Skip to main content

What is the Difference Between Anonymity and Confidentiality?

IRB-WebGraphics 4Anonymity: Providing anonymity of information collected from research participants means that either the project does not collect identifying information of individual persons (e.g., name, address, email address, etc.), or the project cannot link individual responses with participants’ identities. A study should not collect identifying information of research participants unless it is essential to the study protocol. Anonymity cannot be guaranteed if any personally identifiable (PII) information will be collected.

Confidentiality: Maintaining confidentiality of information collected from research participants means that only the investigator(s) can identify the responses of individual participants. Regardless, the researchers must make every effort to prevent anyone outside of the project from connecting individual subjects with their responses.

How do I protect confidentiality?

If it is essential to collect and link identifying information (e.g., participants' names) to participants’ responses (e.g., questionnaire answers), research is not anonymous, and researchers must do their best to provide the utmost confidentiality of subject data. Some examples of practices that may be implemented to increase the level of confidentiality include:

  • Use study codes on data documents (e.g., completed questionnaire) instead of recording identifying information and keep a separate document that links the study code to participants’ identifying information locked in a separate location and restrict access to this document (e.g., only allowing primary investigators access);
  • Encrypt identifiable data;
  • Remove face sheets containing identifiers (e.g., names and addresses) from survey instruments containing data after receiving from study participants;
  • Properly dispose, destroy, or delete study data / documents;
  • Limit access to identifiable information;
  • Securely store data documents within locked locations; and/or
  • Assign security codes to computerized records.

Examples of Personally Identifiable Information (PII):

  • Name
  • Addresses
  • Employer's name or address
  • Relatives' names or addresses
  • Date (e.g., birthdate, date of death, etc.)
  • Phone / fax numbers
  • E-mail addresses
  • Social security numbers
  • Member / account numbers
  • Voiceprints
  • Fingerprints
  • Full face photos & comparable images