-
Notifications
You must be signed in to change notification settings - Fork 0
/
06_deidentification.qmd
173 lines (115 loc) · 29.6 KB
/
06_deidentification.qmd
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
---
title: "Data De-identification"
---
Disclosing sensitive information without proper safeguards can lead to significant harm and jeopardize not only the well-being of participants but also the integrity and trustworthiness of the research process.
The richness of the data obtained through interviews presents additional ethical and analytical challenges, particularly regarding the need for more nuanced and intricate analysis, concerning the protection of participant' identity, and the mitigation of the risk of re-identification.
Qualitative data can be more difficult to de-identify compared to quantitative data due to its typically unstructured nature. Another challenge is that qualitative data includes unique personal narratives and contextual details that can inadvertently reveal identities, requiring careful and nuanced de-identification strategies to protect participants' privacy effectively. The process of de-identification or anonymization can also alter or diminish data value, especially when the significance lies in capturing personal experiences or narratives. Researchers should consider using de-identification alongside other methods, such as limiting access to the data or obtaining explicit consent from participants to share some or all of their personal information. Because extensive de-identification might sometimes obscure important details needed for deep analysis, striking a balance between removing identifiers and preserving the essential context of the qualitative data is key.
In a nutshell, data de-identification entails the process of removing direct and indirect identifiers from a dataset, while maintaining enough information to preserve its value and usability to future research. In this episode, we cover common strategies for de-identifying interview data and recommendations for handling sensitive information.
::: {.callout-note collapse="true" icon="false"}
## 🤔 Should all data derived from human subjects always be de-identified?
Not all qualitative data collected from human participants requires de-identification. First, it depends on the agreement made with the research subject and the nature of the study. Also, oral history research and "on the record," interviews resulting notes or transcripts can be shared with the respondent's name, especially for well-known figures who are used to journalistic interviews. However, be aware of local practices: in some regions, interviewees may have the right to review the written record before it is shared or published. Data that is already part of the public record, such as public statements by politicians, does not need to be de-identified.
:::
## Direct vs Indirect Identifiers
A person's identity can be disclosed from direct identifiers, unique to an individual or indirect identifiers which, when linked with other available information, could identify someone.
Direct identifiers are pieces of information that can immediately identify an individual on their own, such as a social security number, full name, email address, home address, or phone number. In contrast, indirect identifiers are data points that do not uniquely identify someone by themselves but can do so when combined with other information. Examples of indirect identifiers include job title, gender, and ethnicity. The risk associated with indirect identifiers can vary depending on the context and the availability of additional data. Therefore, it is crucial to understand which data points are relevant within the context of the study and to consider both direct and indirect identifiers to effectively protect privacy and minimize the risk of identification.
<iframe width="50%" height="800" src="https://rcd.ucsb.edu/sites/default/files/2023-03/dls_n3_dataprivacy_navy_0.pdf">
</iframe>
Source: UCSB Library Data Literacy Series ([perma.cc/LM2L-K8DN](https://perma.cc/YEN7-XBDY){target='_blank'}).
Initially, researchers might change names and disguise locations, but effectively managing identifying details in qualitative data requires a nuanced approach. Anonymity and privacy exist on a spectrum, so researchers must balance the risk of identification with the needs of their research.
When data isn’t fully anonymized, including cases of potential indirect identification, obtaining explicit consent is essential before public release. This consent should be secured either at the time of data collection or prior to publication.
One significant challenge arises with indirect identification, particularly in small groups where participants know each other. This issue can be exacerbated by existing power dynamics, such as those between a team and its leader. Therefore, researchers must transparently communicate the risks of identity disclosure to participants and respect their wishes.
To mitigate these risks, techniques such as using multiple pseudonyms, rephrasing quotes, and breaking known links can be effective. These methods help protect participant identities while allowing for restricted sharing of the dataset.
However, there may be situations where these strategies are not feasible. In such cases, researchers need to carefully consider how to obtain consent for disclosing an individual’s identity without inadvertently revealing the identities of others. Ultimately, the outcomes of these processes should be documented in the data management plan and ethics application, ensuring that all considerations are addressed.
::: {.callout-note collapse="true" icon="false"}
## 💭 Discussion: What could be potential direct and indirect identifiers in the context of Sarah's research?
Answer: Besides names, social media usernames or handles are considered direct identifiers, while patterns in use of custom tags and symbols, locations, bios and profile descriptions and catchphrases combined might re-identify users, especially in niche activities.
Consider the infamous [Baby Reindeer Netflix series lawsuit](https://www.forbes.com/sites/danafeldman/2024/07/17/how-to-write-a-hollywood-script-and-avoid-the-baby-reindeer-legal-trap), in which a simple keyword search on Twitter swiftly uncovered the identity of the real person behind the pseudonym used in the series.
:::
## Data De-identification Essentials
The existing literature provides limited guidance on de-identifying qualitative data, with most researchers relying on *ad hoc* strategies. Perhaps the most robust and up-to-date methodological framework for handling sensitive narrative data is found in Campbell and co-authors (2023) multiphased process inspired by common qualitative coding techniques.
In the first phase, the process involves consultations with a range of stakeholders and subject-matter experts to identify risks related to re-identifiability and concerns about data sharing. The second phase outlines an iterative approach to identifying potentially identifiable information and developing tailored remediation strategies through group review and consensus. The final phase includes multiple methods for evaluating the effectiveness of the de-identification efforts, ensuring that the remediated transcripts adequately protect participants' privacy. If your project involves working with vulnerable or protected groups, or handling sensitive data, we strongly recommend reviewing and applying this framework to your research.
{width="809"}
These three phases can be broken into tasks, actions and examples:
+----------------------------------------------------------------+-------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+
| Phase goal | Tasks | Actions | Examples |
+:===============================================================+===========================================================================================+=========================================================================================================+==================================================================================================================================================+
| Phase 1: | Create a coding framework | Consult with stakeholders and look for strategies followed by similar projects | Regulatory guidance (HIPPAA, IRB, relevant professional and research associations) |
| | | | |
| Develop a process to distinguish potentially identifiable data | | | |
+----------------------------------------------------------------+-------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+
| | | | Subject-matter experts familiar with the population studied |
+----------------------------------------------------------------+-------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+
| | | | Publicly available records that may contain same/similar information as the research-interview transcripts |
+----------------------------------------------------------------+-------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+
| | | Draft a codebook | Scan for named entities (e.g., names, places, dates) |
+----------------------------------------------------------------+-------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+
| | | | List potential identifiable topics |
+----------------------------------------------------------------+-------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+
| | | | Guidance for evaluating ambiguous information others or public records might have and that combined could jeopardize privacy and confidentiality |
+----------------------------------------------------------------+-------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+
| Phase 2: | Establish a coding team\* | Hire and train coders | Include coders with varying levels of familiarity with the data |
| | | | |
| Remediate potentially identifiable data | | | |
+----------------------------------------------------------------+-------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+
| | Review transcripts and propose re mediation plans | Highlight each data point and create an audit trail containing proposed edits | Draft blurred text |
+----------------------------------------------------------------+-------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+
| | | | Bracket redacted text |
+----------------------------------------------------------------+-------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+
| | | | Review proposed remediation plans and discuss as a team |
+----------------------------------------------------------------+-------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+
| | Implement remediation plans | Edit and redact text | Insert blurred text, remove redacted text, and insert summaries in the event of important long redactions |
+----------------------------------------------------------------+-------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+
| | Provide support to coding team if there will be repeated exposure to traumatic con tent\* | Check in with team members regarding their experiences of vicarious trauma | Provide information and support regarding the emotional impact of repeated exposure to traumatic content and offer supportive resources |
+----------------------------------------------------------------+-------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+
| Phase 3: | Select validity standards | Assess credibility (i.e., confidence in the accuracy of the findings) | Use of prolonged engagement, persistent engagement, and member checks to assess accuracy of the findings |
| | | | |
| Assess the validity of the de-identification analyses | | | |
+----------------------------------------------------------------+-------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+
| | | Assess dependability (i.e., the findings are consistent and could be repeated) | Use of codebooks, memos, and audit trails to document analyses |
+----------------------------------------------------------------+-------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+
| | | Assess transferability (i.e., the findings have applicability in other con texts) | Provide audiences with sufficient detail about the project so they can assess whether conclusions are transferable to other settings |
+----------------------------------------------------------------+-------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+
| | | Assess confirmability (i.e., the findings reflect the participants’ views, not the researchers’ biases) | Consider how re searchers’ positionalities affected the processes and findings and when necessary, recenter the participants’ views |
+----------------------------------------------------------------+-------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+
\*Not applicable to small-scale studies. Source: Adapted from: Campbell et al. (2023).
Now, let's focus on some practical ways to remediate potentially identifiable data in interview transcripts. General recommendations include:
1. Establish uniform de-identification rules at the start of your project and apply them consistently throughout, especially when working with a team.
2. Thoroughly review data to pinpoint any details that could lead to individual identification.
3. Assign an unique identifier to each participant to replace their name.
4. Replace real names (people, companies) with pseudonyms.
5. Generalize location details and dates (e.g., North Carolina → \[Southeast\], 1977 → \[1975-1980\])
6. Generalize meaning of detailed variables (e.g., specific professional position → occupation or area of expertise)
7. Remove or redact sensitive text or entire sections as needed.
8. Avoid blanking out or replacing items without any indication. The use of brackets indicates that something has been changed, modified, or deleted from its original form.
9. Maintain a master log of all replacements, aggregations, or removals made and keep it in a secure location separate from the de-identified data files.
In a single excerpt, you can integrate multiple de-identification techniques. The example below illustrates how an excerpt has been de-identified, with the modifications clearly indicated, while still retaining essential information for future analysis.
{width="350"}
::: {.callout-note appearance="simple" collapse="true" icon="false"}
## 🏋️♀️ Exercise: Handling Identifiable Information
::: {.callout-note collapse="true" appearance="simple" icon="false"}
## How many potential identifiers can you spot? How would you mitigate re-identification risk?
**Identifiable Excerpt:** *I collaborated with EcoFashion Co., a company based in North Carolina, to launch a sustainable clothing line bearing my name, Chole Adams. Given that this line was closely associated with my personal brand, I insisted on strict terms for fair compensation and transparency in sourcing. Unfortunately, the CEO at the time, Mitchel, did not adhere to these commitments. It was later exposed in a Netflix documentary named Harmful Fashion, that some of the items were produced in Cambodia under very unfair labor practices, a fact Mitchel had failed to disclose to me*.
::: {.callout-note collapse="true" appearance="simple" icon="false"}
## Answer
There are seven potential identifiers that if combined with public information could potentially give away the interviewee's identity.
**De-identified Excerpt:** *I collaborated with \[Company A\] based in \[the Southeastern U.S.\] to launch a sustainable clothing line bearing my name \[name redacted\]. Given that this line was closely associated with my personal brand, I insisted on strict terms for fair compensation and transparency in sourcing. Unfortunately, the CEO at the time, \[name redacted\], did not adhere to these commitments. It was later exposed in a \[Streaming Service name redacted\] documentary named \[Documentary Title redacted\], that some items were produced in \[Southeast Asia\] under very unfair labor practices, which the CEO had failed to disclose to me.*
:::
:::
:::
This handout provides a compilation with some helpful tips:
<iframe width="50%" height="800" src="https://rcd.ucsb.edu/sites/default/files/2024-05/DLS-202405-Sensitive-Textual-Data.pdf">
</iframe>
Source: UCSB Library Data Literacy Series ([perma.cc/LM2L-K8DN](https://perma.cc/LM2L-K8DN){target='_blank'}).
Having promised to keep participants' identities confidential, Sarah have assigned pseudonyms to interviewees. However, she is uncertain how to handle indirect identifiers. We will help her to address these issues confidently.
::: {.callout-note appearance="simple" collapse="true" icon="false"}
## 🏋️♀Exercise: Helping Sarah De-identifying Transcripts
::: {.callout-note collapse="true" appearance="simple" icon="false"}
Let's open the files for `interviewee_01` and `interviewee_03` located in `sara-Project/data/transcripts` you might have already unzipped from (project example folder](https://zenodo.org/records/14043001){target='_blank'}). To make things easier, we have highlighted some potential sensitive pieces of information. What strategies can we implement to minimize the risk of interviewees' identification?
The `deid-transcripts` folder contains a possible solution to this exercise.
:::
:::
Adopting best practices for de-identifying responses from your human participants can significantly enhance both the ease and reliability of this process. It's crucial to incorporate de-identification considerations early in your planning phase as part of your overall data management strategy. Decisions on which data to collect, what to exclude, and how to inform participants about de-identification will profoundly impact how you can use and share the data in the future as we will explore in future episodes.
------------------------------------------------------------------------
**Recommended/Cited Sources:**
Campbell R, Javorka M, Engleton J, Fishwick K, Gregory K, Goodman-Williams R. Open-Science Guidance for Qualitative Research: An Empirically Validated Approach for De-Identifying Sensitive Narrative Data. *Advances in Methods and Practices in Psychological Science*. 2023;6(4). doi:[10.1177/25152459231205832](https://doi.org/10.1177/25152459231205832){target='_blank'}
Myers CA, Long SE, Polasek FO. Protecting participant privacy while maintaining content and context: Challenges in qualitative data De-identification and sharing. ProcAssoc Inf Sci Technol. 2020;57:e415. <https://doi.org/10.1002/pra2.415>{target='_blank'}