Encrypting identifying information

You can protect the privacy of your study subjects by:

  • protecting your data (already discussed in chapter 'Protecting your data');
  • keeping identifiable data separated from unidentifiable research data;
  • making use of random unique research codes and separate the code list from the research data;
  • encrypting vital identifying information.

Frequently Asked Questions

Researchers aiming to store personal data on human subjects should consider involving a trusted third party (ttp) to encrypt and decrypt identifiers. This is not legally required, but it could enhance the trust of the general public that all feasible measures were taken to protect the privacy of the study subjects.

Strictly speaking, a mere encryption is sufficient. When also allowing decryption of encrypted data, processes should be in place to limit such decryption rights to people for whom a legal ground exists to have access to such knowledge. Such processes can either be guaranteed by standard operation procedures and risk assessments within the organisation itself or by involving a TTP.

Text in preparation