Operational Principles for Protecting Participant Privacy When Sharing Scientific Data
- Proactive Assessment of Protections: Researchers and institutions should proactively assess the protections needed for sharing scientific data from participants, including determining whether sharing should be restricted through controlled access.
- Clear communication of data sharing and use in consent forms: Researchers and institutions should develop robust consent processes that prioritize clarity regarding future sharing and use of scientific data, including limitations on future use, and general aspects regarding how data will be managed.
- Consideration of justifiable limitations to sharing data: The DMS Policy outlines factors that might limit sharing; researchers should outline these justifications in the Data Management and Sharing Plans.
- Institutional review of the conditions for data sharing: Institutions should review the conditions for sharing data, including that proposed limitations on the future use of data are appropriate and that risks have been considered, and communicate this information to repositories and/or users.
- Protections for all data used in research: Scientific data used in research warrant privacy considerations regardless of whether the data are collected from non-research settings or settings that may be subject to different privacy standards than traditionally applied to research data, such as from social media and public health surveillance.
- Remaining vigilant regarding data misuse: Researchers and institutions should remain vigilant regarding potential misuse and work in concert with NIH to prevent unauthorized use of scientific data from NIH-supported repositories.
Best Practices for Protecting Participant Privacy When Sharing Scientific Data
- Apply Appropriate De-identification: NIH recommends scientific data be de-identified to the greatest extent that maintains sufficient scientific utility.
- Establish Scientific Data Sharing and Use Agreements: NIH recommends the use of scientific data sharing and/or use agreements, preferably standardized, when sharing data through repositories as proposed in Data Management and Sharing Plans.
- Understand and Communicate Legal Protections Against Disclosure and Misuse: Researchers and their institutions should understand the applicability of relevant laws, regulations, and policies on their research.