Why data handling matters – protect your participants and your research

Data handling is at the heart of ethical research. How you manage and protect participants’ personal information not only ensures compliance with privacy regulations but also builds trust and credibility with your participants. Proper data handling safeguards sensitive information, maintains confidentiality, and helps prevent breaches that could harm both your research and your organization’s reputation.

Handling Personally Identifiable Information (PII)

PII refers to any data that can identify an individual, such as their name, email address, or phone number. As per GDPR, this includes not only basic personal details but also online identifiers, location data, and more.

To protect participants’ PII:

• Anonymize data when possible.
• Limit data access to authorized personnel.
• Ensure secure data storage, using encrypted systems or platforms 

Always provide participants with full transparency on how their data will be used, stored, and protected. You can include this information when you gather informed consent. 

Anonymization vs. confidentiality

These two concepts are often confused but serve different purposes:

• Confidentiality: Personal information is collected but kept private.
• Anonymity: Participants’ identities are fully detached from the data provided.

Maintaining confidentiality or ensuring anonymity should be a key component of your research protocol, especially when dealing with sensitive topics or vulnerable populations.

Creating a data management plan

Before you start collecting data, it’s essential to establish a clear data management process. Documentation of your process should cover:

• Consent forms and any unique consent language
• Guidelines for storing and sharing participant data
• What data to delete when a study is complete
• A plan for responding to data breaches

Your data collection plan should prioritize preserving participants’ confidentiality. Important aspects to share with participants regarding the collection of their data include:

• What type of data you will collect and any variations
• How the data will be used
• Who the data will be shared with
• Who will have access to the data   

Trying to figure out what data to collect? Ask:

• Is this data, especially if it’s PII, necessary? 
• Will the absence of this data impact my results? 

How long should you keep data? 

Your team needs to determine the appropriate length of data retention based on several factors. A good rule of thumb is to keep the data long enough to set up, conduct, and report your research.

What should I use to store data safely and securely? 

“It’s important to find a tool that minimizes how often we are moving data between systems and locations,” said Wyatt Hayman, Research Ops Manager at Faire. GDPR mandates responsibility for data collection and handling, both internally and for third-party tools, categorized as “controllers” and “processors.”

Controllers determine the use of data and are responsible for properly storing, retaining, and deleting the data. As a controller, you are accountable for upholding your customers’ data rights.

Processors process data on behalf of controllers. They ensure data security and privacy through technical and organizational measures and aid controllers in complying with GDPR requirements.

Both roles are critical in protecting participant data. You must choose your processors carefully. For example, Wyatt and his team at Faire, acting as data controllers, use Rally’s Research Operations Platform for participant management and recruitment, which serves as the data processor. Rally ensures features like encrypted data, SSO, privacy guarantees, access control, failover processes, data deletion, and more. 

Ethical research is an ongoing commitment 

Ethical research doesn’t stop with compliance — it’s an ongoing process of respecting participants’ privacy, handling data securely, and keeping your team informed and trained. By developing strong governance and data management strategies, you ensure your research remains trustworthy and legally compliant.

Want to enhance your approach to ethical research and data security? Download our free 2024 ReOps Playbook for in-depth strategies on privacy, compliance, and building trust through responsible research practices.