Research Ethics Boards and

Data Management Plans

Conflict and Coexistence

Susan Babcock, Research Ethics Office, University of Alberta

Charles (Chuck) Humphrey, University of Alberta Libraries

CASRAI Reconnect 2014

DMPs and REBs: Conflict and

Coexistence

● Conventional wisdom is the REB won’t let

researchers keep their data.

● We contend that DMPs will strengthen ethics

review of human participant research.

Outline

1. The context for our presentationa. The challenges presented by evolving technologies

b. Changes in the research landscape

2. Data management and research ethics: existing

and emerging policies

3. Protecting data, protecting participants.

● Technology is driving compliance,

legislation, and how to do research

● Multilateral models of research engagement

● Knowledge translation, KPIs, targeted

research, and ROI

Research ecosystem changes

New data

● Changes in technology are resulting in new ways

of producing data and in new uses of previously

collected data that move faster than our ability to

address ethical issues.○ Citizen science; crowd-sourcing

○ Changing expectations around privacy

○ Ubiquity of data online (arguably in the public)

● Data identifiability is NOT static

Whose data

● Does ownership matter, whose data is it?o OCAP principles: applying self-determination

concepts to research data and ethics

● The complexity of new technologies prevent us

from articulating what they will mean in the

future, e.g., understanding what your DNA data

may mean in some future useo Biomedical commercialization

Research design

● Project research is being squeezed by program

research where data exist over longer periods

of time and for uses that may not have been

anticipated when initially collected.

● Complex research partnerships - working

across sectors, institutions, and national

boundaries - means complex regulatory

frameworks.

What we won’t address today

● Ownership of data. Ownership should be

formally addressed by the governance structure

related to the data.

● Operational approvals. Ethics approval is

necessary but not sufficient - institutions

providing data must also agree to participate

Purpose of ethics review

Intended to maximize the protection of human

participants by● identifying harms and how they will be mitigated

● ensuring the research use of the participants’

data/information is understood (recruitment &

consent)

Risk and data are different study to study, thus the

ethics and data solutions will vary study to study.

Ethics requirements

● Respect for privacy includes the right to control

information about oneself.o management of participant information/samples

● Duty of confidentiality includes protecting

participant data from unauthorized use or

access.

● Data security includes physical, administrative

and technical safeguards.

Risks to privacy

Privacy risks arise at all stages of the research

lifecycle, including initial collection of information,

use and analysis to address research questions,

dissemination of findings, storage and retention of

information, and disposal of records or devices on

which information is stored. Ch 5, TCPS2

Purpose of a DMP

Maximize the protection of research data for its

sharing, its uses for verifying academic integrity,

and its new uses in future research.● identify how a researcher will facilitate data

access and preservation

● ensure that practices do not conflict with

research ethics or other requirements

Policy environment

Human participant ethics review is governed by

widely accepted national requirements which

generally apply to funded and unfunded research

conducted in the public sector.● TCPS2, Health Canada

Standards are voluntary for a lot of private sector

research.

Legislation

Access to and use of identifiable information may

be governed by ● institutional policy, eg, university student records

management

● federal & provincial legislation, eg, Freedom of

Information, Health Information Act

● professional codes and community practices

Emerging policies & practices

● DMP policies are emerging to promote a variety

of research objectives including data sharing,

interoperability, ROI, KPIs, and data

stewardship.o Legacy aspects

o Conduct aspects

Data hierarchy

To help focus concerns around privacy,

confidentiality and security, the University of

Toronto’s Research Ethics Office has developed a

four-tier model linked to the disclosure risks

associated with types of human participant

research data.

Anonymous

De-identified with low risk of re-

identification

De-identified with high risk

of re-identification

Identifiable

University of Toronto Data Risk Chart

Three policy frameworks

Building on the data risk model, we look at policy

framework requirements according to the type of

data involved.

1. TCPS2

2. Provincial/federal legislation

3. Data management plans

Balancing harms and protections

o REBs are not asking researchers to provide all of

the answers but are asking for likely scenarios and

how to respond.

o Ethics approval does not mean a study is risk free

but that the risks are understood and disclosed

o Individuals participate in research through consent

processes.

o Participants must provide free & informed consent.

EXEMPTIONS

TCPS2 - Public information

● REB review not required for research relying

exclusively on ○ information that is legally accessible & protected by

law (identifiable or not)

○ information that is publicly accessible & there is no

expectation of privacy (identifiable or not)

Eg, Stats Can public use files, court records,

archival records, media, publications

TCPS2 - Observational research

REB review is not required for research

involving observations of people in public places

provided there iso no intervention by or interaction with researcher

o people observed have no expectation of privacy

o people observed cannot be identified through

dissemination of research results

TCPS2 - Secondary Use of anonymous material

REB review is not required for research that relies

exclusively on secondary use of anonymous

information or anonymous biological materials

PROVIDED data linkage/research dissemination

does not generate identifiable information

ANONYMOUS ≠ ANONYMIZED

ANONYMOUS MATERIAL

Anonymous Research Material (1)

TCPS2 - Anonymous information has never had

identifiers associated with it + risk of identifying

participants is very low● often minimal risk research, consent process may be

simpler (implied or oral), large cohort studies, non-

interventional, no follow-up

Anonymous Research Material (2)

● Very few risks associated with data

sharing/data breach.

● Recruitment/Information process would have to

disclose data management plans.

● FOIP and health information legislation OFTEN

not applicable.

ANONYMIZED MATERIAL

Anonymized Research Material (1)

● Includes de-identified and coded data

● Researcher needs to assess likelihood

participants can be identified and harms arising

from re-identification

● Legitimate access vs wrongful access

● Consider research with sex workers,

vulnerable/distinct communities, critical inquiry

Anonymized Research Material (2)

● Recruitment/consent must discuss data sharing

● Right to withdraw from study and right to

withdraw one’s data

● Reaffirm data sharing, consent to recontact

● DMPs have to include more sophisticated

security arrangements

● Data sharing agreements, licensing

Identifiable Research Material

● Identifiable information may be disclosed with

no expectation of confidentiality (that it will be

kept secret)

● Participants sometimes want to be identified

● Researcher must consider both participant and

data custodians (for institutional data)

“But, it’s operational data…..”

If you plan to conduct research involving

secondary use of identifiable information

originally collected for non-research purposes

(eg, health records) the absence of consent

process and ethics review for original data

collection must be offset in REB review of the now

proposed research use.

Anonymous Anonymized

AnonymizedIdentifiable

Confidential

University of Alberta Risk Matrix

- HARM +

+D

ISC

LO

SU

RE

-

NO

YES

NO YES

RESEARCH ETHICS

PR

IVA

CY

PR

OT

EC

TIO

N

Issues between REBs and DMPs

Current mis-understandings:● REBs will not allow long-term data retention

o The perspective of researchers is that they must

destroy their data

● Researchers are not allowed to consult with an REB o Call before you dig!

● REB requests for further information are perceived

as attacks on an ethics proposal o PI may need to educate REB

DMPs supporting ethics applications

● Consider the consequences of ethical issues

across the full research lifecycle at the

beginning of a project o Don’t get trapped by reaching a stage late in the

lifecycle before addressing an ethics issue

● Treat as a process o Vested interest in thinking in terms of the full

research lifecycle

DMPs supporting ethics applications

● Consider instruments or methods that can be

used to help mitigate ethical concernso Consent

Unrestricted approval

Staged/step-wise approval● Further Ethics approval for secondary use

● Use of data licences

● Use of secure data facilities

Terms of deposit with a repository● Data deposit agreements

DMPs supporting ethics applications

● Consider instruments or methods that can be

used to help mitigate ethical concerns (cont.)o Data modification

de-identification algorithms

synthetic data

o Potential linkage with other data

banned

terms and conditions of linkage

DMPs supporting ethics applications

● Consider instruments or methods that can be

used to help mitigate ethical concerns (cont.)

o Access control

Data licence

Ethics approval

Data enclave

o Terms for preservation

Conditions from consent

Cascading consent responsibilities

Support from institutions

● Establish an integrated institutional response o “It takes a village” : meaningful discussions

between researchers and data custodians Libraries, IST, Field Research, Graduate Studies,

Research Service Office, Research Ethics Office

● Diversify the composition of REBso The inclusion of a librarian, e.g.

● Provincial human and health services data

Research ethics - data matrix

Anonymous data Anonymized/coded

data

In/Directly

identifiable data

TCPS 2 Often lowest risk of

harm, minimal risk

research, implied

consent

Participant consent

Consider linkage

Tiered consent

Recontact

Health /

FOIP

laws

Often not applicable For health and “institutional” research,

data agreement & operational approval of

research & DMP. Not all identifiable data is

governed by legislation

DMPs Simplest, provided long

term, other research

use is disclosed

Plan to recontact, plan on future REB review