution, shifting the responsibility for protecting privacy from the institution to the researchers. However, this depends entirely on the willingness of institutions to assist researchers in the first place. If they are not willing to assist in this way, it may be up to researchers to resort to using standard access to information processes to obtain information for research purposes.

It is in this context that we should remember that access to information and protection of privacy go hand in hand, and both aspects should be considered together. Information relating to identifiable individuals belongs to those individuals, but information that is not identifiable belongs to the citizens, not to the government. And researchers are finding increasingly innovative ways to utilize information and transform it into new types of data that can be used to provide better government services, all with little to no risk of breaching anyone’s privacy when done properly. Institutions should be trying to find more innovate ways of getting such data into the hand of researchers, instead of creating unnecessary roadblocks.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s