Confidentiality means that information is restricted to those authorised to have access to it. Access restriction is only one aspect of confidentiality. The researcher's assurance of confidentiality to the research subject is also important. The strictness of confidentiality normally increases with the degree of sensitivity of the information, and with the degree of vulnerability of the research subject.

The importance of confidentiality

In essence, confidentiality in the relationship between researcher and research subject is to be regarded as an obligation for the researcher and a right for the research subject. Everyone has a right to restrict the access of others to certain types of information about their person. Respect for the individual must be borne in mind here, because personal data can be actively misused. Even in the absence of such misuse, it can be both disagreeable and harmful if sensitive information goes astray. This applies first and foremost to individuals and their families, but groups and institutions also require consideration.

In addition to this general respect for rights, special obligations regarding confidentiality arise in view of the understanding that exists between researcher and research subject with regard to how the information is to be used and who is to have access to it. This applies whether this relationship is based on trust or a written agreement.

Respect for confidentiality is also important in the interests of the research. Breach of confidentiality undermines the trust and credibility enjoyed by the research, and in a wider perspective will make it difficult to engage in research in the future. This does not apply only to the researcher who has been in breach of confidence, of course. The research community as a whole will suffer.

In addition to confidentiality in the relationship between researcher and research subject, there is also another aspect to confidentiality in research. A researcher may, for example, be ordered not to disseminate results that others have obtained and/or are working on. These results may also concern information that is not related to an individual or a group. The motivation for the confidentiality may, for example be publication rights, or the development of patents. This article will primarily consider confidentiality that has to do with the relationship between researchers and their human subjects.

Confidentiality and freely given informed consent

The question of confidentiality hinges on the matter of freely given informed consent. Freely given informed consent can be thought of as a sort of "contract" between the researcher and the research subject, where the latter consents to the research as a result of the researcher's binding declaration about the project. This consent defines the relationship between the two of them – for example what sort of information is to be acquired, how this is to happen, when it is to happen, and how it is to be possible to use the data subsequently. Confidentiality can be thought of as one aspect of this "contract", which concerns what the researcher has the right to do with the acquired data.

Confidentiality and protection of personal data

But confidentiality extends beyond freely given informed consent. Some professional groups have an obligation to protect the persons they come into contact with that extends beyond any signed consent forms and other documents that might exist. Nurses, doctors, police and priests are well known examples of such groups outside the world of research. Confidentiality here is concerned with protection of personal data. Protection of personal data specifies how individuals must be protected against dissemination of data concerning them, and also sets limits to what it is permitted to request consent for. One very important methodological aspect of confidentiality regarding data concerns anonymisation.

The difficulties associated with confidentiality vary substantially, depending on the nature of the research. Some research projects, for example, proceed under far less controllable conditions than others. Consider, for example, participatory research on criminals in a vulnerable environment, compared with anonymous questionnaire surveys. Keeping sensitive data secret can also be a great challenge if, for example, one is conducting research in communities that are so small and close-knit that the parties involved, and even outsiders, require little information in order to know who is being referred to.

Another factor is that in some situations the researcher may not necessarily understand what the research subject regards as confidential data. This is a crucial point, not least when the two parties have different cultural backgrounds, irrespective of whether "cultural background" here is a matter of ethnicity, generation, social class or something else. It is not always easy to arrive at a reasonable mutual understanding of confidentiality under such circumstances. It is especially important, then, for the researcher to make advance efforts to familiarise himself or herself with the subject's cultural background.

More about the relationship between researcher and subject

The contract perspective shows that there is a degree of reciprocity in the relationship between researcher and subject. One aspect of this reciprocity is often expressed as a requirement that researchers not merely use their research subjects for their own purposes, but also give something in return. Of course, transfer back of results must then also take place in such a way that it does not jeopardise confidentiality.

On the other hand, the research subjects do not always want confidentiality. Sometimes they want the research to generate as much publicity as possible for a particular case or situation. However, research subjects who might want to avoid confidentiality do not always automatically have the last word. It might, for example, be a matter of persons who cannot be expected to understand what publication of research may entail, or who wish to use such publicity for unethical or illicit ends. Not only the researcher, but also the research subjects, tend to have more or less articulated hopes and wishes with respect to what is to come out of the research. And this is something the researcher should take seriously, including the dilemmas it may imply.

Conflict between confidentiality and other considerations

From a purely methodological point of view, it may sometimes be necessary to lower other scientific standards in order to ensure confidentiality. This applies in particular to the scientific ideal of verifiability (see also Research values). In principle, the need for verifiability means that the researcher must publish sufficient information to enable others to repeat the procedures and verify the results. The confidentiality requirement may, for example, mean that the results must be grouped, or names or values modified, in order to ensure that some data cannot be traced back to individuals or particularly vulnerable groups. Although this may affect the degree of verifiability, it is essential that confidentiality is respected. However, this potential conflict makes it important that the researcher has reflected in advance over what specific strategies should be aimed for to ensure an epistemic as well as ethical standard.

Researchers may also be faced with a dilemma with regard to maintaining confidentiality in other situations, where this type of methodological consideration is not involved. For example, some types of research, such as mapping insider trading or illegal immigration, may be of interest to business or to government policy. If researchers are served with a court order to reveal their source, when is it ethically correct to breach confidentiality for such reasons? A further source of confusion for the individual researcher may be that this is not purely a matter of conscience, but also a question of the possibility of doing further research. For further reading on researchers' notification requirement, see the article Duty of secrecy.

There are often no simple solutions in situations where ethical considerations are apparently in conflict with one another. One pertinent fact, however, is that in cases where it is conceivable that such a dilemma may arise, researchers must consider carefully in advance whether they should establish a confidential relationship with the person or persons concerned at all. It is never straightforward, and almost always wrong, under any circumstances, to establish a relationship based on deceit with persons upon whom one wishes to conduct research.

Practical tips

Confidentiality is not only about publication of results. Reflection regarding confidentiality also calls for thinking through matters like data storage and processing, procedures for breach of security, methods for statistically concealing individual factors in quantitative material, methods for destroying data and steps to be taken in the event of breach of procedures or agreements at all relevant levels. In some circumstances, the risk of recognising individuals has also become a greater challenge as the result of the development of automated comparison of massive datasets (so-called "Big Data").
Any researchers who work with sensitive data should have a relationship with their field of research that is so well thought through that they take confidentiality seriously. However it will also normally be correct for this attitude to be formalised as articulated assurances from the researcher. If sensitive information is collected, the research subjects should normally be informed in advance how the data are to be protected, and what rights they have with respect to these data. In most cases, a certain formalisation of this situation is preferable, both because it provides greater security for the research subjects and because it helps to keep the relationship between the two parties orderly. This latter consideration especially is also a definite advantage for the research project.

The legal aspect

In legal terms, the duty of secrecy lies at the heart of confidentiality. The Public Administration Act is particularly relevant, as it covers both duty of secrecy and the wider matter of confidentiality in all public sector activities. In brief, the duty of secrecy concerns individuals' obligation not to pass on certain insights acquired in the course of business, while confidentiality also concerns measures to avoid such information being disseminated as a result of weaknesses in the storage of the data in reports, archives, files etc. In this latter respect, the Personal Health Data Filing System Act has particular relevance for medical research. The rules of the Public Administration Act concerning duty of secrecy have been applied to a number of occupations, for example through the Kindergarten Act, the Education Act and the Child Welfare Act. The Health Personnel Act has a number of provisions about duty of secrecy, for example concerning health data for use in research.

This article has been translated from Norwegian by Beverley Wahl, Akasie språktjenester AS.