Research Ethics 101:
How We Approach Data Privacy & Confidentiality
Welcome to the first post in a series on ethics in UX research at DonorsChoose. We’re kicking things off with an introduction to our tenets on data privacy and confidentiality.
At DonorsChoose, we take issues of privacy, confidentiality, and consent seriously. A few years ago, our UX Research team decided that it would be helpful to formalize our approach to protecting participants and their personal data. Here’s a list of tenets that we came up with to guide this practice.
- We limit storage and access to personal identifiable information (PII) across research tools and platforms and to maximize participant confidentiality.
Depending on the project, we may collect names, email addresses, mailing addresses, or phone numbers, all of which is considered PII. While we treat all data carefully, we’re most meticulous when it comes to PII, even if it’s been volunteered. We only keep PII while we need it, and delete it when we don’t. We take extra steps to keep things confidential, like swapping numbers for names so that a participant’s identity is hidden as research recordings and deliverables get shared around our organization. - We take a reactive approach to data collection and storage.
We’re intentional about collecting only the data we need for the study at hand. For example, we won’t ask donors about their household income, a common market research question, unless we are specifically studying a topic related to donor household income. When we’re working with private data that’s stored in our database, we only download information that we know we’ll use for sampling or analysis. We also include masked ID numbers, making it easy to append other data down the road if a new question arises. - We inform participants about the types of data we’ll collect in a research session, how we’ll use it, and how they can opt out.
Participants receive a consent form that is written in plain language before signing up for a session. We reinforce their consent at multiple points throughout the research process and we make ample space for questions. - We promise total anonymity to participants when we feel the research topics are of a particularly sensitive nature.
We distinguish between studies in which the data is confidential (the research team knows or can find out the identity of a participant) or anonymous (we collect no identifying information). A study that is anonymous is truly anonymous; we have no way to identify the participant. - We respect any participant’s right to have their research data deleted entirely.
Unless data was collected anonymously, the masked ID numbers that we store allow us to identify a past participant in our database, without storing their private information in shared folders or other research tools. Because these masked IDs are attached to every study, if a participant contacts us and wants to revoke their data (e.g., PII or even feedback on a feature), we’re set up to oblige.
Why we have tenets on data privacy
You might be saying to yourself “This is all very obvious. No one wants to play fast and loose with user data,” to which I say “Ahem”. Or you might be thinking “This is overkill, pal! All our systems are secure, so it’s all gravy!” I hear you, but here’s why we think it’s important to make our thinking on data privacy explicit.
Having our data privacy tenets in place is one way we that we show respect to the teachers and donors who make our work possible. As user experience professionals, we should always be thinking about how to do right by our users. After all, we owe them our jobs. At DonorsChoose, we work with user data all the time, like when we download a list of teachers who qualify for a study and email them an invitation to participate in an interview, send out a survey and append usage data and identifiers to responses, or add a donor’s account number to a spreadsheet to refer to before or during an interview. Without this crucial information, we’d struggle to develop an understanding of the user experience on DonorsChoose. And, we may be biased, but we think that developing that understanding is a good thing, especially when we’re striving toward a lofty goal like bridging the educational equity gap in US public schools (which, haven’t ya heard?).
Our written tenets also led to the detailed processes we needed in order to enact them. (We’ll be sharing those soon). For example, at the end of a study, we know exactly what data to keep, what to delete, and how to delete it. Our consent forms have become more comprehensive and we’ve made it easier for participants to access them. During research sessions where participants share their screen, they always know exactly what they’re sharing. Where we once had conviction, we now have conviction and action.
Plus, formally committing to privacy and confidentiality is good for our reputation among our colleagues. I can happily say that we’re not the only ones at DonorsChoose thinking about data privacy. Have you ever read (or pretended to read) a privacy policy this easy to understand? Or what about the best-in-class practices that our cross-team security group implements to protect us from hackers and breaches, the way our Data Privacy group provides guidance on thorny questions, or how our Data and Operations teams thoughtfully balance democratizing data with restricting access. We take privacy seriously at an org-level, so the Research Team’s passion for protecting user data is very on-brand.
If you want to make privacy and confidentiality part of your research team’s brand, look no further than the follow-ups to this post about what these tenets look like in practice. We’ll share helpful how-tos about anonymizing data and discuss how we approach consent before and during a user research session. Feel free to borrow from us or ask us questions. We’d love to hear from you.
_________
A note on GDPR
DonorsChoose doesn’t operate in the EU and isn’t governed by the General Data Protection Regulation (GDPR). Our tenets on data privacy are not guidelines to practicing compliance with GDPR. We do agree with the spirit of the regulation, though, and hope that our emphasis on limiting data storage, favoring opt-ins over opt-outs, and making consent explicit reflects our commitment to data privacy. If your org offers services to people in the EU, you’re likely bound by the GDPR. There are tons of resources out there about meeting these regulations, like this one from UserInterviews.
_________
Ethics Guidelines from Various Research Organizations
Here is a small selection of the orgs/clauses that informed our thinking, to get your research team started on the road to ethical date treatment of participants and their data.
American Psychological Association “Psychologists have a primary obligation and take reasonable precautions to protect confidential information obtained through or stored in any medium, recognizing that the extent and limits of confidentiality may be regulated by law or established by institutional rules or professional or scientific relationship.”
https://www.apa.org/ethics/code/
American Sociological Association “Sociologists make reasonable efforts to maintain confidentiality in the storage and transmission of research information.”
http://www.asanet.org/sites/default/files/asa_code_of_ethics-june2018.pdf
National Institute of Health “Individuals should be treated with respect from the time they are approached for possible participation — even if they refuse enrollment in a study — throughout their participation and after their participation ends. This includes:
- respecting their privacy and keeping their private information confidential
- respecting their right to change their mind, to decide that the research does not match their interests, and to withdraw without a penalty.”
