IRB Considerations: Human Participant Data, Data Sets and Internet Research

UPDATED November 10, 2021:

At this time, invited guests and visitors to the Cornell Ithaca campus--including research participants*--who are 12 years old or older must show proof of vaccination for COVID-19 or the results of a recent negative COVID-19 test. Principal Investigators are responsible for enforcing this requirement if it applies to their participant population. See the Cornell COVID-19 Visitors Webpage for more details. The Cornell Tech campus has its own visitor policy requiring proof of vaccination, which you can review on the Cornell Tech COVID-19 Visitors Webpage.

No IRB protocol amendment submission is needed to implement these participant eligibility and screening requirements, unless you are revising recruitment or informed consent materials. Please contact irbhp@cornell.edu with any questions or concerns. The IRB COVID-19 FAQs and guidance materials have been updated to reflect this university policy change.

*If you believe your participant enrollment or retention will be severely negatively impacted by this visitor requirement, please contact IRB Manager Myles Gideon at mbg223@cornell.edu.

All individuals on Cornell's campus--regardless of vaccination status--are required to wear a mask outside (when physical distancing cannot be maintained) and inside campus buildings (except in private, non-shared spaces, or when eating/drinking). As COVID-19 pandemic-related requirements on the Cornell Ithaca campuses are reevaluated and updated, the IRB and ORIA will continue to revise our human participant research-specific FAQs and guidance documents to reflect current guidelines. Thank you for your patience and cooperation, and please contact the IRB if you have any questions.

The IRB office published a newsletter on October 28, 2021. Click to read more.

Whether you are working with an existing data set collected by another researcher, storing data you yourself have collected from human research participants, or conducting Internet- or app-based research, you must take adequate steps to protect the privacy and confidentiality of research data.

Research with human participants frequently involves analysis or collection of personal identifying information ("identifiers").  In reviewing proposed human participant research, the IRB will consider whether data to be analyzed or collected by the researcher could be stigmatizing, result in criminal or civil liability, damage financial standing, employability, insurability, or reputation, result in stolen identity, or otherwise pose a threat to an individual’s privacy or confidentiality.  If so, the researcher should describe steps they will take to ensure that such information is kept secure.  

 Broadly, human participant research should be planned with the following in mind:

  • Ensuring that the informed consent process adequately and accurately explains to potential participants about possible risks of participation, including any risk that their personal data may be compromised.
  • Appropriately safeguarding the privacy or confidentiality of information obtained from or about human participants, and documenting these procedures in the protocol application and consent form.
  • Minimizing potential risks to participants, including risks associated with accidental or malicious security breaches.

Resources