Confidentiality and Privacy

Confidentiality

Confidentiality is “the obligation of people not to use private information … for any purpose other than that for which it was given to them” (National Statement, 2023). In the context of research involving human participants, this usually manifests in the obligation on the part of the researcher to protect the identities of their participants in the raw research data and in any published material.

Confidentiality and anonymity are not the same.  The term "anonymous" is sometimes used incorrectly by researchers to refer to the suppression of identities of participants in published material. This is confidentiality, not anonymity.

  • Confidentiality refers to the situation the participant has given identifying or potentially information about themselves to the researcher, but the researcher has kept these details hidden.
  • Anonymity refers to the situation where the participant’s identity and responses cannot be identified, even by the researcher themselves. That is, the participant has not given identifying information about themselves to the researcher, so the researcher does not know who has participated in their study or who has provided which responses.

If individuals are identified or potentially identifiable in the raw research data, then it is not accurate to refer to them as "anonymous", even if they are not identified in any publications.

If the term "confidential" is used in information provided to participants (in the participant information sheet and consent form), a full description of what precisely is meant by confidentiality in the context of a given research project should be given. Researchers need to explain to participants how their information will be protected. Blanket guarantees of confidentiality (e.g. assurances of "strict confidentiality") are not helpful, because there are legally appropriate situations where confidentiality may be broken. For example, under Australian law, any data that researchers collect can be subpoenaed. Depending on the nature of the research, it may be helpful to qualify promises of confidentiality with terms such as "as far as possible" or "as far as the law allows".

Focus Groups

Focus groups need particular provisions regarding confidentiality as group members may know each other, and will generally witness each other’s contributions. When focus groups are used, you should include advice in the confidentiality section of your participant information sheet requesting that focus group members maintain the confidentiality of group discussions, and that individuals in focus groups should refrain from making statements of a confidential nature or that are defamatory.

Third-Party Identification

Sometimes, even when care is taken to protect the identities of participants, there is a risk of third party identification. This is the risk where participants are identified by what they tell you, despite your best efforts to hide their identities. This is more likely to occur in samples of small populations, or where the participant or their views are well known. Certain details about the participants’ identity may be given away if they describe their role in or experience of a certain event (e.g., where they are located, their age, etc.). This risk is also present in group settings, where participants may share what other members of the group have said. Participants should be made aware of the risk of third party identification in the participant information sheet, and warned not to say or do anything that could harm themselves or others. If appropriate, measures should be taken to avoid third party identification (e.g., changing particular details such as suburb names arising from an interview). In certain situations, if third party identification occurs, this may be a breach of privacy law.

 

Privacy

Privacy is a specific subset of confidentiality which is legislated. The Australian National University is bound by the provisions of the Commonwealth Privacy Act 1988 and this Act applies to situations where researchers collect personal and/or sensitive information.

As a researcher at the ANU, you will need to:

  • Ensure that your research complies with the ANU Privacy Policy.
  • Have a data management plan and that data storage meets ANU requirements and standards 
  • Provide sufficient information to participants about potential privacy issues so that they can make an informed decision about their participation in the project.
  • Ensure that you do not collect any personal information beyond what is essential for the project.

Privacy Notice for the Information Sheet

If your research involves the collection of personal and/or sensitive information, such as (but not limited to) health information from participants, then you need to include a section in your Information Sheet on privacy to comply with the Privacy Act 1988. To comply with Australian Privacy Principle 5, a Privacy Notice must be included (please see Information Sheet template for this notice). The Information Sheet must provide details about:

  • who is collecting the information,
  • what information is being collected,
  • what purpose the information is being collected for,
  • how the information will be used, treated, accessed and stored, and
  • if the information is to be disclosed, to whom it will be disclosed.

Privacy Statement for Web-Based Studies

Increasingly the web is being used for surveys which raises particular privacy concerns. You need to ensure that these concerns, such as the use and disclosure of personal information and the tracking of individuals' activities, are considered and addressed.

The HREC requires that any email or web-based questionnaire must include a Privacy Statement in order to meet the requirements of the ANU Privacy Policy. The Privacy Statement must be prominently displayed on any web-based survey, usually on the same page as the questionnaire or prominently linked to it. If the survey is located on The Australian National University website, there should also be hyperlinks provided to The Australian National University's own privacy statement and the University’s information on security. These minimum requirements for the Privacy Statement can be found on the Privacy Statement Template.

Page Owner: Research Services