test page

This page may be relevant to you if your research:

  • involves human participants or information about individuals; 
  • will require you to collect, use and/or disclose (CUD) personal and/or identifiable information about an individual; 
  • uses information that is subject to specific privacy requirements. 

When planning your project, it is recommended that you discuss any requirements related to the collection, use, and/or disclosure of personal or identifiable information in your project with an information privacy professional. This page covers high-level concepts about information privacy in British Columbia, and may not include all information that is applicable to your specific research project.  

For assistance, please contact arc.support@ubc.ca

Information Privacy plays a crucial role in research data management. While often associated with health research, Information Privacy applies to any research projects that collect, use, and/or disclose (CUD) information considered personal, or identifiable about an individual.

In British Columbia, Information Privacy is primarily regulated by the BC Freedom of Information and Protection of Privacy Act (FIPPA) and the BC Personal Information Protection Act (PIPA). It is the responsibility of researchers to determine which legislation applies to their research data and comply with the requirements of this legislation.   

Planning Research with Privacy in mind  

Responsibility and Accountability 

When planning a research project involving personal and/or identifiable information, it is important that the stakeholders define who will be responsible and accountable for this information. Where applicable, responsibility and accountability should be made part of a legal agreement and/or consent document between the involved stakeholders, and clearly identify who is responsible/accountable for what information, how, and at which point in the project.

It is also important to define which privacy regulation(s) applies to the information CUD. Your research data may be subject to multiple regulatory bodies, especially if it crosses British Columbia’s borders.   

  • To learn more about the specifics of contract agreements and their legal implications, visit uilo.ubc.ca/researchers
  • For consent forms and responsibilities associated with the CUD of personal information, visit ethics.research.ubc.ca

1.

Identify The Purpose 

The purpose for which personal information is collected should first be identified and documented prior to initiating data CUD activities. Identifying the purpose helps you determine what personal information is required to fulfill that purpose. A justification of the purpose is required in some research documents like consent forms and data access requests.

2.

Obtain Informed Consent 

Whenever you plan on collecting, using, and/or disclosing personal or identifiable information about an individual for your research, you must obtain formal and informed consent from this individual first.

A formal and informed consent form should: 

  • Be meaningful
    • You must be able to tie each element of your information CUD to the purpose of your research.
  • Be clear and concise
    • Participants must be able to fully understand the nature, purpose, and consequences of what they consent to, but must not be overloaded with excessive details that could confuse their decision.
  • Include key details about CUD
    • By reading your consent form, participants should be able to identify what information will be collected, and how it will used, shared, stored, safeguarded, retained, and disclosed.
  • Clearly identify the associated risks
    • An informed consent should clearly indicate the meaningful risks, and/or consequences associated with the CUD of the personal or identifiable information about an individual.
  • Include a withdrawal procedure
    • Participants must be informed about how they can withdraw their consent, should they wish to do so.

The UBC Research Ethics Boards provides researchers with consent advice, guidelines and templates for use in research projects and these can be found at: ethics.research.ubc.ca.

3. 

Limit Collection

When collecting personal or identifiable information about an individual, you should limit this collection to only what is necessary to achieve the indicated purpose of your research project.   

4. 

Limit Information Use and Disclosure 

Both FIPPA and PIPA have very specific requirements about information use and disclosure within, and outside Canada. Personal or identifiable information about an individual should only be used or disclosed for the purpose for which it was obtained or compiled.  

When creating your Research Data Management plan, you should be able to clearly explain how you will be using the collected information. You should also be able to explain when, how, to whom, and why it may be disclosed (where applicable).  

Visit rdm.ubc.ca for more information.  

5.

Implement Best Practices

Additional Resources 

Definitions

Definitions for Personal Information, and Personal Health Information can be found in the Office of the CIO Glossary of terms. Further guidance on what constitutes Personal Information can be found on the UBC Office of the University Counsel website. 

For more information about Information Privacy for research, you may also consult:  

University-Industry Liaison Office (UILO) 
uilo.ubc.ca 
 

Office of the University Counsel 
universitycounsel.ubc.ca  
 

Office of the Chief Information Officer 
cio.ubc.ca  

Privacy Matters 
privacymatters.ubc.ca 

 

Advanced Research Computing signature UBC Support Programs to Advance Research Capacity

Part of the VP Research & Innovation portfolio

Advanced Research Computing

West Mall Annex 202, 1933 West Mall
Vancouver, BC Canada V6T 1Z2
E-mail arc.support@ubc.ca

UBC receives support for managing its research enterprise from the federal Research Support Fund.

UBC Crest The official logo of the University of British Columbia. Urgent Message An exclamation mark in a speech bubble. Caret An arrowhead indicating direction. Arrow An arrow indicating direction. Arrow in Circle An arrow indicating direction. Arrow in Circle An arrow indicating direction. Chats Two speech clouds. Facebook The logo for the Facebook social media service. Information The letter 'i' in a circle. Instagram The logo for the Instagram social media service. External Link An arrow entering a square. Linkedin The logo for the LinkedIn social media service. Location Pin A map location pin. Mail An envelope. Menu Three horizontal lines indicating a menu. Minus A minus sign. Telephone An antique telephone. Plus A plus symbol indicating more or the ability to add. Search A magnifying glass. Twitter The logo for the Twitter social media service. Youtube The logo for the YouTube video sharing service.