search

publiclab / wherewebreathe

wherewebreathe.org
2 stars 7 forks source link

IRB Approval #17

Open shapironick opened 10 years ago

shapironick commented 10 years ago

I'm working on the IRB approval form now.

I'm not sure about this question, as I guess it depends on finance. Any quick sugestions? "How long will the data be stored? And how will it be eventually destroyed?"

Also I'm wondering what terminology I should use about how we are ensuring security of our data.

Thanks!

jywarren commented 10 years ago

Well, we can archive it forever, if we want. I think it's more of a privacy question and perhaps one related to how long we think the data may be able to affect public discourse.

Regarding security, we'll be doing SSL for the website, we can spec out more details on it, and we'll be encrypting the disk and closely controlling access to the machine. The security risk to be really careful about will probably be when it's downloaded for analysis by Nicole et al?

Due to the tight budget, we did not put aside budget money for a security audit but perhaps we could get one pro-bono. This is another reason to think about doing a phase 2 before a "real" launch, so we can devote the right amount of attention and resources to the issue.

On Tue, Jun 24, 2014 at 7:08 PM, shapironick notifications@github.com wrote:

I'm working on the IRB approval form now.

I'm not sure about this question, as I guess it depends on finance. Any quick sugestions? "How long will the data be stored? And how will it be eventually destroyed?"

Also I'm wondering what terminology I should use about how we are ensuring security of our data.

Thanks!

— Reply to this email directly or view it on GitHub https://github.com/publiclab/wherewebreathe/issues/17.

shapironick commented 10 years ago

Thanks Jeff! This is really helpful. Doing phase II before going live seems really helpful.

I can ask the technical team here at the Citizen Sense Lab if after work some time I can trade them some beers for a security audit.

I'm wading through the ethics form now. I'll probably finish a draft on Friday and send it to Nicole for her additions and then will post a copy here.

We will need to insure, however feebly, that users are over 18. Maybe a check box on the registration page? Can we assume that ‘vulnerable persons’ (e.g. with learning difficulties or with severe cognitive disability) will be unable to find our website and participate in our study? As we would also need added precautions for vulnerable persons.

On the privacy page I think we may need a few more lines about how we can use the data that is shared just with the WWB research team. Something like "Data will be used in scholarly publications and meetings. This data will mostly be shared with academic audiences in statistical form, but if individual stories are discussed an additional pseudonym will be used so as not to identify user names."

Also they may ask us to make sure users know that they are free to withdraw from the project at any time and without having to give a reason. We will need some sort of button that moves the users from the privacy page into the survey. We should think about how to word that button so the IRB will be happy but also so it doesn't sound overly ominous like most IRB forms.

On Wed, Jun 25, 2014 at 4:52 PM, Jeffrey Warren notifications@github.com wrote:

Well, we can archive it forever, if we want. I think it's more of a privacy question and perhaps one related to how long we think the data may be able to affect public discourse.

Regarding security, we'll be doing SSL for the website, we can spec out more details on it, and we'll be encrypting the disk and closely controlling access to the machine. The security risk to be really careful about will probably be when it's downloaded for analysis by Nicole et al?

Due to the tight budget, we did not put aside budget money for a security audit but perhaps we could get one pro-bono. This is another reason to think about doing a phase 2 before a "real" launch, so we can devote the right amount of attention and resources to the issue.

On Tue, Jun 24, 2014 at 7:08 PM, shapironick notifications@github.com wrote:

I'm working on the IRB approval form now.

I'm not sure about this question, as I guess it depends on finance. Any quick sugestions? "How long will the data be stored? And how will it be eventually destroyed?"

Also I'm wondering what terminology I should use about how we are ensuring security of our data.

Thanks!

— Reply to this email directly or view it on GitHub https://github.com/publiclab/wherewebreathe/issues/17.

— Reply to this email directly or view it on GitHub https://github.com/publiclab/wherewebreathe/issues/17#issuecomment-47120633 .

jywarren commented 10 years ago

Great - can you copy your thoughts on the privacy page and the signup form into their respective github issues? Thanks.

On Thu, Jun 26, 2014 at 4:39 AM, shapironick notifications@github.com wrote:

Thanks Jeff! This is really helpful. Doing phase II before going live seems really helpful.

I can ask the technical team here at the Citizen Sense Lab if after work some time I can trade them some beers for a security audit.

I'm wading through the ethics form now. I'll probably finish a draft on Friday and send it to Nicole for her additions and then will post a copy here.

We will need to insure, however feebly, that users are over 18. Maybe a check box on the registration page? Can we assume that ‘vulnerable persons’ (e.g. with learning difficulties or with severe cognitive disability) will be unable to find our website and participate in our study? As we would also need added precautions for vulnerable persons.

On the privacy page I think we may need a few more lines about how we can use the data that is shared just with the WWB research team. Something like "Data will be used in scholarly publications and meetings. This data will mostly be shared with academic audiences in statistical form, but if individual stories are discussed an additional pseudonym will be used so as not to identify user names."

Also they may ask us to make sure users know that they are free to withdraw from the project at any time and without having to give a reason. We will need some sort of button that moves the users from the privacy page into the survey. We should think about how to word that button so the IRB will be happy but also so it doesn't sound overly ominous like most IRB forms.

On Wed, Jun 25, 2014 at 4:52 PM, Jeffrey Warren notifications@github.com

wrote:

Well, we can archive it forever, if we want. I think it's more of a privacy question and perhaps one related to how long we think the data may be able to affect public discourse.

Regarding security, we'll be doing SSL for the website, we can spec out more details on it, and we'll be encrypting the disk and closely controlling access to the machine. The security risk to be really careful about will probably be when it's downloaded for analysis by Nicole et al?

Due to the tight budget, we did not put aside budget money for a security audit but perhaps we could get one pro-bono. This is another reason to think about doing a phase 2 before a "real" launch, so we can devote the right amount of attention and resources to the issue.

On Tue, Jun 24, 2014 at 7:08 PM, shapironick notifications@github.com wrote:

I'm working on the IRB approval form now.

I'm not sure about this question, as I guess it depends on finance. Any quick sugestions? "How long will the data be stored? And how will it be eventually destroyed?"

Also I'm wondering what terminology I should use about how we are ensuring security of our data.

Thanks!

— Reply to this email directly or view it on GitHub https://github.com/publiclab/wherewebreathe/issues/17.

— Reply to this email directly or view it on GitHub < https://github.com/publiclab/wherewebreathe/issues/17#issuecomment-47120633>

.

— Reply to this email directly or view it on GitHub https://github.com/publiclab/wherewebreathe/issues/17#issuecomment-47200960 .

shapironick commented 10 years ago

Done! Sorry about that. Was deep in IRB form land.

shapironick commented 9 years ago

The e-consent that apple is using in its apps http://sagebase.org/e-consent/

making people worried http://www.theverge.com/2015/3/10/8177683/apple-research-kit-app-ethics-medical-research

shapironick commented 9 years ago

@jywarren at the bottom of this page are the slide's to apple's health research consent that i mentioned on the call today http://sagebase.org/e-consent/

it is making people worried http://www.theverge.com/2015/3/10/8177683/apple-research-kit-app-ethics-medical-research

jywarren commented 9 years ago

Yikes, indeed. It's a good thing we're coming at this from a community angle, but if we later try to generalize the tools in this codebase, we should be sure our principles are baked into it really solidly. I imagine the risk is that although communities with symptoms could really use this, it may also seem like a recruitment tool to people who are structuring research studies.

In terms of how to achieve that, transparency is an important baseline, but it's not enough - the architecture of the site itself has to protect people and their data, and to warn people not to participate if they're not comfortable.

On Mon, May 4, 2015 at 4:20 PM, shapironick notifications@github.com wrote:

@jywarren https://github.com/jywarren at the bottom of this page are the slide's to apple's health research consent that i mentioned on the call today http://sagebase.org/e-consent/

it is making people worried http://www.theverge.com/2015/3/10/8177683/apple-research-kit-app-ethics-medical-research

— Reply to this email directly or view it on GitHub https://github.com/publiclab/wherewebreathe/issues/17#issuecomment-98837971 .

shapironick commented 9 years ago

Agreed!