1. Think from the participant's perspective.
- What information would you be willing to share, and under what circumstances?
- What would make you feel comfortable answering the questions that the researcher is asking?
- How would you feel if you work at Company X, and you learn that the information being gathered will benefit your competitor, Company Y?
2. Introduce yourself and the research.
- Identify yourself honestly, and explain your objectives for conducting the research, including:
- how the information collected will be used.
- who will benefit from the information.
- whether or not participants and their responses will remain anonymous. If not, why?
- Do not misrepresent yourself as a customer or client, especially if seeking information from a competitor company.
3. Consider confidentiality and data security.
- Protect participants’ responses and personal information (see: Working with Sensitive Data).
- Only collect Personally Identifiable Information (PII) if it is absolutely necessary.
- PII refers to “information that, when used alone or with other relevant data, can identify an individual. PII may contain direct identifiers (e.g., passport information) that can identify a person uniquely, or quasi-identifiers (e.g., race) that can be combined with other quasi-identifiers (e.g., date of birth) to successfully recognize an individual." (Source)
4. Be careful with health questions.
- A person's physical or mental health status is sensitive information. Even seemingly innocuous questions about things like sleep or stress levels relate to physical or mental health.
- Avoid combining health questions and questions that ask for Personally Identifiable Information (PII), unless:
- you are capable of protecting participants' data, and
- you explain to participants how you will protect their data (see #4 below).
- HIPAA is a U.S. Federal law that aims to protect people's health information. If you collect health information, then best practice is to be HIPAA-compliant. (Tip: try searching online for this phrase: HIPAA compliance checklist).
5. You might need Institutional Review Board (IRB) approval.
- The IRB is responsible for reviewing human subject research and ensuring compliance with federal regulations, state laws, and UC/UCI policies, to protect the safety and welfare of human subjects.
- If you are doing primary research for a class assignment or an entrepreneurial project, you probably don't need IRB approval. If you plan to publish your research (i.e., develop or contribute to generalizable knowledge), talk with your professor(s)/advisors.