Sensitive Data

If your research data is considered sensitive, it means that you will have to consider a range of guidelines and regulations as you manage it. It doesn’t necessarily mean that you won’t be able to publish your research data.

  • What is sensitive data?

    Data is considered sensitive if it can be used to identify an individual, species, object, or location in a way that introduces a risk of discrimination, harm, or unwanted attention.

    The main categories of sensitive data are:

    • Identifiable personal data.

    • Health and medical data.

    • Environmentally sensitive data, including ecological data that may place vulnerable species at risk.

    • Data about or shared by Indigenous people, including Indigenous Cultural and Intellectual Property, community knowledge, or secret and sacred information.

    • Data subject to commercial agreement.

  • What do I need to consider when handling sensitive data?

    Before you begin your project, it's important to plan how you'll handle any sensitive research data. Take your time to choose the best way to keep your data safe throughout your project. If you decide to de-identify your data, it's a good idea to plan for that from the start to save time later on.

    You need to take extra precautions when storing sensitive research data. This guide provides information about the University’s data storage options.

    Sensitive data should always be encrypted or password-protected. Never send unencrypted sensitive data via e-mail.

    Avoid storing sensitive data on a personal computer or an external hard drive, as there is a risk of them being stolen or lost.

  • Can I still publish sensitive data?
    Think about the advantages and risks of publishing your research data. In many cases, the benefits, such as reaching more people and possible citations, are worth the extra work and risks. Make sure to comply with the University's Information Classification and Protection Guidelines.
     
    Sensitive data can rarely be published in its original form. In some cases, data can be modified to reduce the risk in publishing. In the case of sensitive data about humans, this can include removal of identifiable information in the dataset, but effective de-identification needs to be rigorous to reduce the chance of re-identification. 

    If you can't de-identify your data, consider sharing the metadata instead. This lets other researchers know about your dataset, and they can approach you to collaborate where appropriate in a way that protects sensitive information. You can publish metadata only records using Figshare.  

    The ARDC’s Publishing Sensitive Data guide will help you to understand how to publish sensitive data for maximum benefit in a way that is safe and ethical.

    Extracted from the guide, the Publishing Sensitive Data Flowchart will help you consider all relevant questions before deciding whether and how to publish sensitive data.

Expand

Publishing and sharing sensitive data flowchart from ARDC

Sensitive Data Flowchart

Source: ARDC: Publishing and sharing sensitive data flowchart

Return to Research Data Management front page