What Constitutes as Sensitive Data?
Activity
If you haven’t already, play Level 7 in the League of Data game: https://lod.sshopencloud.eu/LodGame/ It helps you think about what information is sensitive.Source: SSHOC. (2020). Data Publication Challenge [video game]. Social Sciences and Humanities Open Cloud (SSHOC) League of Data (LOD). https://lod.sshopencloud.eu/
--------------------------
Personally identifiable information (PII) are references, or variables, in data that can disclose a person’s identity. These can be either direct identifiers about a person, such as name or social security number, or indirect references, which are characteristics like occupation or salary that when put together can make an individual unique. Certain direct identifiers, given what sort of data you’re working with, must be protected by law. HIPAA and FERPA are federal laws regulating the collection and exchange of health and student information. These regulations specify particular direct identifiers, and certain requirements that must be followed for proper use and disclosure of them.
More examples of personal identifiers (including those that are HIPAA and FERPA specific) are listed in the “NC State IRB Guidance: Identifiable Data Sets” document at https://research.ncsu.edu/administration/compliance/research-compliance/irb/irb-for-researchers/#data-management-and-security
Refer to the “Risk Assessment and Deidentification” page for a guide on removing sensitive information from your dataset.