7

I'm a part of the University staff supporting research. I recently became aware of a faculty research project being conducted with a commercially purchased dataset that contains PII. I do not believe the faculty member has submitted the project for IRB review but is conducting the research anyway.

My supervisor's messaging to the the faculty member was 'We recommend any research that uses this dataset be reviewed by the IRB. However, the responsibility is ultimately that of the researcher's to decide whether IRB review is necessary'. As far as I am aware, the faculty member never submitted or received IRB approval. The attitude from our management team was that we shouldn't block research projects, particularly since the faculty member had helped to pay the licensing fees for the dataset. If the faculty member chooses to go ahead without IRB approval, any misuse of the data is solely their responsibility.

Is it correct that all the responsibility lies with the faculty member? What are our responsibilities as staff after we have warned faculty? If I am aware of this situation and I don't report it to the Universities research ethics team, will I be personally responsible for any abuse of the dataset?

This a private University in the United States.

Improve this question
8
  • 2
    I suspect that the answer strongly depends on your institution's policies.
    – Anyon
    Commented Aug 18, 2022 at 17:34
  • 1
    Where can you purchase data containing PII? Also, what is the relationship between your supervisor and the PI? Do you both work for the PI, or are you in the ethics office?
    – Azor Ahai -him-
    Commented Aug 18, 2022 at 17:53
  • 1
    There are certainly two components here: (1) whether you could be legally responsible under the funding agency's regulations [I'm assuming this is funded by a federal agency] or civil law, and (2) whether you could be sanctioned by your employer for not reporting it. Answers to #2 may vary based on a number of factors, but #1 should be very answerable.
    – cag51
    Commented Aug 18, 2022 at 20:50
  • 4
    "However, the responsibility is ultimately that of the researcher's to decide whether IRB review is necessary'." That seems precisely wrong to me. It wouldn't prevent the very serious abuses for which the IRB system was designed. There are a few clear exceptions, but generally it is the IRB that decides.
    – Buffy
    Commented Aug 18, 2022 at 21:00
  • 1
    My reaction (based on U.S. experience) is that anything with "PII" (personally identifiable information) needs IRB approval, and it's not up to the discretion of the investigator. Sure, in math, my field, although it rarely involves even potentially sensitive stuff, our proposals have to go through an IRB review before they're passed on to the funding agencies.
    – paul garrett
    Commented Aug 18, 2022 at 22:39

1 Answer 1

Reset to default
1

It depends on your regulatory environment and other details. If you are talking about the Helsinki Declaration in the context of performing research, it says:

It is the duty of physicians who are involved in medical research to protect the life, health, dignity, integrity, right to self-determination, privacy, and confidentiality of personal information of research subjects. The responsibility for the protection of research subjects must always rest with the physician or other health care professionals ...

Under the Declaration, responsibility depends on your status as a "professional." (A bit odd, in my opinion.)

In the context of publication, the Declaration says

Researchers, authors, sponsors, editors and publishers all have ethical obligations with regard to the publication and dissemination of the results of research.

In my opinion, the final responsibility for ethical publication should rest with journal editors.

If you are talking about US regulations, the Common Rule defines research as

systematic investigation, including research development, testing and evaluation, designed to develop or contribute to generalizable knowledge

The simple fact that someone purchased a license to use protected data does not tell us if it is research or not. If it's a case study (not systematic), or if the results are intended to be kept secret (not contributing to generalizable knowledge), then regulations might not require IRB approval. If it's not research, regulations do not require research ethics.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .