Blog Question: How does conducting research on the Internet impact the ways that researchers must deal with human subjects?
The internet presents a completely different set of risks and potential rewards, regardless of whether or not the actual research is done on the web. In addition, the internet also provides a pseudo-permanent record/data of every piece of data ever sent or transmitted. While the potential is there for gaining a large amount of information via the web, there is also the risk that confidential information may leak into the web and remain there in various electronic forms for eternality… especially with web archiving. Now, I will get to a very interesting case that I am aware of in a moments that shows how the internet can be much worse than an unlocked door that restricts the access of confidential information, but I guess I will comment on a couple of things from the modules first.
Every institution’s IRB is different and the concept of “risk” is different. Clemson’s IRB differs that Georgia Tech’s. Clemson may conclude a research project requires an expedited review while GT requires a full review. Therefore, while the modules and CITI certification may be standardized, there is a lot of variance in how a university handles risk. What is unique is that the internet allows for greater sharing of information/data between researchers at different universities with two different IRB approaches.
Conducting research on the interest must be done on secure servers and mainframes from what I understand, but those are only as secure as out IT folks make it to be. Now, I have work with a research office for a couple of years and we are responsible for a couple of internet surveys (work for Clemson Parking and Clemson Vanpool… so keep you comments to yourself). Now, the response rate for these surveys were outstanding, we got about 1,600 to 1,800 responses for each survey with is outstanding when considering that only Clemson students, faculty and staff could respond to the survey. However, there is relatively risk for these interest surveys since it did not ask sensitive questions any more sensitive than basic demographics and parking habits. However, if the survey asked more personal questions, there could be a problem because to take the survey, one had to enter their CU ID so theoretically we could trace each individual’s responses if the research group applied the man-hours to it. Therefore, while the internet seems private because the research subject may not be interacting with anyone at a potentially private location, electronic communication is never always private. Anyone with the expertise or time can listen in.
The internet can have a different role within non-electronic research. Having an electronic database or website could have security issues. I am aware of an incident with human subjects data, private data including very sensitive information that was put on the web due to human error. A excel file from a written data source with the all the survey/research data was accidentally placed on a website for several months before the managing body recognized that the data was copied to that location. This was beyond any expected and anticipated risks that the researchers and internal review board could have thought up and disclosed. So, while a study that did not have a internet focus still found itself susceptible to the risks of electronic communication, anything can be accessed by millions of individuals who care to look for it.