IRB Considerations: Human Participant Data, Data Sets and Internet Research

UPDATED 07/30/2020:

Cornell University has been cleared by New York state to restart research activities, in a staged, limited manner. In mid-May, the Cornell Research and Operations Reactivation Committee published a guide for the safe restart of the university's research, which includes the requirement that researchers must submit a reactivation plan to their college/unit for approval before returning to campus.

On July 1, a sub-committee on Human Subjects Research Reactivation published new guidelines for reactivating in-person human subjects research on Cornell’s Ithaca, Geneva, and Cornell Tech campuses. These guidelines provide a means for each college/unit to decide if a research reactivation plan that involves in-person, on-campus human subjects research can be approved. Any changes to IRB protocols must also be reviewed by the IRB.

On July 28, the IRB published additional guidance for investigators on conducting in-person research during the COVID-19 pandemic.

Please visit the IRB COVID-19 FAQs page for updates and contact the IRB if you have any questions.

Whether you are working with an existing data set collected by another researcher, storing data you yourself have collected from human research participants, or conducting Internet- or app-based research, you must take adequate steps to protect the privacy and confidentiality of research data.

Research with human participants frequently involves analysis or collection of personal identifying information ("identifiers").  In reviewing proposed human participant research, the IRB will consider whether data to be analyzed or collected by the researcher could be stigmatizing, result in criminal or civil liability, damage financial standing, employability, insurability, or reputation, result in stolen identity, or otherwise pose a threat to an individual’s privacy or confidentiality.  If so, the researcher should describe steps they will take to ensure that such information is kept secure.  

 Broadly, human participant research should be planned with the following in mind:

  • Ensuring that the informed consent process adequately and accurately explains to potential participants about possible risks of participation, including any risk that their personal data may be compromised.
  • Appropriately safeguarding the privacy or confidentiality of information obtained from or about human participants, and documenting these procedures in the protocol application and consent form.
  • Minimizing potential risks to participants, including risks associated with accidental or malicious security breaches.

Resources