A woman holds up a sign covering her face that has a question mark on it.

When you read the word “creeper,” you might think of something like this: “A person who does weird things, like stares at you while you sleep, or looks at you for hours through a window.” That definition of “creeper” was written by the user Danya at Urban Dictionary. 

Both the examples mentioned in the definition of creeper are things that evaluators and researchers actually do. And they could be very creepy! Sadly, some unethical, unsavory, and racist things have been done in the name of research and collecting data in the past. Not even the distant past. The Tuskegee Study is a particularly devastating example of unethical research. Research ethics are guidelines and regulations in place to keep something like Tuskegee and other kinds of ethics violations from happening. Whenever we collect data, we need to think about ethics. 

The most fundamental tenet of research ethics is to minimize risk to participants, but they go beyond that. Researchers must be actively respectful towards the individuals in their research. These same ethical goals apply to library evaluation projects. How can you make sure you’re treating study participants ethically? Key issues to consider include privacy, informed consent, treatment of vulnerable populations, risks and access to benefit, incentives, and coercion. In this post we will discuss privacy and how it applies in library evaluations.

Privacy

This is one of our core values in libraries, so we have a nice overlap with research ethics here. Library privacy policies should govern what you do in an evaluation too. You can read more privacy information from ALA here. Often personal information is collected as part of an evaluation study. You might collect people’s email addresses during a program to follow up with them later. Or if you’re interested in knowing if people from under-served communities are attending programs designed to reach them, you could distribute a survey at the end of the program and ask about participants’ community or identity. Regardless of your methods, you should only collect the personal information that you absolutely need to answer your evaluation questions. 

After you have collected the data, it’s your responsibility to keep it safe. Where will you store it? How will you use it? Will anyone else have access to the data? Where will the results be published? How will you present the results to protect the privacy of your study’s participants? 

How to keep the data safe depends on how much personally identifiable information (PII) is in the data. Any time information could be traced back to an individual it is PII and needs to be protected. Datasets that include information that is medical, legal, or in any way could harm the individual should have the highest possible protections in place.

Anonymous datasets don’t contain any identifying information—even the person who collected the data could not trace it back to an individual. This kind of information requires minimal protection. In some cases, the data are confidential, but not anonymous. You can say the information is confidential when you have collected some personal information, but it will be protected and only a limited number of people will have access to it. A common practice is for one evaluator to assign codes to individuals instead of names, and everyone else on the team just sees the codes. This is called de-identifying. As long as a key exists somewhere that connects those codes back to individuals, these data still have PII.

For data with PII, access should be limited to those who are analyzing them. These data should be stored in a location that is secure physically or digitally, like a locked filing cabinet or a password protected and encrypted file. Be careful with cloud-based services and email—these are generally not secure enough for data with PII. Your organization likely stores PII about staff for human resources purposes—you can find out how they keep it safe and see if you could use the same procedure to store research data securely. More information on protecting PII is available here and here.

More next time

Privacy is one of the key pillars of research ethics and you should think about it anytime you collect data. Next time, we will look at additional research ethics considerations that you need to think about as an evaluator.