Ken Cousins wrote:
"Our university's Human Subjects Review panel goes so far as to prohibit
digital audio recording.... The official procedure is to use two cassette
recorders simultaneously..."

What's their reasoning? It strikes me as a position that is or will be
difficult to maintain.

In any case, from a practical point of view, it is only a matter of time
before cassette recorders disappear. Sony has already stopped manufacturing
a number of popular professional models --actually several years ago--and
these models haven't been replaced with newer models. I suspect Marantz and
other manufacturers will eventually cease production as well. So your IRB is
going to have to deal with digital recording sooner or later.

Availability of equipment aside, I'm not sure on what principle an IRB would
exclude the use of digital recorders. Digital recordings are not inherently
more likely to result in a breach of confidentiality than analog audio
recordings. It depends on how the digital recordings are made and used. It
is no easier to copy and transmit digital recordings made with the current
generation of Minidisc and DAT recorders than it is with an analog tape
recorder. So, I don't see what objections they could have to those types of
digital recording.

The issue is not digital as such but digital information on a computer. It
is the computer that makes copying and transmission easy. One wonders at
what point does your IRB consider it legitimate to use a computer to work
with the data? I also wonder if your IRB applies the same standard to other
researchers. Does your IRB prevent researchers using, creating, and
maintaining electronic databases to conduct research studies?

Information on a computer, even a networked computer, is not necessarily
insecure. It depends on how the computer system is set up and used. If it is
done properly, a file on a computer is probably more secure than a tape in a
locked cabinet. So maybe it isn't the computer as much as the human user.

Data files that are released in some way may not result in a breach of
confidentiality anyway. I'm assuming most people don't label their files
with obvious identifying information, such as the name of the interviewee,
and that in many cases there may be no formal link to an explicit
identifier. That means that identification will depend on guessing the
interviewee's identity from clues in the recording or transcript. If the
transcripts are systematically cleaned so that practically all real names
(people, places, etc.) are changed as well as other obvious information
(e.g. date of birth, etc.), it will be very difficult to guess the speaker
unless the reader/listener is already very familiar with the person. A
digital audio file (unlike an analog tape) is also fairly easy to clean. You
can go through and silence all the potential identifiers. You can even alter
the tone of voice, etc.

Some of this probably sounds pretty extreme. And for most people it probably
is. The degree of effort is going to depend on the nature of the data. A lot
of the data qualitative researchers collect probably doesn't pose much
potential harm in the event of a breach of confidentiality. If the risk is
relatively small, storing the data as if it were a nuclear missile launch
code is just excessive. It is a different matter if the data involves an
activity or a status that is stigmatized (e.g. see Mike Mellody's earlier
post for an example), activities that are considered criminal or deviant in
some way, or where the data might conceivably be used against the research
subjects or associates in some way.

I think it is also important to note that no one is promising
confidentiality (at least I hope not). What the consent form should say is
that there is a possibility of breach of confidentiality, that a breach
might pose certain risks to the interviewee in the event this occurs, and
the researchers will undertake certain reasonable precautions to severely
limit this risk.

Even with perfect procedures there will still be risk of forced release. If
a lawyer comes after you there probably isn't much you can do except cough
up the data or go to jail (consent forms often say something like "the
researchers will not disclose information except as required by law"). There
was a case like this the other year in the US. If I remember correctly, the
researcher had been studying events surrounding a patient who was getting an
artificial heart. The patient died and the spouse sued the hospital and
physicians. The lawyers issued subpoenas for the research data, including
interviews with physicians and other hospital staff. The judge ordered the
researcher to surrender the data or go to jail. I'm not sure what happened
in the end.

Federal agencies will issue a "Certificate of Confidentiality" to US
researchers collecting "sensitive" data. You have to request one and they
only issue it if the sensitivity of the data meets certain criteria. The
certificate is supposed to prevent researchers from having to comply with a
subpoena and other types of forced release--the idea here being to enable
research on criminal, sexual, and other behaviors that wouldn't otherwise
get done--but as far as I am aware this protection hasn't been tested much
in the courts. I've spoken with at least one attorney who didn't think it
would hold up. I think if one was dealing with sensitive data one should
request one anyway because what is important is that the researcher takes
all reasonable precautions to protect subjects' confidentiality relative to
the degree of risk.

Alan.