The panel will discuss the context in which requirements around the ethical conduct of human participant research intersect with data management plans.

1. Research Ethics Boards and
Data Management Plans
Conflict and Coexistence
Susan Babcock, Research Ethics Office, University of Alberta
Charles (Chuck) Humphrey, University of Alberta Libraries
CASRAI Reconnect 2014

2. DMPs and REBs: Conflict and
Coexistence
● Conventional wisdom is the REB won’t let
researchers keep their data.
● We contend that DMPs will strengthen ethics
review of human participant research.

3. Outline
1. The context for our presentation
a. The challenges presented by evolving technologies
b. Changes in the research landscape
2. Data management and research ethics: existing
and emerging policies
3. Protecting data, protecting participants.

4. ● Technology is driving compliance,
legislation, and how to do research
● Multilateral models of research engagement
● Knowledge translation, KPIs, targeted
research, and ROI
Research ecosystem changes

5. New data
● Changes in technology are resulting in new ways
of producing data and in new uses of previously
collected data that move faster than our ability to
address ethical issues.
○ Citizen science; crowd-sourcing
○ Changing expectations around privacy
○ Ubiquity of data online (arguably in the public)
● Data identifiability is NOT static

6. Whose data
● Does ownership matter, whose data is it?
o OCAP principles: applying self-determination
concepts to research data and ethics
● The complexity of new technologies prevent us
from articulating what they will mean in the
future, e.g., understanding what your DNA data
may mean in some future use
o Biomedical commercialization

7. Research design
● Project research is being squeezed by program
research where data exist over longer periods
of time and for uses that may not have been
anticipated when initially collected.
● Complex research partnerships - working
across sectors, institutions, and national
boundaries - means complex regulatory
frameworks.

8. What we won’t address today
● Ownership of data. Ownership should be
formally addressed by the governance structure
related to the data.
● Operational approvals. Ethics approval is
necessary but not sufficient - institutions
providing data must also agree to participate

9. Purpose of ethics review
Intended to maximize the protection of human
participants by
● identifying harms and how they will be mitigated
● ensuring the research use of the participants’
data/information is understood (recruitment &
consent)
Risk and data are different study to study, thus the
ethics and data solutions will vary study to study.

10. Ethics requirements
● Respect for privacy includes the right to control
information about oneself.
o management of participant information/samples
● Duty of confidentiality includes protecting
participant data from unauthorized use or
access.
● Data security includes physical, administrative
and technical safeguards.

11. Risks to privacy
Privacy risks arise at all stages of the research
lifecycle, including initial collection of information,
use and analysis to address research questions,
dissemination of findings, storage and retention of
information, and disposal of records or devices on
which information is stored. Ch 5, TCPS2

12. Purpose of a DMP
Maximize the protection of research data for its
sharing, its uses for verifying academic integrity,
and its new uses in future research.
● identify how a researcher will facilitate data
access and preservation
● ensure that practices do not conflict with
research ethics or other requirements

13. Policy environment
Human participant ethics review is governed by
widely accepted national requirements which
generally apply to funded and unfunded research
conducted in the public sector.
● TCPS2, Health Canada
Standards are voluntary for a lot of private sector
research.

14. Legislation
Access to and use of identifiable information may
be governed by
● institutional policy, eg, university student records
management
● federal & provincial legislation, eg, Freedom of
Information, Health Information Act
● professional codes and community practices

15. Emerging policies & practices
● DMP policies are emerging to promote a variety
of research objectives including data sharing,
interoperability, ROI, KPIs, and data
stewardship.
o Legacy aspects
o Conduct aspects

16. Data hierarchy
To help focus concerns around privacy,
confidentiality and security, the University of
Toronto’s Research Ethics Office has developed a
four-tier model linked to the disclosure risks
associated with types of human participant
research data.

17. Anonymous
De-identified with low risk of re-
identification
De-identified with high risk
of re-identification
Identifiable
University of Toronto Data Risk Chart

18. Three policy frameworks
Building on the data risk model, we look at policy
framework requirements according to the type of
data involved.
1. TCPS2
2. Provincial/federal legislation
3. Data management plans

19. Balancing harms and protections
o REBs are not asking researchers to provide all of
the answers but are asking for likely scenarios and
how to respond.
o Ethics approval does not mean a study is risk free
but that the risks are understood and disclosed
o Individuals participate in research through consent
processes.
o Participants must provide free & informed consent.

20. EXEMPTIONS

21. TCPS2 - Public information
● REB review not required for research relying
exclusively on
○ information that is legally accessible & protected by
law (identifiable or not)
○ information that is publicly accessible & there is no
expectation of privacy (identifiable or not)
Eg, Stats Can public use files, court records,
archival records, media, publications

22. TCPS2 - Observational research
REB review is not required for research
involving observations of people in public places
provided there is
o no intervention by or interaction with researcher
o people observed have no expectation of privacy
o people observed cannot be identified through
dissemination of research results

23. TCPS2 - Secondary Use of anonymous material
REB review is not required for research that relies
exclusively on secondary use of anonymous
information or anonymous biological materials
PROVIDED data linkage/research dissemination
does not generate identifiable information
ANONYMOUS ≠ ANONYMIZED

24. ANONYMOUS MATERIAL

25. Anonymous Research Material (1)
TCPS2 - Anonymous information has never had
identifiers associated with it + risk of identifying
participants is very low
● often minimal risk research, consent process may be
simpler (implied or oral), large cohort studies, non-
interventional, no follow-up

26. Anonymous Research Material (2)
● Very few risks associated with data
sharing/data breach.
● Recruitment/Information process would have to
disclose data management plans.
● FOIP and health information legislation OFTEN
not applicable.

27. ANONYMIZED MATERIAL

28. Anonymized Research Material (1)
● Includes de-identified and coded data
● Researcher needs to assess likelihood
participants can be identified and harms arising
from re-identification
● Legitimate access vs wrongful access
● Consider research with sex workers,
vulnerable/distinct communities, critical inquiry

29. Anonymized Research Material (2)
● Recruitment/consent must discuss data sharing
● Right to withdraw from study and right to
withdraw one’s data
● Reaffirm data sharing, consent to recontact
● DMPs have to include more sophisticated
security arrangements
● Data sharing agreements, licensing

30. Identifiable Research Material
● Identifiable information may be disclosed with
no expectation of confidentiality (that it will be
kept secret)
● Participants sometimes want to be identified
● Researcher must consider both participant and
data custodians (for institutional data)

31. “But, it’s operational data…..”
If you plan to conduct research involving
secondary use of identifiable information
originally collected for non-research purposes
(eg, health records) the absence of consent
process and ethics review for original data
collection must be offset in REB review of the now
proposed research use.

32. Anonymous Anonymized
Anonymized
Identifiable
Confidential
University of Alberta Risk Matrix
- HARM +
+DISCLOSURE-
NO
YES
NO YES
RESEARCH ETHICS
PRIVACYPROTECTION

33. Issues between REBs and DMPs
Current mis-understandings:
● REBs will not allow long-term data retention
o The perspective of researchers is that they must
destroy their data
● Researchers are not allowed to consult with an REB
o Call before you dig!
● REB requests for further information are perceived
as attacks on an ethics proposal
o PI may need to educate REB

34. DMPs supporting ethics applications
● Consider the consequences of ethical issues
across the full research lifecycle at the
beginning of a project
o Don’t get trapped by reaching a stage late in the
lifecycle before addressing an ethics issue
● Treat as a process
o Vested interest in thinking in terms of the full
research lifecycle

35. DMPs supporting ethics applications
● Consider instruments or methods that can be
used to help mitigate ethical concerns
o Consent
 Unrestricted approval
 Staged/step-wise approval
● Further Ethics approval for secondary use
● Use of data licences
● Use of secure data facilities
 Terms of deposit with a repository
● Data deposit agreements

36. DMPs supporting ethics applications
● Consider instruments or methods that can be
used to help mitigate ethical concerns (cont.)
o Data modification
 de-identification algorithms
 synthetic data
o Potential linkage with other data
 banned
 terms and conditions of linkage

37. DMPs supporting ethics applications
● Consider instruments or methods that can be
used to help mitigate ethical concerns (cont.)
o Access control
 Data licence
 Ethics approval
 Data enclave
o Terms for preservation
 Conditions from consent
 Cascading consent responsibilities

38. Support from institutions
● Establish an integrated institutional response
o “It takes a village” : meaningful discussions
between researchers and data custodians
 Libraries, IST, Field Research, Graduate Studies,
Research Service Office, Research Ethics Office
● Diversify the composition of REBs
o The inclusion of a librarian, e.g.
● Provincial human and health services data

39. Research ethics - data matrix
Anonymous data Anonymized/coded
data
In/Directly
identifiable data
TCPS 2 Often lowest risk of
harm, minimal risk
research, implied
consent
Participant consent
Consider linkage
Tiered consent
Recontact
Health /
FOIP
laws
Often not applicable For health and “institutional” research,
data agreement & operational approval of
research & DMP. Not all identifiable data is
governed by legislation
DMPs Simplest, provided long
term, other research
use is disclosed
Plan to recontact, plan on future REB review