Marcotte John E, Rush Sarah, Ogden-Schuette Kelly
University of Michigan.
J Priv Confid. 2023;13(2). doi: 10.29012/jpc.825. Epub 2023 Nov 30.
Research data have expanded in their gradation of the risks associated with both re-identification and harm, which has created a need for multiple levels of access controls beyond public and restricted access. Public-access data have typically been available for download from websites while restricted-access data usually require an application and formal authorization process. The old paradigm of classifying data as public-access or restricted-access is no longer sufficient. Access to research data requires more nuance to ensure the protection of human subjects. In this paper, we describe seven tiers of access to research data. Each tier adds requirements that are necessary to mitigate disclosure risk and confirm appropriate management of the data. Improper handling of the data includes attempting to find a specific individual or household or failing to follow disclosure protection rules for data and output included in papers and presentations. By establishing a ladder of access conditions, each higher tier meets and exceeds the requirements of the lower tiers. While the highest tier meets all requirements, this tier will impede legitimate research for most data. The challenge for repositories is to provide access in a manner that promotes research while specifying security that provides appropriate protections against the risks of re-identification and harm.
研究数据在与重新识别和伤害相关的风险等级方面有所扩展,这就需要在公共访问和受限访问之外设置多层次的访问控制。公共访问数据通常可从网站下载,而受限访问数据通常需要申请并经过正式授权程序。将数据分类为公共访问或受限访问的旧模式已不再足够。对研究数据的访问需要更细致入微的处理,以确保对人类受试者的保护。在本文中,我们描述了研究数据访问的七个层级。每个层级都增加了减轻披露风险和确认数据妥善管理所需的要求。对数据的不当处理包括试图查找特定个人或家庭,或未遵循论文和报告中数据及输出的披露保护规则。通过建立访问条件的阶梯,每个更高层级都满足并超越了较低层级的要求。虽然最高层级满足所有要求,但该层级会阻碍对大多数数据的合法研究。存储库面临的挑战是以促进研究的方式提供访问,同时规定能针对重新识别和伤害风险提供适当保护的安全性。
