CDS design research handbook

← Table of contents

Privacy and consent

This guide outlines resources processes that help you conduct ethical, policy-compliant research.

This guide is a work in progress – if you have any questions please contact a member of the policy or research team.

What the policy team provides

• Establishes the framework and policy processes for a given research activity
• Clears the bureaucracy so researchers can do their job

What design researchers provide

• Establishes research processes
• Ensures that laws and policies conform to their own and established research ethics

Basic privacy and consent guidelines

New to the team?

Before researching at CDS, read through the following questions and answers. For all research activities you undertake, you will need to be aware of the following:

What privacy and consent documents do I need to do [insert type] of research?

• If doing intercept interviews, you will need a consent form and a privacy statement.
• If also recording the participant, you will need an another consent form.
• If you’re using a recruiter, they need to send the forms on our behalf.

Which email do I use for recruitment?

Your @tbs-sct.gc.ca email. Personal information is protected and must remain on your TBS devices. (Tablets, @tbs-sct.gc.ca email, work-issued phones.) We know this isn’t ideal – we’re working on it.

On what devices can I record information?

• You can use your TBS phones for audio recording. Use the voice notes feature in the encrypted container on your phone. (Chat with a member of the policy team for more information).
• Be sure to send the recording to your TBS tablet, not MacBook, to listen and store. Only once it’s transcribed can it go on a MacBook. Again, not ideal, but we’re working on it.

How should I save participant information + org information?

• Store participant information on TBS devices.
• You can use your MacBooks and CDS email accounts for outreach to organizations. As soon as you’re exchanging personal information, you should use your TBS devices. It’s safer to stick to TBS devices and accounts.

What is protected data?

Generally speaking, any personal information is protected. Place “PROTECTED A when completed” or “PROTECTED B when completed” text in the top right heading of documents/forms, where you’ll be collecting protected data.

Where should I store protected data? Macbook? Tablet?

Store all protected data on your TBS tablet. Don’t send it (e.g. via an email) outside of the TBS system.

How long do I need to hold on to consent forms?

We should hold on to consent forms for as long as we’re using the data from those research sessions. As a rough rule, that would be until the end of CDS’s involvement with a product.

If the consent form allows participants to withdraw, consent forms should be kept for ____. (e.g., if the research was confidential.)

Where should I keep consent forms? (physical vs digital)

Store digital privacy and consent forms on your TBS tablet.

Physical privacy and consent forms should be stored in the secure filing cabinet.

How do I dispose of data? Consent forms? Notes?

Shred paper records (like consent forms) using the shredders in the office’s printer rooms. (Fun fact: those shredders are RCMP-approved!)

Who can have access to research data?

This depends on the collection authority under which the data was collected.

• If the privacy statement only uses TBS’s authority, then only TBS employees can view the raw data. For example, if it says “authorized by the Financial Administration Act,” then it uses our authority. Until we depersonalize the data, only TBS employees can view it.
• If the privacy statement uses both TBS’s and the partner’s collection authority, the partner and us can view data. For example, “authorized by the Financial Administration Act and the Department of Veterans Affairs Act”,

Who in a partner department can view data?

If the statement includes the partner’s collection authority, any partner department employee can view the data. That said, we must limit access to people who have a valid reason to handle that data.

Can other staff at CDS view data? Other members of the product team?

The same guidelines apply here as they do for who in a partner department can view the data. With TBS’s collection authority, any TBS employee could view it. But we must limit that sharing to those with a valid reason to handle the data.

These constraints apply to raw data. We can share summaries, where no statements can be attributed to an individual, openly.

Can a partner send personal information to a CDS researcher? (e.g. a spreadsheet with immigration application information)

A partner cannot send us an unsolicited spreadsheet with personal information. We would need to make sure we have the legal authority to collect the personal information. In order to share data between a partner and CDS:

• the partner must collect the data under their authority and TBS’s
• the data must be in one of the standard personal information banks, like PSU 938 “Outreach”.

What can I digitize from paper notes? Where can I store that digitized information?

Digitize paper notes by typing them up on your TBS tablet (not on Google Drive) or scanning them with TBS equipment. Don’t use unprotected scanners, like those connected to our MacBooks.

Store digitized notes on your TBS devices. Share them with others via TBS email or GCDocs.

If I want to take digital notes, where I can I store them?

Use your TBS devices (TBS-issued phone, in the secure section) or your tablet.

Resources

Readings

These readings cover much of the language consent and privacy forms use. Read these before you start conducting research.

The Privacy Act: Governs how the federal government handles personal information.

• Section 3: Definitions
• Section 4: Authority to Collect
• Section 8 (2): Appropriate Disclosure of Information

Tri-council policy statement on Ethical Conduct for research w/ humans: Core principles which outline best practices for conducting research with participants. Chapter 3 provides guidelines for collecting informed consent.

• Chapter 3: Consent

Directive on Privacy Practices: Provides direction to government institutions on how to implement effective privacy practices.

(see CDS summary)

• Section 6: Requirements
• Section 6.2.9: Privacy Notice

In-house tools

The policy team to make privacy and consent gathering more efficient and safe. Researchers use these tools in partnership with the policy team.

Research activity privacy guide

When to use:

• You’re starting research
• You’ve identified who and where you want to conduct research

Privacy and Consent Framework for Notices

When to use: When choosing which privacy and consent notices to use.

Privacy and Consent form Generator

When to use: In partnership with policy to generate forms for research.

Keywords and acronyms

A more complete set of definitions can be found in the Privacy and Consent Framework.

Personally Identifiable Information (PII)

Any single data element that identifies a specific individual. Any information that can be used to distinguish one person from another and can be used for de-anonymizing anonymous data can be considered PII. ATIP

Access to Information and Privacy

The Access to Information Act gives every Canadian citizen, permanent resident, individual or corporation in Canada the right to request access to records that are under the control of federal government institutions, regardless of their format. The Treasury Board Secretariat ATIP office reviews our privacy and consent notices.

Personal Information Bank (PIB)

Descriptions of personal information under the control of a government institution that is organized and retrievable by an individual’s name or by a number, symbol or other element that identifies that individual.

Confidential

A level of confidentiality. Confidential data are usually coded: the subject is assigned a unique identifier that will be used to identify the data.(E.g., “respondent 1”)

Anonymous

A level of confidentiality. Anonymous data are recorded so that the information can never be linked to the subject who supplied it.

Anonymized or Depersonalized

A level of confidentiality. Anonymized or depersonalized data is initially collected with the identity of the participant known. Then undergoes a rigorous process to remove identifying information such that no single element or combination of data could be used to identify the individual.

Protected Information

Applies to information or assets that, if compromised, could reasonably be expected to cause injury to a non-national interest—that is, an individual interest such as a person or an organization.

What to know, by research phase

So, you’re caught up and ready for research? Discuss these questions as you conduct research. Work with your policy analyst to answer these questions as you move from start to finish on a study.

Before you start

• Who will be conducting the research?
• Has the department done user research before?
• What kind of authority to collect information does the partner department have?
• How will we share research findings?
• Will the department help us find research participants?
• Will we be collecting any personal information during the recruitment process?

Service overview

• Critical questions to answer:
  • What are the department specific ATIP practices?
  • What is the business case for research?
• Good-to-have answers:
  • How risk averse is the partner?
  • Who should we be meeting with to socialize the research plan?
  • Does the department have any specific limits on information collection?

Research plan

• Critical questions to answer:
  • What methods do we plan to use and what personal information will we need to collect?
  • What are the anticipated sample sizes?
• Good-to-have answers:
  • What technologies will we use?
  • How will we record and store findings?
  • How sensitive is the data we will collect? How will we obscure the personal information?
  • How will we collect and store consent?

Refining your target audience

• Critical questions to answer:
  • Will we need to make special considerations to prevent coercion and ensure they are able to give informed consent?
  • Where will we be meeting users during testing and interviews (the home, public, etc.)? Good-to-have answers:
  • What segments of the population would we like to speak with?
  • What is the timeline for consent turnaround?

Recruiting participants

• Critical questions to answer:
  • What recruitment methodology will I use? Intercept? Snowball?
  • What PII is being collected? What PII do we need?
• Good-to-have answers:
  • Will we have access to participants through partner/customer channels?
  • What information can I share with potential participants?
  • Can I reach out to past participants?

Running research

• Critical questions to answer:
  • What are the benefits and risks of this research for participants?
• Good-to-have answers:
  • How can I clearly state to a participant how we will use their data? How can I guarantee that the data will be limited to that usage?
  • Is there anything I can’t speak about when working with a participant?
  • How can I maintain participants’ privacy throughout the research?

- Last updated by Colin on March 25, 2019