Industrial and Organizational Psychology, 4 (2011), 479–481.Copyright © 2011 Society for Industrial and Organizational Psychology. 1754-9426/11

Safeguarding Access and SafeguardingMeaning as Strategies for AchievingConfidentiality

ERICH C. FEIN AND CAROL T. KULIKUniversity of South Australia

As noted by Saari and Scherbaum (2011),privacy and confidentiality is one of threegeneral themes included in the BelmontReport. Although privacy and confidential-ity are related terms, privacy refers to theprotection of individuals, whereas confi-dentiality refers to the protection of data(Sieber, 1992). The protective mechanismsexemplified by the Safe Harbor princi-ples or Saari and Scherbaum’s professionalpractice guidelines are intended to protectresearch participant privacy because pri-vacy violations expose individuals to harmor can raise their risk of harm. However,researchers protect participant privacy pri-marily by managing the confidentiality ofparticipants’ data.

We propose that two of the professionalpractice guidelines proposed by Saari andScherbaum—develop policies and protectidentity—are the most relevant to managingconfidentiality. These guidelines connectto two distinct strategies used to achieveconfidentiality: safeguarding access andsafeguarding meaning. We further suggestseveral important criteria for judging whento apply these strategies, which include thenumber of individuals who have access toidentified data, the length of time the data

Correspondence concerning this article should beaddressed to Erich C. Fein.E-mail: erich.fein@unisa.edu.au

Address: School of Management, University ofSouth Australia, GPO Box 2471, North Terrace,Adelaide, SA 5001, Australia

must be held in an identified state, and theinterests of multiple stakeholders.

Strategies to AchieveConfidentiality

The first strategy of safeguarding access isthe approach adopted by most organiza-tions with respect to their human resourceinformation systems. Identified employeedata is collected and stored over long peri-ods of time, and the risk of privacy violationsis managed by restricting access to thedata. For example, the organization mightdevelop a policy that limits data accessonly to human resource professionals or tothe senior management team. Safeguardingaccess may be the only feasible approachwhen sensitive data are stored for long peri-ods and must be used by many legitimatestakeholders.

The alternative strategy (safeguardingmeaning) manages the risk of privacy viola-tions by encrypting the identification infor-mation connecting research participants totheir stored data. This is the approachused by academic researchers who attachunique researcher-generated or respondent-generated codes to multilevel, multisource,or longitudinal data. The use of codes maybe best suited to contexts in which onlya small set of clearly defined stakehold-ers need access to identified data. Ideally,only the immediate research team (and inthe case of respondent-generated codes,the research participant) will know how

479

480 E.C. Fein and C.T. Kulik

to interpret a code so that data can bematched across data collections over a rel-atively short period of time.

Researchers should recognize that when-ever data exist in an identified form partici-pants are exposed to higher risk. Therefore,in choosing between safeguarding accessor safeguarding meaning as strategiesfor protecting participant confidentiality,researchers should consider the range ofstakeholders who might need access toidentified data (many stakeholders, safe-guard access; few stakeholders, safeguardmeaning). In addition, if multilevel, mul-tisource, or longitudinal data collectionswill be permanently stored as unidentifiedrecords in a single dataset, the amount oftime researchers will need to temporarilystore identified records should be consid-ered (long time needed, safeguard access;short time needed, safeguard meaning).

Considering the Interests ofMultiple Stakeholders

Preferences for strategies that safeguardaccess or safeguard meaning may differacross stakeholders. When conductingmultilevel, multisource, or longitudinalresearch, an academic researcher needsto match data across data collectionsand sources. Research designs that attachrespondents’ identifying information to dataoften make university ethics committeesvery uncomfortable (Kulik, 2011), and sothe academic researcher is likely to beencouraged to safeguard meaning by usingcodes that encrypt the participant’s iden-tity. However, if the researcher is engagedin collaborative research with an industrypartner, the partner is more likely to befamiliar with strategies that safeguard accessand may find codes to be unnecessarilycumbersome. Unfortunately, there is lit-tle empirical research investigating whetherethics committees are likely to judge anindustry partner’s policies about safeguard-ing access as adequate protection of dataconfidentiality. Even more important is thatthere is little empirical research investi-gating whether research participants prefer

strategies that safeguard access or safeguardmeaning (Sieber, 2004) and whether thesepreferences depend on who is conductingthe research.

When government agencies are the onescollecting data, understanding the reactionsof ethics committees and research partic-ipants may be further complicated. Forexample, government agencies will oftentake a two-step approach of first workingwith identifiable data within a constrainedresearch team and later stripping the data ofits identifiers when it is made available toa broader set of researchers. This approachgenerates a very high level of confiden-tiality when the data reach their terminalstate, and this may reassure university ethicscommittees, research participants, and thegeneral public about maintenance of partic-ipant privacy. However, these actions alsoconstrain future research opportunities.

Once the data are stripped of theiridentifiers, researchers cannot reassemblerecords in new configurations to answerunanticipated questions. For example, datacollected from family members may nolonger be able to be matched to a commonhousehold unit, and data collected from thegeneral public may no longer be able tobe matched by neighborhood or politicaldistrict. If data are to be used to addressresearch questions unspecified at the timeof data collection, there may be a relativelyshort window of opportunity to generateappropriate data configurations. Thus thereis a direct trade-off between protectingparticipant privacy and preserving the data’sfuture utility. Researchers should, therefore,recognize the consequences of a strategicshift from a policy that safeguards access toidentified data to a policy that safeguardsmeaning by removing unique identifiers.The latter policy may expand researcheraccess to the data while simultaneouslyconstraining the research questions that thedata can address.

Thus, the choice between the strategiesof safeguarding access and safeguardingmeaning relies on several criteria: thenumber of individuals who will have accessto identified data, the length of time the

Strategies for achieving confidentiality 481

data will be held in an identified state,and the interests of multiple stakeholders.We suggest that research attention befocused on reactions to these strategies fromresearch participants, ethics committees,and other relevant stakeholders.

ReferencesKulik, C. T. (2011). Climbing the higher moun-

tain: The challenges of multilevel, multisource,

and longitudinal research designs. Managementand Organization Review. doi: 10.1111/j.1740-8784.2011.00226.x.

Saari, L. M., & Scherbaum, C. A. (2011). Identifiedemployee surveys: Potential promise, perils, andprofessional practice guidelines. Industrial andOrganizational Psychology: Perspectives on Sci-ence and Practice, 4, 435–448.

Sieber, J. E. (1992). Planning ethically responsibleresearch: A guide for students and internal reviewboards. Newbury Park, CA: Sage.

Sieber, J. E. (2004). Empirical research on researchethics. Ethics & Behavior, 14, 397–412.