Sensitive data is any data that, if released to the public, would cause potential harm. Some examples of sensitive data include research participants’ personal information like ethnicity or address, ecological data including endangered species nesting sites, sacred indigenous cultural practices, or confidential commercial information. Any research conducted using human participants must go through ethics review by either the McMaster Research Ethics Board (MREB) or the Hamilton Integrated Research Ethics Board (HiREB).

McMaster classifies research data into three levels of risk, Low, Medium, or High, based on the potential for harm if data is leaked or obtained by unauthorized individuals. These risk levels were designed around research involving human participants, although they may apply to other research designs as well.

Low Risk data is Research data that does not contain any sensitive or identifiable information about individuals, organizations, or communities. There is no significant risk from disclosure, loss, or unauthorized release of low risk data. Low risk data does not contain any sensitive information or identifiable information about individual, communities, or organizations.

Examples of low risk data include non-sensitive research documentation, publicly facing information, completely anonymized or de-identified data with no risk of re-identification, or published data intended for public access.

Medium Risk data is research data that may or does contain confidential, sensitive, or identifiable information about individuals, organizations, or communities. Disclosure, loss, or unauthorized release of medium risk data may result in putting participants at risk.

Examples of medium risk data include some sensitive research-related documentation, personally identifiable information, de-identified records of compensation, data and research protocols related to private or sensitive intellectual property, de-identified financial information associated with research payments, identifiable demographic data and/or information about participants’ beliefs, opinions, health, etc., that in the context of the study would be considered medium risk.

High Risk data is research data that contains highly sensitive information about individuals, organizations, or communities. Disclosure, loss, or unauthorized release of high risk data may result in significant risk for the participant, the researcher, and potentially the institution including reputational damage, significant professional or personal disruption, financial consequences and legal liability.

Depending on the study context, examples of high-risk data could include information with regard to racial or ethnic origin; political opinions; religious beliefs or other beliefs of a similar nature; trade union membership; physical or mental health or condition; sexual life; the commission or alleged commission by the data subject of any offence or criminal activity. Other examples of high-risk data may include Personally Identifiable Information (PII) (where a breach of confidentiality would carry a high risk for research participants), Personal Health Information (PHI) and credit card information (PCI).

High-risk data requires very strong controls against unauthorized disclosure, loss, and modification.

Some research data may contain sensitive information, and cannot be shared for legal or ethical reasons. Sensitive information may contain data including:

• Personal Identifiers
• Personal Health Information
• Personal financial information
• Confidential business information
• Sensitive ecological information
• Indigenous cultural practices  

Some datasets containing Sensitive information can be anonymized or de-identified, allowing for sharing to happen. De-identification is the process of removing any identifiable data from a dataset. Typically this happens by removing or replacing personal identifiers. With some datasets, it may be impossible to completely anonymize the data, as even when direct identifiers are removed, combinations of other data may make it possible to still identify the individuals in the dataset. Datasets that cannot be completely anonymized should not be shared openly.

Several software packages exist which can help with de-identification of data. For a full review of the different packages, see the Portage De-Identification Guidance document. The recommended tools are Amnesia, and sdcMicro. Amnesia is considerably easier to use but sdcMicro has a more powerful feature-set.

The Portage Network de-identification guidance document also outlines strategies and approaches for de-identifying research data. Another helpful reference might be the De-identification Guidelines for Structured Data from the Information and Privacy Commissioner of Ontario.

An Endangered Species Data Sharing Assessment may be relevant to researchers de-identifying sensitive ecological information. 

2023 McGill Data Anonymization Workshop Series:

• Workshop 1 - Reducing risk: An introduction to data anonymization (Kristi Thompson) - English | French | Slides
• Workshop 2 - ARX:  Anonymising data in theory and practice (Fabien Prasser) - English | French | Slides
• Workshop 3 - Ethically sharing qualitative data (Sebastian Karcher) - English | French | Slides
• Workshop 4  - Qualitative data sharing: A roadmap and resources to facilitate responsible and ethical data sharing (Jessica Mozersky, Albert Lai, Sara Britt) - English | French | Slides

Portage Reducing Risk Webinar:

• Slides
• Recording