Research Data Management Toolkit

What is sensitive data?

Broadly, sensitive data is information that could potentially impact on the rights of others. The Australian National Data Service includes the following definition of sensitive data in their guide:

Sensitive data identifies individuals, species, objects or locations, and carries a risk of causing discrimination, harm or unwanted attention.

Sensitive data is often about people (i.e., personal information) but ecological data can also be sensitive if it reveals (for example) the location of rare or rare or endangered species. Under law and the research ethics governance of most institutions, sensitive data cannot typically be shared in this form. The Legal and Ethical Framework section of this Toolkit outlines the applicable legislation and guidelines here.

Personal information is sensitive if it directly identifies a person and includes one or more pieces of information from Table 1 (Part I, Division I, Section 6) of the Privacy Act 1988. This information includes: 

How to Share Sensitive Data

While sensitive data cannot be published in its original form (in almost all cases), it can often be shared using a combination of:

1. informed consent 
2. data de-identification
3. controlled access
    

(Image courtesy of Stuart Miles at FreeDigitalPhotos.net.)

Note the subtle difference between data sharing and publishing. It may be preferable to share de-identified data via mediated access without publishing it online. Look at the options for controlling access available in Research Data JCU for more information. 

Consent is required from human participants before data can be collected or published. Obtaining informed consent to facilitate data sharing and publication involves:

• including information about maintaining confidentiality, data publication and sharing in an information sheet so participants can make an informed decision before consenting to participate (n.b. your information sheet should be approved by by JCU's Human Research Ethics Committee (as part of the ethical clearance process) 
• stating the possibility of future data publication and sharing, conditions for access and de-identification processes in consent forms (also to be vetted and approved by the HREC)

The Australian National Data Service provides some example sentences in their guide (pp. 14-15) - the examples listed below are appropriate in different contexts (e.g. when publishing or when sharing data via mediated access):

I agree that research data gathered for the study may be published provided my name and other identifying information is not used

other genuine researchers [may] have access to this data only if they agree to preserve the confidentiality of the information as requested in this form

If explicit consent for sharing is not obtained at the time of the study, it may be possible to seek a waiver from reviewers or to go back to participants for additional consent.

The National Statement on Ethical Conduct in Human Research (p. 36) raises the ethical issue of obtaining consent for secondary use of data or information. It is (for example) usually impractical to obtain consent for secondary use of data routinely collected during delivery of a service and respect for participants needs to be demonstrated in other ways.

Sharing existing data without explicit consent is a possibility if all of the following conditions are met: i.e. 

• it is no longer possible or practical to gain consent and
• data has been de-identified and
• process of de-identification matches the definition in the Privacy Act and 
• there is no risk that publishing or sharing the data will cause harm or discrimination and
• information sheets and consent forms from the original data collection didn't preclude sharing.

JCU researchers and HDR candidates should always consult their College / Centre Human Ethics advisor, and the JCU Connect Ethics and Research Integrity team for specific advice.

Data that has been de-identified no longer triggers the Privacy Act.

Here's an example of sensitive data that has been published as open data. The risk of re-identification via triangulation has been considered and managed and the de-identified dataset can be downloaded from Research Data Australia. 

The PALS (Pregnancy and Lifestyle Study) contains highly sensitive data. Several techniques have been used to de-identify the dataset e.g. identifiers and dates of birth have been removed, ages have been aggregated into bands - and postcodes have been excluded. It would be possible to re-identify (triangulate) participants by combining (for example) a rural postcode with a rare occupation. 

Think about de-identifying your data early as it can be time consuming and difficult later. Consult the relevant ANDS guides and seek discipline-specific advice as required.

It's very important for data owners and managers to be aware that data that is not obviously sensitive (no names or dates of birth for example) or that has been de-identified, can become sensitive through triangulation or data linkage.

Triangulation in this context is the process of combining several pieces of non-sensitive information (in the same dataset) to determine the identity or sensitivity of a participant or subject.

Data linkage combines one or more datasets that include the same participant or subject, an activity that carries the risk of re-identification and may place subjects at risk. Data linkage is highly useful (it increases understanding without having to collect new data and derives greater value from existing datasets) and is increasingly common in epidemiology, medical, social and ecological sciences.

Researchers should treat the new, linked dataset as an identifiable dataset and assess the risks involved.

High risk data integration projects involving information from Australian, state or territory governments will need to be managed by an accredited integrating authority such as the Australian Institute of Health and Welfare (AIHW), Australian Institute of Family Studies (AIFS) or the Australian Bureau of Statistics (ABS) to ensure security. Once data is linked researchers will access it through a secure data lab in Canberra, a mobile data lab, a remote access computing environment or other secure arrangement and output and use of data will be monitored. The AIHW has useful information on data linkage on their website, including an overview of a typical data integration project.

This section of Toolkit draws heavily on the ANDS guide:

Australian National Data Service. (2017). Publishing and sharing sensitive data. Retrieved from: http://www.ands.org.au/__data/assets/pdf_file/0010/489187/Sensitive-Data-Guide-2018.pdf

ANDS has an extensive range of resources that relate to sensitive data - click on the links below to access guides, videos, posters and other materials on each of these topics:

• Safely sharing sensitive data - sensitive data can be published: advice and examples
• Ethics and data sharing - ethical considerations when sharing human data
• De-identifying your data - processes for removing identifying information from datasets to protect privacy
• 10 medical and health research data Things - a flexible learning resource for people working with medical, clinical or health data
• Medical and health data - ANDS hub for medical and health data issues and advice
• Indigenous data - data that pertains to Indigenous peoples is a complex legal and ethical terrain

NB. On 1 July 2018, ANDS, Nectar and RDS combined to form the Australian Research Data Commons (ARDC)