• Make data from psychological research as widely available as possible
  • Increase reuse potential
  • Reduce bias
  • Make published analyses as transparent as possible
• Avoid harming research participants

• Ethical challenges in sharing data
• Sharing de-identified data
• Sharing identifiable data

• Beneficence
  • Data sharing increases value (good)
  • Data sharing may pose risk of loss of privacy & confidentiality (bad)
• Autonomy
  • Data sharing may pose risk of unintended use of data
  • Participants should participate in decisionmaking

• Justice
  • Benefits (and costs) of research participation should be equitable

• Tension b/w protecting participants & advancing discovery
• Tension b/w requirements/expectations/desires to share and practical, regulatory/legal, ethical constraints

• Personally identifying or sensitive data?
• What risks does data sharing pose?
• How should data be protected?

• Public
• Community of authorized individuals (researchers)
• Individuals selected by data owner or repository

• What data collected, what will be shared
• Who will have access
• Where stored, how accessed
• Purposes of use, types of questions

• Students (FERPA)
• Health (HIPAA)
• From Federal agencies (Title 13, Title 26)
• Proprietary data

• PII definitions vary by use case, context
• Likelihood of identification depends on uniqueness in target and reference populations
• Health Insurance Portability and Accountability Act (HIPAA) identifiers

• Name
• Address (all geographic subdivisions smaller than state, including street address, city, county, and zip code)
• All elements (except years) of dates related to an individual (including birthdate, admission date, discharge date, date of death, and exact age if over 89)

• Telephone
• Fax numbers
• Email address
• Social Security Number

• Medical record number
• Health plan beneficiary number
• Account number
• Certificate or license number
• Any vehicle or other device serial number
• Web URL
• Internet Protocol (IP) Address

• Finger or voice print
• Photographic image - not limited to images of the face
• Any other characteristic that could uniquely identify the individual

• Structural MRI
  • Emerging standard: deface
• Genetic profiles

• Health-related information
  • Medical history
  • Medical risk factors including genetic data

• Information about other potentially stigmatizing characteristics (situation-dependent)
  • Religious/philosophical convictions
  • Sexual identity and preferences
  • Political affiliation, trade union membership
  • Ethnicity, nationality, citizenship status

• How useful are data?
• How sensitive are data?
• How likely is it that reidentification could be achieved, and by whom?

• Reidentification by participants themselves
  • Can be harmful e.g. if dataset contains uncommunicated health risk information
• Reidentification by insider
• Reidentification by targeted search (nemesis scenario)
• Reidentification by mass matching (dystopian AI scenario)

• Aggregate or censor sensitive variables
• Aggregate or censor secondary identifying variables
• Perturb or add noise to variables
• Review data for disclosure risk

• Stepped or restricted access
  • Data enclaves (e.g., Census data)
  • Virtual data enclaves

• ICPSR
• Open Brain consent
• Draft language from Penn State IRB
• Databrary sharing release template

• Ethics board review not required for research that relies exclusively on secondary use of anonymous information
• "Secondary data refers to data that was collected by someone other than the user. Common sources of secondary data for social science include censuses, information collected by government departments, organisational records and data that was originally collected for other research purposes."

• Researchers must obtain consent for secondary use of identifiable data unless
  • identifiable information is essential to the research
  • use of identifiable information without consent is unlikely to adversely affect participants
  • researchers take appropriate measures to protect privacy of individuals and safeguard identifiable information

• Researchers must obtain consent for secondary use of identifiable data unless
  • researchers comply with any known preferences previously expressed by individuals about any use of their information
  • it is impossible or impracticable to seek consent
  • researchers have obtained any other necessary permission for secondary use of information for research purposes.

• Databrary.org
• Open Humans

• Specializes in storing, sharing video
• Video captures behavior more fully than other methods, but is identifiable
• Policy framework for sharing identifiable data
  • Permission to share -> builds on informed consent
  • Restricted access for (institutionally) authorized researchers

• Research consent ≠ permission to share
  • Seek permission to share after data collection.
• "Cloud" storage vs. institutionally housed
• Comfort with data sharing varies among IRBs
• Laws differ among countries

• Identity theft
• Embarrassment
• Discrimination
• Data may later become sensitive
• Can withdraw, but can't "unshare"

Open Humans: Public Data Sharing Consent

• Demographic data
• Genetic data
• Location data

Open Humans: Public Data Sharing Consent

• Public data as a public resource
• Serves diverse individuals not part of standard research groups
• Participants can advance their own understanding

Open Humans: Public Data Sharing Consent

• Get IRB/ethics board approval
• Get participant approval (even if planning to anonymize)

• Where data will be stored
  • e.g. in "cloud" servers (e.g., SurveyMonkey, Qualtrics, Databrary, OpenNeuro, OSF, etc.)
  • Be explicit, but not specific

• Who will have access
  • Public/anyone
  • Researchers
• And for how long
  • indefinitely
  • stopping sharing possible, unsharing not-so

• Why:
  • Give motivation for recording sensitive variables (beneficence)
• Consult data repository experts (e.g., ICPSR, Dataverse, Databrary)

• Avoid making promises you cannot keep:
  • "no one except the researchers in the project will ever see the data"
• Avoid data destruction clauses:
  • "Your data will be stored for X years then destroyed."
  • NOT REQUIRED by U.S. or Canadian law

• Avoid describing overly specific use cases for data:
  • "Your data will be used to study the relationship between X and Y."

• Consider approved, authorized, trusted data repositories for sensitive data
• Share as much individual-level, item-specific data as practicable
  • Finest grain data == highest value for reuse, new discovery

• "Big Data’s End Run around Anonymity and Consent" Barocas & Nissenbaum 2014

• Self-reported vs. medical records
• Sponsor requirements (or constraints) vs. open sharing
• Do IRBs overstep regulatory boundaries when considering risks and benefits outside an approved study (Burnam, 2014)?
• Policies for restricting access but promoting openness
• Who owns data?

• From Dataverse @ Harvard
• Checklist/workflow for 'tagging' data based on risk

This talk was produced on 2017-07-30 in RStudio 1.0.143 using R Markdown. The code and materials used to generate the slides may be found at https://github.com/gilmore-lab/sips-2017-07-30/. An OSF wiki is here. Information about the R Session that produced the code is as follows:

## R version 3.4.0 (2017-04-21)
## Platform: x86_64-apple-darwin15.6.0 (64-bit)
## Running under: macOS Sierra 10.12.5
## 
## Matrix products: default
## BLAS: /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libBLAS.dylib
## LAPACK: /Library/Frameworks/R.framework/Versions/3.4/Resources/lib/libRlapack.dylib
## 
## locale:
## [1] en_US.UTF-8/en_US.UTF-8/en_US.UTF-8/C/en_US.UTF-8/en_US.UTF-8
## 
## attached base packages:
## [1] stats     graphics  grDevices utils     datasets  methods   base     
## 
## loaded via a namespace (and not attached):
##  [1] compiler_3.4.0  backports_1.0.5 magrittr_1.5    rprojroot_1.2  
##  [5] htmltools_0.3.6 tools_3.4.0     yaml_2.1.14     Rcpp_0.12.10   
##  [9] stringi_1.1.5   rmarkdown_1.5   knitr_1.16.4    caTools_1.17.1 
## [13] stringr_1.2.0   digest_0.6.12   bitops_1.0-6    evaluate_0.10