Sensitive data
Learn about the requirements for data sharing in sensitive data projects.
Sensitive data projects refer to projects which involve personal data, confidential data, certain kinds of biodata, or sensitive metadata. Sensitivity not only concerns data about the participants but also about the scientists. Working on sensitive data projects means considering additional requirements when it comes to data sharing. Neuroimaging projects such as MRI studies often fall into the high sensitivity category as it is possible (with a lot of effort) to reconstruct personal information about participants based on the MRI scans even if the face was removed from the image. However, it is not impossible to work reproducibly within sensitive data projects. Here are some recommendations for keeping sensitive data safe but still work reproducibly:
Informed consent
This one might seem obvious: of course, participants need to consent to their participation! However, there are different templates for consent forms which differ in their scope regarding data management and sharing. The Open Brain Consent offers a comprehensive consent form which was created based on multiple existing consent forms and research ethics expert’s consultations. They further offer a template which specifically includes the General Data Protection Regulation (GDPR), which is the one to go with for studies in Germany. By referring to a Data User Agreement in the consent form, you ensure that the participants also know and feel safe about how their data will be handled after you’ve shared it with other researchers.
Data Privacy Strategies
- Another obvious one: use pseudonyms instead of direct identifiers.
- This is a tricky one: as long as it is possible to reconstruct personal data from the dataset, the data technically isn’t anonymous. This means: If you plan on publicly sharing e.g., a data matrix purely containing fMRI activation patterns, this data isn’t anonymous as with a lot of criminal effort personal data can be inferred.
- → for this kind of data sharing under access permission together with a Data User Agreement is the way to go.
- Make sure to store the data in a safe place. This doesn’t necessarily mean your hard drive locked into a safe. Make use of the university infrastructure to store your data on safe servers.
Sharing sensitive data
If you can’t share your data openly, make sure to still
- make use of preregistration
- share the metadata that describes your dataset to allow others to find and cite your data
- provide a Data User Agreement for researchers who request access to your data.
Our University GitLab offers a great environment for storing and sharing your data in a safe way. Data uploaded to the uni GitLab is stored on a secure server in Marburg which can only be accessed if you have the proper authentication. You can handle access rights yourself and individually. By a Data User Agreement, you can specify if someone is allowed to upload the data to other servers or should only work in the environment the data originally was provided in. For this, the [TAM Data Hub], which is currently in development, offers solutions as well.
If you want to find out more about how to handle data management and sharing in sensitive data projects, check out these resources.