Hostname: page-component-84b7d79bbc-l82ql Total loading time: 0 Render date: 2024-07-27T14:44:19.521Z Has data issue: false hasContentIssue false
  • English
  • Français

Statute-Based Protections for Research Participant Confidentiality: Implications of the US Experience for Canada

Published online by Cambridge University Press:  16 November 2018

Ted Palys ,
James L. Turk  and
John Lowman
Ted Palys
Affiliation:
School of Criminology Simon Fraser Universitypalys@sfu.ca
James L. Turk
Affiliation:
Centre for Free Expression Faculty of Communications and Design Ryerson Universityjim@jameslturk.com
John Lowman
Affiliation:
School of Criminology Simon Fraser Universitylowman@sfu.ca
Get access
Rights & Permissions [Opens in a new window]

Abstract

Many types of vital research require protection of communication and information provided confidentially by research participants. In Canada, apart from information collected under the Statistics Act, the only option is a common law balancing test that creates uncertainty insofar as law is made after the fact. This paper explores the option of statute-based protection from the outset. It examines two such protections that have been in place in the United States for decades—revealing their strengths and weaknesses and how they may be applied in the Canadian context.

Résumé

De nombreux types de recherches essentiels nécessitent la protection des communications et des renseignements fournis de manière confidentielle par les participants à la recherche. Au Canada, hormis l’information recueillie en vertu de la Loi sur la statistique, la seule option est un test d’équilibre fondé sur la common law et qui crée une incertitude dans la mesure où la loi se constitue a posteriori. Cet article explore l’option d’une protection fondée en loi dès le départ. Il examine deux de ces protections qui existent aux États-Unis depuis des décennies – révélant leurs forces et leurs faiblesses et la manière dont elles peuvent être appliquées dans le contexte canadien.

Keywords

research ethicsresearch confidentialitystatute-based privilegecertificates of confidentialityprivilegeWigmoreresearch shield lawéthique de la rechercheconfidentialité de la rechercheprotection fondée en loicertificats de confidentialitéprivilègeWigmoreloi sur la protection de la recherche
Type
Articles
Information
Canadian Journal of Law and Society / La Revue Canadienne Droit et Société , Volume 33 , Issue 3 , December 2018 , pp. 381 - 400
Copyright
Copyright © Canadian Law and Society Association / Association Canadienne Droit et Société 2018 

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

Researchers in a wide variety of academic disciplines are taught that ensuring the confidentiality of communications in the researcher-participant relationship is essential to the acquisition of valid and reliable data. The need to ensure confidentiality is particularly acute when disclosure of information could bring harm to participants through public humiliation, loss of social position, loss of employment, loss of insurability, or incarceration.Footnote 1 Researchers also are reminded of the negative consequences that would result if research participants could no longer trust them to preserve confidentiality. As Canada’s Tri-Council Policy Statement: Ethical Conduct for Research Involving Humans (TCPS2) explains, “Breaches of confidentiality may harm the participant, the trust relationship between the researcher and the participant, other individuals or groups, and/or the reputation of the research community.”Footnote 2

In 1994, the Vancouver Coroner was the first legal authority in Canada to issue a subpoena to a researcher and ask him to divulge information that had been shared by a research participant under a condition of “absolute confidentiality” in a bona fide university-approved project. Simon Fraser University (SFU) researcher Russel Ogden was willing to testify about the general findings of his research but refused on ethical grounds to reveal identifying information about his participants. He was threatened with a charge of contempt of court if he did not. The episode ended when the researcher claimed a public interest privilege, and the Coroner accepted arguments and evidence that showed the researcher–participant relationship in that particular research project met the Wigmore criteriaFootnote 3—a test for determining on a case-by-case basis whether communications should be privileged and thereby exempted from being entered as evidence in a particular case.Footnote 4

Although the SFU case arose during a Coroner’s inquiry, legal challenges to research confidentiality occur more commonly in the context of criminal or civil trials. They arise because lawyers decide that having access to certain information will help their clients, either to bolster their cases or undermine those of their adversaries. Sharing general information not tied to a particular source is generally seen as acceptable by researchers, who often willingly share such information when they assist the courts as expert witnesses. Problems arise when information is sought regarding “identifiable data,” i.e., the identities of participants or information that can be tied to a particular participant. It is at that point when ethics (i.e., the duty to protect research participant confidentiality) and law (the court’s desire to have all relevant information before it) may conflict.

Limits to Common-Law Protection via Wigmore

Researchers are forced to claim a “public interest privilege” in such situations because there are no statute-based protections for researchers other than those at Statistics Canada.Footnote 5 They do so by invoking the Wigmore test on behalf of participants, the Supreme Court of Canada having deemedFootnote 6 that test to be the most appropriate measure of whether a socially valued relationship should be considered privileged in a particular case. Case-by-case claims of this sort have been made for various relationships—therapist-clientFootnote 7 and priest-penitent,Footnote 8 for example—though there is no guarantee that making the claim will result in the court recognizing the privilege. The burden of proof in each instance is on the individual making the claim to show why the court should recognize the privilege in the case at hand.

There are various reasons why claiming privilege through Wigmore is a welcome possibility. First is simply that it is the only mechanism researchers have for claiming a privilege and creating a situation where ethics and law coincide.Footnote 9 Because it is available to all researchers, it allows them to exert significant control over their methods, chart their own ethical course, and anticipate the evidentiary requirements of the Wigmore test in their research methods.Footnote 10

Also, there now have been seven potential legal challenges from third parties in Canada. Four of those made it to a hearing and resulted in a formal written court decision regarding research-participant privilege; two of the other subpoenas were withdrawn, and one led to an exchange in a Coroner’s Court that did not jeopardize research confidentiality. In each decision that resulted in a hearing, the court recognized a researcher-participant privilege and reaffirmed the importance of research for society generally and the courts in particular. Although the number of cases is small, they reflect a wide variety of situations in which research confidentiality might be challenged. Four involved Russel Ogden. The 1994 SFU case involved a subpoena issued to Ogden in the context of a Coroner’s Inquiry. In 2003 Ogden was subpoenaed a second time—in a criminal trial of a person for aiding and abetting a suicide. Although that subpoena was withdrawn in 2003, Ogden received a third subpoena in relation to the same trial in 2004. In 2014 Ogden received a fourth subpoena, this time again related to a coroner’s inquest.

In 2013, the lawyer for two University of Ottawa criminologists who study sex workers was served a search warrant by police seeking interview transcripts involving the accused in a murder trial, who had been a participant in the criminologists’ research.Footnote 11 In 2015, a former graduate student from Université du Québec à Montréal (UQAM) was scheduled to testify as an expert witness in relation to her research on wind farms. The defendants in that case sought all the original data on which her opinion would be based.Footnote 12 More recently, when a University of Western Ontario researcher was serving as an expert witness as part of a Charter challenge involving transgender identity,Footnote 13 the Crown sought her raw data, including the identity of her research participants, ostensibly to verify and challenge the conclusions she drew from her national survey of transgender youth.

In every case that resulted in a written decision, the court recognized research-participant privilege, thereby protecting research confidentiality. If such positive decisions were to continue in case after case, then a situation could arise that Wigmore envisioned—the gradual creation of a “class” privilege. Most significant about class privilege is how it shifts the burden of proof. Once a class privilege is awarded by the courts, the privilege is thereafter assumed, and the onus is on those who seek disclosure to demonstrate why the privilege should be set aside.

But there is a down side to trying to protect confidentiality via the Wigmore criteria. Although the courts have recognized a privilege in four cases thus far, Wigmore’s fourth criterion—in which the court balances its need for the information to settle the legal issues at hand against the harm that would be done to the researcher-participant relationship if a disclosure were ordered—brings uncertainty. Law is effectively made after-the-fact on a concrete set of circumstances arising in a specific legal case that may not have been foreseeable when the research was first designed. Who, for example, would have predicted that an interview-based study of people living close to power-generating windmills would end up in a class action law suit years later, with the researcher, who was willing to serve as an expert witness, caught in the legal crossfire?Footnote 14 Who could have foreseen that an interview with a sex worker would be sought by police five years later with the individual accused of a heinous murder?Footnote 15 For the ethical researcher, a miscalculation could mean incarceration for contempt of court, which is what happened to two researchers in the United States.Footnote 16 And although court decisions have gone very well in both Canada and the United States, one always can imagine small shifts in case facts that could sway the balance toward an order for disclosure.Footnote 17

Invoking the Wigmore criteria and defending research participant interests on a case-by-case basis in court also requires institutional support, which has been less than dependable in Canada thus far. In the SFU Ogden case, Simon Fraser University revelled in the attention his work was receiving from the media until the subpoena arrived, at which point the university administration placed its own perceived needs for liability and image management ahead of its mandate to conduct research and protect the interests of the researcher and his participants.Footnote 18 In contrast, when Ogden received the second of two further subpoenas years later when doing research under the auspices of Kwantlen Polytechnic University (KPU), that institution’s immediate legal support led to prosecutors withdrawing the subpoena once and for all without a hearing being necessary.

Subsequent changes in the TCPS2 have clarified that institutions are obliged to provide independent legal support to researchers when confidentiality is challenged.Footnote 19 Observers thus were surprised when the next challenge arose, and the University of Ottawa behaved much as SFU had done—initially offering only a few hundred dollars for preliminary legal advice and otherwise leaving the researchers to fend for themselves in a case where the final legal bill ran into the hundreds of thousands.Footnote 20 The next subpoena, to a former graduate student at UQAM, was met with similar distancing until a colleague of the researcher informed the mainstream media, whose articles were followed by an apparent UQAM change of heart.Footnote 21 It was not until the most recent case—involving a researcher from the University of Western Ontario (UWO)—that an institution would live up to its obligations when a case made it to trial. Although representation was provided by the agency that had brought forth a Charter challenge and was bringing forward the researcher as an expert witness, UWO indicated it was willing to fund the defence and would step in and fund any appeal that might arise.Footnote 22

Are Statute-Based Protections a Better Alternative?

Rather than hoping for a day when a class privilege will be recognized, there is a possible alternative—statute-based protection, such as the Certificates of Confidentiality and Privacy Certificates that have existed in the United States for over four decades.

Many have argued that a researcher-participant privilege should be protected by a research shield law. Palys and Lowman argued so in the wake of the controversy at SFU.Footnote 23 The Social Science and Humanities Working Committee on Research Ethics (SSHWC)—a committee appointed by the Presidents of the granting agencies to advise them on revision of the TCPS—made the same recommendation in both an early briefing noteFootnote 24 and their final recommendations.Footnote 25 In part as a follow-up to those recommendations, the presidents of the Canadian granting agencies solicited input from scholarly associations in Canada and received three submissions—from the Canadian Psychological Association, the Canadian Law and Society Association, and the Canadian Historical Association. The first two were highly supportive of statute-based protections, while the third saw both positives and negatives.Footnote 26 More recently, a national survey of Research Ethics Board Chairs and ethics administrators included a question about whether the respondent would support the development of statute-based protections for research confidentiality in Canada. In response, forty (54.8%) said they would support such an initiative, while thirty-two (43.8%) said they may support such an initiative, depending on what it would look like. Only one (1.4%) respondent dismissed statute-based protections for Canadian researchers as a bad idea.Footnote 27

But are statute-based protections any better for researchers and participants than relying on the Wigmore criteria when legal challenges arise? The SSHWC’s briefing paper concluded: “If PRE [the Interagency Advisory Panel on Research Ethics] decides to recommend to the Presidents of the Granting Councils that they pursue and promote the development of made-in-Canada Confidentiality Certificates, there will be much work required to make them a reality. Certainly, an examination and discussion awaits regarding how they will be constructed, who will administer them, and how they will fit into Canada’s existing evidentiary framework.”Footnote 28

Although unique aspects of Canada’s legal system preclude any wholesale adoption of another nation’s mechanisms, scrutiny of other systems provides examples from which to begin, and a set of criteria by which to evaluate prospective alternatives. Below we describe some of the origins of and similarities/differences between the two mechanisms. We then examine the evaluation literature to see what lessons might be learned from the US experience, consider alternative mechanisms that might work best in the Canadian legal and regulatory landscape, and conclude with an inventory of principles the US experience suggests should be followed or avoided.

Certificates of Confidentiality

In the late 1960s, many war veterans were returning from Vietnam with addictions. With recreational drug use also growing rapidly across the United States in the cultural transitions happening at that time, there was strong interest in understanding these developments. Health practitioners recognized that such research would be impossible if participants had to worry about police becoming interested in their responses in order to prosecute them. Accordingly, in 1970, the US Congress amended the Public Health Service Act with section 301, the Comprehensive Drug Abuse Prevention and Control Act. This authorized the Secretary of Health and Human Services to allow “persons engaged in research on the use and effects of drugs to protect the privacy of individuals who are the subject of such research by withholding from all persons not connected with the conduct of such research the names or other identifying characteristics of such individuals.”Footnote 29 The primary focus was on protecting identity: “Persons so authorized to protect the privacy of such individuals may not be compelled in any federal, state or local civil, criminal, administrative, legislative or other proceedings to identify such individuals.”

Certificates of Confidentiality (CoCs) are distributed through the National Institutes of Health (NIH). Their range of coverage has increased dramatically since their inception. An early choice was to make certificates available to any researcher, not just those that the NIH funded. In 1974, eligible research was expanded to include studies of alcohol and other psychoactive drugs, and mental health issues.Footnote 30 In 1988, the range of topics was further diversified to include all “health” research. And in March 2002, as part of its policy to encourage widespread use of CoCs, the NIH decentralized their issuance throughout all the various Institutes, setting up an online information “kiosk” as a centralized information resource. Beskow et al. state that “NIH currently issues approximately 1000 new Certificates each year;”Footnote 31 those who do apply are rarely refused.Footnote 32

Privacy Certificates

While CoCs are allocated for “health” research, Privacy Certificates (PCs) offer statute-based protection for criminological research through the Omnibus Crime Control and Safe Streets Act of 1976. Although both protections are statute-based, the two share little in their focus and implementation. In contrast to the CoCs’ emphasis on protecting identity, for example, PCs focus on protecting “identifiable information,” i.e., information that can be connected to a specific source.

The two also differ with respect to who is eligible to apply. While CoCs are potentially available to any researcher engaged in “health” research regardless of who funds it, PCs are available only to researchers funded by the Department of Justice and its ancillary agencies. All Department of Justice–funded researchers must submit plans that articulate the measures they will take to ensure confidentiality of any identifiable data will be maintained. Upon approval, that plan has statute-based protection.Footnote 33 In contrast, CoCs are “voluntary” in the sense that a researcher must apply for one.Footnote 34

CoCs also allow more flexibility. While researchers are both ethically and legally obliged to protect research participant identity and are not bound by mandatory reporting laws, they are nonetheless permitted to make “voluntary disclosures” if they feel professionally and/or ethically bound to report certain behaviours (e.g., child abuse) as long as they warn prospective participants about those exceptions during the consent process. PCs, on the other hand, have one obligatory exception—the certificates do not protect the participant when/if specific details about planned future crime are revealed—but otherwise permit no disclosure for any reason unless the participant expressly waives the privilege.Footnote 35

Further differences exist in how the two types of certificates are distributed and administered. CoCs involve a highly decentralized system in which each of the NIH’s twenty-eight institutes and affiliated agencies is responsible for making decisions about the appropriateness of certificates based on applications that are initiated by individual researchers in consultation with the Institute. In contrast, all PCs are administered by a single employee at the National Institute of Justice and a small number of employees at other agencies within the Office of Justice Programs, which is part of the US Department of Justice.Footnote 36

Lessons Learned

The bourgeoning literature evaluating statute-based protections provided an opportunity to scrutinize the US experience with these protections. We first compiled as many such articles and reports as we could find. We also contacted senior administrators for both CoCs and PCs in the United States to ensure our compilation included any evaluations that may have been conducted in-house. These articles and reports were then imported into NVivo, a software program created for qualitative data analysis. We followed an inductive approach to identifying themes and issues as we encountered them in the literature.

Although there were many specific sub-themes, all can be grouped under two broader sets of concerns. First are legal ones. Given that both CoCs and PCs were created as legal buffers to protect those who participate in research, considerable ink has flowed in the analysis of the legal sufficiency of both mechanisms and their ability—actual and hypothetical—to realize that protection when challenged. The second set of considerations are “social,” as they refer to the various social processes—among researchers, between institutional review boards (IRBs) and university administrations, within the legal community, and within both the NIH and National Institute of Justice (NIJ)—that appear to facilitate or inhibit the use of both types of protection. We examine each of these sets of issues in turn.

Legal Issues

The Sound of Silence

One desirable outcome of creating statute-based protections, and a measure of their success, is that they are rarely required in court. Third party requests for disclosure do not occur because either (a) the would-be requester is convinced of the statute-based protection’s power and never asks; or (b) asks but withdraws as soon as the protection is brought to their attention. PCs have never even been challenged in court in their more than forty years of existence.

Wolf and ZandeckiFootnote 37 interviewed nineteen researchers who were protected under a CoC, two of whom had received subpoenas. Both successfully blocked them. Most others said the CoCs had been “useful” either in warding off potential challenges, or simply by allowing them “to sleep better at night.”

In a national study of IRB Chairs, Haney-Caron et al. found “some Chairs” said that lawyers are deterred when their inquiries are greeted with a CoC.Footnote 38 Their interviews with legal counsels for research institutions revealed that more than half had received inquiries on CoC-protected studies. In more than half of those cases, the matter ended quickly when the lawyer making the inquiry withdrew after being told there was a Certificate. Wolf et al. found much the same when they interviewed legal counsels:

[O]ne respondent said, “It provides that under no circumstance do you provide information to anybody in any way, shape or form.” Similarly, another respondent replied, “[the Certificate] is basically a ‘I don’t have to talk to you’ card for subpoenas, for law enforcement investigations, for agency investigations and the like.”Footnote 39

But Wolf et al. also were told about “several cases” where some data were disclosed, either because the participant decided to waive privilege, or a mutually agreeable resolution was negotiated.

Statute-Based Protections in Court

Even acknowledging the general propensity for litigiousness in the United States, and the dozens of cases in which confidentiality has been challenged,Footnote 40 the likelihood of any given research project and its pledges of confidentiality ending up in court is relatively small. The number of cases in which CoCs are involved represents an even smaller subset of those.

When CoCs have been tested, the jurisprudence illustrates early decisions in the framing of the protection have enduring implications for the mechanism’s ability to protect research participants. The emphasis for the initial version of CoCs was on the protection of the identity of drug user research participants. In such cases, knowing someone was a participant immediately told you they were involved in criminal behaviour (illicit drug consumption) and an addict as well, i.e., identity and information were partly synonymous.Footnote 41

And indeed, the first case involving CoCsFootnote 42 hinged on whether identities should be revealed. A woman who witnessed a homicide believed she recognized the perpetrator as a fellow research participant at a methadone-maintenance facility. A grand jury subpoena was served on the program director, who was ordered to produce pictures of all clients who matched the general description of the perpetrator. The Director refused, citing the “protection of identity” provisions of the CoC he held, and the New York State Court of Appeals agreed.Footnote 43 Notably, both sides at trial accepted that the CoCs offered “absolute” protection, and the Court’s decision referred to them that way. Although petitioned, the Supreme Court declined to hear the case.

The defendant in a second relevant case, People v. Still,Footnote 44 was charged with possession of methadone. Still admitted to the possession, but argued he was entitled to possess the drug because of his participation as a research subject at a methadone clinic.Footnote 45 However, when asked to produce all of Still’s records as further verification of the claim, the clinic refused, asserting that the CoC they held precluded their surrender of Still’s records.Footnote 46 The court disagreed, stating that Still had effectively waived his “statutory right to anonymity” by disclosing his involvement in the research.Footnote 47

The potentially tenuous nature of CoC protection beyond identity was underscored further in a case referred to by Adinoff et al. Footnote 48 and Wolf et al.,Footnote 49 respectively, as “Connecticut Superior Court for Juvenile Matters (Case Name Redacted)” and “Juvenile Court Case.” Recall that CoCs allow researchers to make voluntary disclosures as long as they warn participants about these limitations. Researchers from Yale did just that in a study on the effects of abuse, neglect, and stress on brain development. Despite their possession of a Certificate, one researcher informed the Connecticut Department of Children and Families of a mother of four about whom the researcher held concerns regarding her ability to care for her children. The department sought the participant’s research records and the court agreed, noting that once the identity of the participant was disclosed by the researcher, their records were no longer protected. As Adinoff et al. summarize, “Again, the courts found that voluntary disclosure of the research subject’s identity, either by the subject or the investigator, negated the protections offered by the Certificate.”Footnote 50

A more recent case of relevance is North Carolina v. Bradley.Footnote 51 Mr. Bradley was charged with statutory rape. His attorney subsequently discovered that a prosecution witness had participated in a CoC-protected study by the Duke University Health System (DUHS) and requested a subpoena that ordered DUHS to produce “any and all documents from the Great Smoky Mountain Study recording, reflecting or referencing any statement by [the witness] mentioning or describing any abuse of her.”Footnote 52 The DUHS refused, asserting that doing so would violate the terms of the CoC they held. Although the trial judge had ordered that DUHS produce the documents and give the defense attorney access to them, the North Carolina Court of Appeal disagreed, citing an earlier case to the effect that, “Just because defendant asks for an in camera inspection does not automatically entitle him to one. Defendant still must demonstrate that the evidence sought to be disclosed might be material and favorable to his defense.” In the end, the opposite was determined to be true: the subpoena was essentially a fishing expedition. Without access, the defence could offer nothing suggesting that the information in the documents would be materially relevant at trial. The appeal was allowed and the subpoena quashed.

Although the decision—avoiding broad disclosure—was consistent with the intention of CoCs, it spurred a glass-half-full/glass-half-empty debate. Those who found North Carolina v. Bradley problematic expressed several concerns about the decision. For example, Beskow et al. Footnote 53 noted the trial judge never did rule on the scope of CoC protections, unlike People v. Newman,Footnote 54 where the decision referred to CoCs as providing “absolute confidentiality.” In Beskow et al.’s view, the omission of a parallel framing in Bradley created uncertainty about the status of CoCs. The Court of Appeal would later reverse the decision and reprimand the trial judge, but for Haney-Caron et al.,Footnote 55 the damage was already done when the trial judge permitted some disclosure. Finally, the case also led several observers to ask “what if?”—particularly, “What if the trial judge had determined the information sought was indeed material?”Footnote 56 That would create the scenario where a statute-based protection could be in conflict with an accused person’s constitutional right to a fair trial. If that were to happen, the two competing rights presumably would require the same sort of balancing exercise one faces with the fourth Wigmore criterion, with the same uncertainty that comes with law effectively being created after the fact.

Right versus Right

Questions about competing rights can arise in both civil and criminal cases. The glass-half-empty view is that the rights of research participants will always pale in comparison with other rights. With respect to the constitutional right to a fair trial, for example, the prevailing assumption of the critics appears to be that the constitutionally-guaranteed right would take precedence.Footnote 57 In contrast, Gunn and Joiner suggest observers of these developments should take a deep breath and understand that nothing has been lost: “Because Bradley did not specifically address the protections offered by Certificates of Confidentiality, the decision establishes no precedent (one way or the other) on the issue. The only precedent we are aware of is that established by People v. Newman, 32 N.Y.2d 379 (1973), in which the New York Supreme Court upheld the authority of Certificates of Confidentiality. Notably, the Bradley decision never cited Newman.”Footnote 58

Researchers who contribute to the literature on CoCs and PCs seem to have paid little if any attention to the parallel jurisprudence that exists in the non-CoC/non-PC world over claims to privilege that are invoked via the common law. That literature leads us to reject any notion that other rights, including such important and constitutionally protected rights as the right to a fair trial, will “always” trump researcher-participant privilege.Footnote 59 The claim here is not the opposite—that research participant rights will win in every case—but rather that, if researchers do their job appropriately, it will take an extremely important right and a demonstration that there is no other way to get the information necessary to displace it.Footnote 60

Even Statute-Based Protections Must Be Defended

As the above suggests, having a CoC does not preclude the prospect of having to defend one’s pledge of confidentiality in court. Although one hopes merely revealing one’s CoC will be successful in pre-empting legal challenges or causing them to be withdrawn, and PCs were successful in that regard in every instance, researchers and institutions still must be prepared to meet those few challenges that reach court. The major gain is a shift in the burden of proof—the onus now would be on the person who sought disclosure to demonstrate why the privilege should be set aside—but researchers still need to know what to do (other than merely showing their CoC) if confidentiality is challenged. It also means that institutions still need to have policies in place that outline what their response will be when such challenges arise, and to be willing to engage a legal defense.Footnote 61

There is also the possibility that institutions and researchers may perceive the challenge in different ways. As Beskow et al. explained in the wake of the Bradley decision: “[A] Certificate is granted to the research institution, not the PI [principal investigator], and their interests may not be identical. In [the Bradley] case, the PI felt a moral obligation to protect participants’ data; DUHS agreed and was willing to go to court. But an institution could decide that a costly legal battle is unwarranted or might be unwilling to defy court-ordered disclosure, even if the PI wants to do so.”Footnote 62 Certainly, that has been the case in Canada, where three of the first four cases to reach trial involved research institutions that initially balked at the challenge.Footnote 63

This also raises the question of who should retain control of the data. If the institution is the holder of the Certificate, does that mean the university administration has control over the data? What would happen if the institution were prepared to hand over the information while the researcher would refuse, even if threatened with a charge of contempt, as happened in the Boston College case?Footnote 64 Unlike in the United States, Canada’s federal ethics policyFootnote 65 has specific provisions for avoiding institutional conflicts of interest that presumably would extend to ownership and control of the data, but that policy has yet to be tested in this regard. Ultimately, control over data ideally will remain with the researcher because it is only by retaining control that researchers can live up to whatever ethical commitments they undertook while securing informed consent.Footnote 66

Social Issues

In addition to the legal issues that pervade statute-based protections in the United States, there are also “social” issues—relations among key actors who are affected by the way that CoCs and PCs are administered.

Voluntary Disclosures

Although the stated purpose of both CoCs and PCs is to protect research participants by ensuring that researchers are not obliged to disclose information in any legal proceedings, CoCs allow for voluntary disclosures by researchers in the event they feel morally and/or professionally compelled to limit their pledge of confidentiality. The NIH Certificate of Confidentiality kiosk outlines several possibilities for disclosure, including disclosures the study participant has already agreed to (e.g., for insurers, employers); voluntary disclosure of such things as child abuse or threats to self or others; voluntary compliance with state laws that otherwise would require disclosure; and/or release of information if required for audit.Footnote 67

While some researchers appreciate the discretion CoCs permit with respect to disclosures, this discretion may undermine CoCs in two ways. First, they create variability in terms of confidentiality protection, i.e., in what is covered and what is not. Second, broader variability means more time for processing, which various observers see as (unfortunately) giving an incentive for researchers to simply get on with the research without making an application for a CoC and without the level of protection for which one is legitimately eligible.Footnote 68

The open-endedness that CoCs allow in terms of “permissible disclosures” creates the very uncertainty their critics decry. When a researcher can invoke any superseding value as a reason to create a limit to confidentiality and allow disclosure, researchers transform the “absolute” confidentiality that appears to have been assumed (in People v. Newman) into something less—a confidentiality that is desirable but negotiable and subject to the claims of competing interests. But if researchers can invoke exceptions, why would a court not allow itself the same luxury?

PCs, in contrast, do not permit such disclosures.Footnote 69 The only information that is “not protected” by PCs pertains to the commission of future crime.Footnote 70 However, “future crime” is a broad category that can include anything from being a nuisance to serial murders. We are unaware of any US jurisprudence or advice from the Department of Justice as to where the bar might be set to determine the circumstances in which disclosure would be either required or permissible.

Availability and Voluntariness

The decentralization of CoCs, coupled with the creation of online information kiosks soon after the advent of the Internet, were part of a sustained effort by the NIH to ensure CoCs were available to a broad array of research projects. The literature acknowledges that was a positive decision and that broader availability is an advantage that CoCs hold over PCs. On other dimensions, however, CoCs may create almost as many problems as they solve. For example, as Melton noted, the voluntary aspect of CoCs invites inconsistency between researchers: “The most obvious gap is that issuance of certificates is discretionary. Researchers often do not know that such certificates are available even for research that is not federally funded. If they do not know about the possibility, they may fail to grasp the risk of compelled disclosure of data, or they may simply not wish to invest the time in applying for a certificate.”Footnote 71

One might hope that the situation would have improved since Melton’s 1990 article, which was written before there was an Internet and thus before the NIH information kiosk was established, but CurrieFootnote 72 was raising the same concern a decade later, as were Wolf et al. Footnote 73 another decade after that.

This inconsistency plays out at the IRB level as well. Although many IRBs post information about CoCs on institution web sites, many others do not, and knowledge about certificate eligibility and what a certificate does and does not do is inconsistent across institutions. As Beskow et al. note in their study of IRB Chairs: “IRBs may not be using Certificates for the entire range of studies that are eligible for them. … Available data suggest that applications for Certificates are rarely denied. Even so, a number of chairs who participated in our study expressed a narrow conception of Certificates as being meant only (or primarily) for studies that collect information about illegal behavior.”Footnote 74

Haney-Caron et al. found much the same: “The vast majority of IRBs report use of Certificates at their institutions, though many IRB chairs seem to hold misconceptions about Certificates and their legal ramifications.”Footnote 75

Implications for Prospective Statute-Based Protections in Canada

How does the US experience inform the development of statute-based protections in Canada? A primary issue is where and how the statute would be lodged and implemented. At least two possibilities exist. While a detailed consideration of these possibilities is beyond the scope of the current paper, we advance them here briefly for discussion.

One possibility is to create an amendment to the Canada Evidence Act. This was the route taken for augmenting protection of journalists’ sources in the Journalist Source Protection Act. The protection the JSPA offers is not “absolute,” but rather created a shift of onus: journalist sources will be protected unless there is no other way to get the information and “the public interest in the administration of justice outweighs the public interest in preserving the confidentiality of the journalistic source,”Footnote 76 i.e., similar to the balancing called for in the fourth criterion of the Wigmore test.

A second possibility is to deal with the issue via separate privacy legislation with oversight to be provided by Canada’s Privacy Commissioner. We see this as a potentially productive option insofar as it allows for legislation to be created specific to academic research, but through an existing legislative structure that already has a mandate for the protection of personal information.

Observers may suggest other possibilities as the two offered here are by no means exhaustive. A more comprehensive examination of their respective advantages and disadvantages is warranted.

Locus of Administration

Regardless of which mechanism is used, considerations arise as to how access to such protections would be administered. One lesson from the US experience with CoCs and PCs is that centralization of administration is preferable to decentralization in order to ensure consistency in both application submission and coverage. Canada’s system of ethics regulation makes this feasible. Unlike in the United States, where ethics authorities reside in various pieces of legislation and policy, Canada has one ethics policy statement,Footnote 77 with one institutional authority responsible for its implementation—the three granting agencies and their Presidents—with the Secretariat and Interagency Advisory Panel on Research Ethics (PRE) providing interpretive and educational support. In addition, organizations such as the Canadian Association of Research Ethics Boards (CAREB) maintain an ongoing interaction with the Secretariat and play a significant role in organizing educational events to keep REB Chairs and Offices of Research Ethics current with respect to ongoing and developing issues. These ongoing interactions provide a forum informing REBs about procedures and obtaining feedback about how they are working.

Protections Should Be Automatic and Required

A second lesson is that automatic acquisition of the protection is preferable to voluntary application to ensure all research participants who are eligible for the protection receive it. This could be done in Canada through the current regulatory process, whose structures and mechanisms are guided in universities and other research institutions by the TCPS. Simply protecting all research funded by one of the three granting agencies would be a good place to start; other research could receive one on the recommendation of the REB following ethics review.

Researchers using other funding sources would be directed by their REBs to apply as a condition of approval if they meet a certain criterion—identifiable information being gathered—which would create an umbrella of privacy protection over the project and reflect acceptance of the principle that participants are the only ones who can decide whether their information is to be disclosed.

Beyond Identification to Identifiable Information

The legal ambiguity that arose in some of the US cases reviewed above suggests that the historical decision in regards to CoCs to protect only participant identity was short-sighted. The better approach is to protect identifiable information. The few Canadian cases we have seen thus far underscore this concern. The PC model appears superior in this regard: researchers outline what they will do to protect the privacy of their participants’ identifiable information. That plan is given a statute-based approval, which means that it cannot be used in any legal proceeding whatsoever unless participant specifically waive their right and allow or seek disclosure.

One Permissible Disclosure

The one permissible exception for disclosure would be the same as PCs allow in the United States—future crime. While that disclosure is open-ended in the United States, jurisprudence in Canada already sets a standard for the circumstances under which such a disclosure might be permissible. The case of Smith v. Jones Footnote 78 involved an application by a psychiatrist to set aside the lawyer-client privilege under which his assessment of an accused was covered. During assessment, the psychiatrist became convinced that the accused was highly likely to maim or murder sex workers on a particular Vancouver stroll, and wanted the court to consider this information during sentencing.

Despite the potential threat, several Justices were reluctant to justify any disclosure because of concern that any short-term gain in security might be “illusory” if it led potentially dangerous individuals to avoid seeking therapy. In the end, the Supreme Court outlined three criteria that must be met for a disclosure to be permissible when there is a duty of confidentiality: (1) the prospective event must involve serious injury or death; (2) there must be a clearly defined target; and (3) the event must be imminent (as opposed to a vague plan). We highlight the word “permissible” here, as the Court did not create a requirement. If a disclosure were to be made, the court specified that care must be taken not to undermine any other rights or interests of the individual, i.e., by keeping the disclosure to the minimum necessary to prevent the horrific event. The standard articulated in Smith v. Jones clearly applies to the research context as well; the court refers to solicitor-client privilege at one point as “the highest privilege recognized by the courts,” and suggests that, “By necessary implication, if a public safety exception applies to solicitor-client privilege, it applies to all classifications of privileges and duties of confidentiality.”Footnote 79

Preparing for Challenges Nonetheless

The TCPS, from its inception, has insisted that REBs exist organizationally at arm’s length from University administrators, and that any legal advisers who assist REBs in their review cannot be lawyers for the university in order to avoid institutional conflicts of interest. The principle is also relevant to legal representation for challenges to research confidences. PRE’s recent clarification of Article 5.1 of TCPS2 affirms that researchers are expected to resist challenges to research confidentiality and that universities “shall support their researchers” in maintaining those promises.Footnote 80 The statement clarifies that institutions are obliged to provide support, entailing two requirements: (1) that “support” involves providing legal representation; and (2) that this representation must be independent of the institution and its lawyers.

Even with statute-based protections in place, the literature regarding CoCs and PCs suggests that universities and other research institutions nonetheless should have a plan in place for how they will respond to legal threats to research confidentiality.Footnote 81 In Canada, PRE’s clarification of Article 5.1 expresses a similar aspiration: “[Each institution] under whose auspices or within whose jurisdiction such research is being conducted should establish a policy that explains how it will fulfill its responsibilities to support its researchers. The policy should include an explanation of the nature and the scope of the support, a mechanism to determine the level of support in individual cases, the source of funding (e.g., dedicated fund, insurance, agreement with professional association) and any other relevant criteria. The institution should establish such a policy in collaboration with its researchers.”Footnote 82

And yet, a recent national surveyFootnote 83 found only one university in Canada had developed a policy that met these criteria. Clearly there is more to be done.

Discussion and Conclusions

Researchers access highly personal information that volunteer research participants give them in order to advance knowledge. In return, researchers have promised to ensure no harm will befall participants for doing so. The question is how best to protect them.

The one existing option in Canada is to invoke privilege on a case-by-case basis in common law, with the hope it might one day evolve into a class privilege. It is certainly possible, as there is a case to be made.Footnote 84 Decisions to date in Canada have shown the courts appreciate the value of social research and understand the potentially disastrous consequences if research participants can no longer trust that what they tell us will not come back to bite them. But there are downsides to that strategy. The onus of proof is always on the researcher, creating the scenario where the researcher has to justify acting ethically, and must muster the defence with institutional support as soon as the subpoena, search warrant, or order arrives. University administrators have been the weakest link in the chain thus far, shirking their responsibility to support researchers and participants as often as they have lived up to it. However, formal PRE/Secretariat interpretations of the TCPS clarify that independent legal support by university administrators is obligatory. Nonetheless, in the event of a miscalculation, there is the prospect of researchers being incarcerated for contempt of court if they maintain the confidentiality pledge that allowed the data to be collected in the first place. The opportunity for that occurs because of the uncertainty created by the fourth Wigmore criterion, where law is made after the fact in circumstances that may or may not have been foreseeable when the research was designed and confidentiality promises made. Those who would limit their pledge must also limit what they ask so as not to be exploitive and expose the participant to the risk of harm for the researcher’s benefit.

This more reactive model of privacy protection may have worked well when individual researchers maintained control over their data and managed their own ethical course. While many academics still work that way, many others operate in a research environment emphasizing interdisciplinary and multi-site research teams enabled by digital technologies allowing instant communication and centralized data servers. Control over data comes to rest with a broader group. As Chris Bruckert reflected after her experience with the University of Ottawa when police sought her research records, with the Wigmore model confidentiality is only as strong as the weakest link in the team.Footnote 85 And although digital software to facilitate every aspect of the research process has never been more powerful, in the contemporary world we also must realize that anything digital and internet-connected is also potentially hacked and inherently insecure.Footnote 86

The role of researchers has also been gradually shifting over the last several decades. Community partnerships are now encouraged and commonplace, as is dissemination of our work to policy makers and the general public. For example, the SFU researcher who received that first subpoena from the Vancouver Coroner was in the limelight after becoming the premiere expert in North America who could bring facts to the debate over assisted suicide and share these with a fact-starved media as well as Parliamentary committees considering changes in the law.Footnote 87 The University of Ottawa researchers who received a search warrant had gathered precisely the type of information on sex workers that informed the Supreme Court’s decision-making in the Bedford case.Footnote 88 The UWO researcher who was subpoenaed and asked to disclose all the data she gathered from a national survey of vulnerable transgender health was in court as an expert witness in a Charter challenge case.Footnote 89 The more academics are in the public eye, the more those with other interests may seek disclosure of information gathered in confidence in the service of those interests.

An alternative suggested by an advisory committee (SSHWC), several scholarly associations, and the vast majority of REB Chairs and ethics administrators would see the development of a statute-based privilege to address these challenges. Researchers and participants would have some degree of certainty that the information they share is protected for anything but the rarest of circumstances. More importantly, the burden of proof would be on those who seek disclosure, which would minimize fishing expeditions and rote subpoenas that, just by their existence, can rattle participant communities, as Bruckert found when the Magnotta search warrant arrived.Footnote 90 It also would ensure that, even if data were somehow hacked, they could not be used in court to the detriment of the participant.

While two ways such a privilege might be enacted were suggested—an amendment to the Canada Evidence Act or the creation of privacy legislation to be overseen by the Privacy Commissioner—the possibilities deserve much more discussion. Our focus at this point was to see what could be learned from the US experience with statute-based protections, specifically the Certificates of Confidentiality offered by NIH for some “health” research and the Privacy Certificates managed by the Department of Justice and NIJ for some criminological research. Generally speaking, the US literature showed both CoCs and PCs to be effective mechanisms, although there are differences that can inform consideration of statute-based protections in Canada. Some of the more important elements include the following:

  • the statute should protect both research-participant identity and identifiable information;

  • permissible disclosures should be limited to future crime, with Smith v. Jones locating the bar for the minimal criteria that might make the disclosure permissible;

  • protections should be as automatic as possible after ethics review to ensure researchers do not avoid applying for protection because of lengthy delay; grant holders might receive the protection automatically while others could apply through their REB;

  • the administration of these protections should be centralized, which is eminently possible in Canada through the existing network of the Secretariat, REBs, and CAREB.

  • notwithstanding the existence of statute-based protections, researchers and institutions need to be prepared to defend challenges to the protection, so policies need to be in place specifying the nature of that protection.

If Canadian statute-based protection for research confidentiality is to be achieved, it will require PRE, the Secretariat and the Presidents of the granting agencies to take up the issue by continuing the discussion they began during the TCPS revision process that resulted in TCPS2.Footnote 91 This article has aspired to facilitate and contribute to that process.

References

1 Canadian Institutes of Health Research (CIHR), Natural Sciences and Engineering Research Council of Canada (NSERC), and Social Sciences and Humanities Research Council of Canada (SSHRC), Tri-Council Policy Statement: Ethical Conduct for Research Involving Humans (Government of Canada, 2014). <http://www.pre.ethics.gc.ca/pdf/eng/tcps2-2014/TCPS_2_FINAL_Web.pdf>

2 Ibid.

3 Palys, Ted and Lowman, John, “Ethical and legal strategies for protecting confidential research information,” Canadian Journal of Law and Society 15, no. 1 (2000), 3980;CrossRefGoogle Scholar “Inquest of Unknown Female,” October 20, 1994. Oral reasons for judgment of the Honourable L. W. Campbell , 91-240-0838, Burnaby, B.C.

4 The Wigmore criteria originally appeared in Wigmore, John Henry, A Treatise on the System of Evidence in Trials at Common Law, Including the Statutes and Judicial Decisions of All Jurisdictions of the United States, England, and Canada (Boston: Little, Brown and Company, 1905).CrossRefGoogle Scholar They require that: (1) The communications must originate in a confidence that they will not be disclosed; (2) This element of confidentiality must be essential to the full and satisfactory maintenance of the relation between the parties; (3) The relation must be one which in the opinion of the community ought to be sedulously fostered; and (4) The injury that would inure to the relation by the disclosure of the communications must be greater than the benefit thereby gained for the correct disposal of litigation (italics in the original).

5 Statistics Canada researchers and their participants are protected through a statute-based privilege outlined in the Statistics Act. See especially section 18 at <http://laws-lois.justice.gc.ca/eng/acts/S-19/FullText.html>

6 See R. v. Gruenke, [1991] 3 S.C.R. 263.

7 M. (A.) v. Ryan, [1997] 1 S.C.R. 157.

8 R. v. Gruenke, [1991] 3 S.C.R. 263

9 See, for example, Jackson, Michael and MacCrimmon, Marilyn, Research Confidentiality and Academic Privilege: A Legal Opinion (Burnaby, BC: Simon Fraser University, June 7, 1999). <http://www.sfu.ca/∼palys/JackMacOpinion.pdf>Google Scholar

10 Researchers should do this when a disclosure could bring harm to a participant; those criteria within the researcher’s control are relatively easy to address. See Palys and Lowman, “Strategies,” supra note 3.

11 Palys, Ted and MacAlister, David, “Protecting research confidentiality via the Wigmore criteria: Some implications of Parent and Bruckert v The Queen and Luka Rocco Magnotta,” Canadian Journal of Law and Society 31, no. 3 (2016): 473–93.CrossRefGoogle Scholar

12 Peters, Diane, “Quebec researcher in legal fight over research confidentiality,” University Affairs (July 2017). <http://www.universityaffairs.ca/news/news-article/quebec-researcher-legal-fight-research-confidentiality/>Google Scholar

13 Peters, Diane, “Another case involving research data confidentiality hits the courts,” University Affairs (April 2017). <http://www.universityaffairs.ca/news/news-article/another-case-involving-research-data-confidentiality-hits-courts/>Google Scholar

14 Ibid.

15 Palys and MacAlister, “Implications,” supra note 11.

16 See Popkin, Samuel, “Interview with Samuel Popkin,” in The price of dissent: testimonies to political repression in America , ed. Schultz, Bud and Schultz, Ruth (Berkeley: University of California Press, 2001), 339–47;Google Scholar Scarce, Richard, “(No) trial (but) tribulations: when courts and ethnography conflict,” Journal of Contemporary Ethnography, 23 (1994): 123–49.CrossRefGoogle Scholar

17 Palys and MacAlister, “Implications,” supra note 11.

18 Blomley, Nicholas and Davis, Steven, Russel Ogden decision review, (1998). <http://www.sfu.ca/∼palys/ogden.htm>Google Scholar

19 Article 5.1 of TCPS2 states that, “Institutions shall support their researchers in maintaining promises of confidentiality.” See CIHR et al., TCPS2, supra note 1.

20 “Complaint Targets uOttawa for Failure to Defend Confidentiality,” CAUT/ACPPU Bulletin 60, no. 6 (2013). <https://bulletin-archives.caut.ca/bulletin/articles/2013/06/complaint-targets-uottawa-for-failure-to-defend-confidentiality>; see also Palys, Ted and Lowman, John, Protecting Research Confidentiality: What Happens When Law and Ethics Collide (Toronto: Lorimer, 2014).Google Scholar The University of Ottawa eventually agreed to pay half.

21 Peters, “Quebec Researcher,” supra note 13.

22 Peters, “Another case,” supra note 12.

23 Palys and Lowman, “Strategies,” supra note 3; Palys, Ted and Lowman, John, “Protecting research confidentiality: Towards a research-participant shield law,” Canadian Journal of Law and Society, 21, no. 1 (2006), 163–85.CrossRefGoogle Scholar

24 SSHWC, A Briefing Note to PRE Regarding Statute-Based Protections for Research Participant Privacy and Confidentiality, prepared for PRE and the presidents of the granting agencies (2005). <https://www.sfu.ca/∼palys/SSHWC-CCBriefingNote-2005-Final.pdf>>Google Scholar

25 SSHWC, SSHWC Recommendations Regarding Privacy and Confidentiality, prepared for PRE and the presidents of the granting agencies (2008). <http://www.pre.ethics.gc.ca/eng/archives/policy-politique/reports-rapports/sshwc-ctsh/#Back15>>Google Scholar

26 Responses from the three associations are quoted at some length in Palys and Lowman, Protecting Research Confidentiality, supra note 20.

27 Ivers, Aaren, “Without trust, research is impossible”: Administrative inertia in addressing legal threats to research confidentiality, Unpublished Master’s thesis, SFU School of Criminology (2017). <http://summit.sfu.ca/item/17470>>Google Scholar

28 SSHWC, Briefing note, supra note 24, at p. 6.

29 Adinoff, Bryon, Conley, Robert R., Taylor, Stephan F., and Chezem, Linda L., “Protecting confidentiality in human research,” American Journal of Psychiatry 170 no. 5 (2013), 466–70.CrossRefGoogle Scholar

30 Ibid.

31 Beskow, Laura M., Check, Devon K., Namey, Emily E., Dame, Lauren A., Lin, Li, Cooper, Alexandra, Weinfurt, Kevin P., and Wolf, Leslie E., “Institutional review boards’ use and understanding of Certificates of Confidentiality,” PLOS One 7, no. 9 (2012), 110.CrossRefGoogle Scholar

32 Wolf, Leslie E., Zandecki, Jola, and Lo, Bernard, “The Certificate of Confidentiality application: A view from the NIH institutes,” IRB: Ethics & Human Research 26 no. 1 (2004), 1418.CrossRefGoogle Scholar

33 Reatig, Natalie, “Confidentiality Certificates: A measure of privacy protection,” IRB: Ethics & Human Research 1 no. 3 (1979), 14 and 12;CrossRefGoogle Scholar Watson, Cheryl Crawford, DOJ Privacy Certificates, Presentation to the Secretary’s Advisory Committee on Human Research Protections (10 July 2013). <https://www.hhs.gov/ohrp/sites/default/files/ohrp/sachrp/mtgings/2013%20Jul%20Mtg/pptcertificatesofconfidentialitybywatson.pdf> ;+;>Google Scholar Wolf, Leslie E., Patel, Mayank J., Tarver, Brett A. Williams, Austin, Jeffrey L., Dame, Lauren A., and Beskow, Laura M., “Certificates of Confidentiality: Protecting human subject research data in law and practice,” The Journal of Law, Medicine & Ethics 43 no. 3 (2015), 594609.Google Scholar

34 Wolf, Leslie E. and Zandecki, Jola, “Sleeping better at night: Investigators’ experiences with Certificates of Confidentiality,” IRB: Ethics & Human Research 28 no. 6 (2006), 17.Google Scholar

35 Watson, DOJ Privacy Certificates, supra note 33.

36 Cheryl Crawford Watson, JD, has been that one person at NIJ for well over a decade. We thank her for helping us better understand Privacy Certificates and how they are implemented.

37 Wolf and Zandecki, “Sleeping better at night,” supra note 34.

38 Haney-Caron, Emily, Goldstein, Naomi E.S., and DeMatteo, David, “Safe from subpoena: The importance of Certificates of Confidentiality to the viability and ethics of research,” Akron Law Review 48 (2015), 349–82.Google Scholar

39 Wolf, Leslie E., Dame, Lauren A., Patel, Mayank J., Williams, Brett A., Austin, Jeffrey A., and Beskow, Laura M., “Certificates of Confidentiality: Legal counsels’ experiences with and perspectives on legal demands for research data,” Journal of Empirical Research on Human Research Ethics 7 no. 4 (2012), 19, at 4.CrossRefGoogle Scholar

40 For example, see Cecil, Joe S. and Wetherington, Gerald T., eds., Court-Ordered Disclosure of Academic Research: A Clash of Values of Science and Law, Special edition of Law and Contemporary Problems 59 no. 3 (1996);Google Scholar Lowman, John and Palys, Ted, “The ethics and law of confidentiality in criminal justice research: A comparison of Canada and the United States,” International Criminal Justice Review 11 no. 1 (2001), 133;CrossRefGoogle Scholar Palys and Lowman, Protecting Research Confidentiality, supra note 20.

41 See also Wolf et al., “Protecting data in law and practice,” supra note 33 on this point.

42 People v. Newman, 32 N.Y.2d 379 (1973).

43 See Adinoff et al., “Protecting confidentiality,” supra note 29; Marshall, Mary Faith, Menikoff, Jerry, and Paltrow, Lynn M., “Perinatal substance abuse and human subjects research: Are privacy protections adequate?” Mental Retardation and Developmental Disabilities Research Reviews 9 (2003), 5459;CrossRefGoogle Scholar Stiles, Paul G. and Petrila, John, “Research and confidentiality: Legal issues and risk management strategies,” Psychology, Public Policy and Law 17 no. 3 (2011), 333–56;CrossRefGoogle Scholar Wolf et al., “Protecting data in law and practice,” supra note 33.

44 People v. Still 48 A.D.2d 366 (1975).

45 Adinoff et al., “Protecting confidentiality,” supra note 29.

46 Wolf et al., “Protecting data in law and practice,” supra note 33.

47 Haney-Caron et al., Safe from subpoena, supra note 38.

48 Adinoff et al., “Protecting confidentiality,” supra note 29.

49 Wolf et al., “Protecting data in law and practice,” supra note 33.

50 Adinoff et al., “Protecting confidentiality,” supra note 29 at p. 468.

51 State of North Carolina v. John Trosper Bradley, 179 N.C. App. 551 (N.C. Ct. App. 2006).

52 Ibid, at p. 1.

53 Beskow, Laura M., Dame, Lauren, and Costello, E. Jane, “Certificates of confidentiality and compelled disclosure of data,” Science 322 (14 November 2008), 1054–55;CrossRefGoogle Scholar Beskow, Laura M., Dame, Lauren, and Costello, E. Jane, “Response,” Science 323 (6 March 2009), 1289–90.Google Scholar

54 People v. Newman, supra note 42.

55 Haney-Caron et al., “Safe from subpoena,” supra note 38.

56 For example, Ibid.; Stiles and Petrila, “Legal issues,” supra note 43.

57 Beskow et al., Response, supra note 53; Haney-Caron et al., “Safe from subpoena,” supra note 38.

58 Gunn, Patrick P. and Joiner, Scott D., “Certificates should be strengthened,” Science 323 (6 March 2009), 1289.CrossRefGoogle Scholar

59 Lowman and Palys, “Confidentiality in criminal justice research,” supra note 40; Palys and Lowman, Protecting Research Confidentiality, supra note 20.

60 Jackson and MacCrimmon, Legal Opinion, supra note 9.

61 Adinoff et al., “Protecting confidentiality,” supra note 29; Beskow et al., “Certificates of confidentiality and compelled disclosure,” supra note 53; Beskow et al., “Institutional review boards,” supra note 31; Haney-Caron et al., “Safe from subpoena,” supra note 38; Wolf et al., “Legal counsels’ experiences,” supra note 39.

62 Haney-Caron et al., “Safe from subpoena,” supra note 38.

63 Palys, Ted and Ivers, Aaren, “‘Hope for the Best, Plan for the Worst’: Understanding administrative inertia in developing confidentiality protection policies,” Journal of Empirical Research into Human Research Ethics, in press .Google Scholar

64 Palys, Ted and Lowman, John, “Defending research confidentiality ‘to the extent the law allows’: Lessons from the Boston College subpoenas,” Journal of Academic Ethics 10 no. 4, (2012), 271–97.CrossRefGoogle Scholar

65 CIHR et al., TCPS2, supra note 1.

66 Palys, Ted and Lowman, John, “A Belfast Project Autopsy: Who can you trust?” in Qualitative Ethics in Practice, ed. Tolich, Martin (Walnut Creek, California: Left Coast Press, 2015), 109–19.Google Scholar

67 21 U.S.C. 301 et seq. See https://humansubjects.nih.gov/coc/faqs#general-info

68 Beskow et al., “Response,” supra note 53; Currie, Peter M., “Balancing privacy protections with efficient research: Institutional review boards and the use of Certificates of Confidentiality,” IRB: Ethics & Human Research 27 no. 5 (2005), 712.;CrossRefGoogle Scholar Wolf and Zandecki, “Sleeping better at night,” supra note 34; Wolf et al., “Protecting data in law and practice,” supra note 33.

69 <https://www.nij.gov/funding/humansubjects/Pages/welcome.aspx>

70 28 CFR Part 22.20(c) states, “The regulations do not apply to information gained regarding future criminal conduct.” See <https://www.law.cornell.edu/cfr/text/28/22.20>.

71 Melton, Gary B., “Certificates of Confidentiality under the Public Health Service Act: Strong protection but not enough,” Violence and Victims 5 no. 1, (1990), 6771, at 68.CrossRefGoogle Scholar

72 Currie, “Balancing privacy protections,” supra note 68.

73 Wolf et al., “Protecting data in law and practice,” supra note 33.

74 Beskow et al., “Institutional review boards,” supra note 31.

75 Haney-Caron et al., “Safe from subpoena,” supra note 38, at 358.

76 <https://www.parl.ca/DocumentViewer/en/42-1/bill/S-231/royal-assent>

77 CIHR et al., TCPS2, supra note 1.

78 Smith v. Jones, [1999] 1 S.C.R. 455.

79 Ibid, at para. 44.

80 <http://www.pre.ethics.gc.ca/eng/policy-politique/interpretations/privacy-privee/>

81 Wolf et al., “Protecting data in law and practice,” supra note 33, at 602.

82 PRE interpretation, supra note 80.

83 Palys and Ivers, “Hope for the Best, Plan for the Worst,” supra note 63.

84 See, for example, Palys and Lowman, Protecting Research Confidentiality, supra note 20.

85 Bruckert, Christine, Wrong case, right decision: Lessons learned at the University of Ottawa, Paper presented at the School of Criminology, Simon Fraser University, 2015.Google Scholar

86 Palys, Ted, The cost of free: Implications of contemporary Internet governance for the future of criminological research , Paper presented at the annual meetings of the Western Society of Criminology, Vancouver, BC, 2016. Speaking notes https://www.sfu.ca/∼palys/WSC-2016-TheCostOfFree.pdf>Google Scholar

87 Palys and Lowman, Protecting Research Confidentiality, supra note 20.

88 Palys and MacAlister, “Implications,” supra note 11.

89 Peters, “Another case,” supra note 12.

90 Bruckert, Wrong case, right decision, supra note 85.

91 CIHR et al., TCPS, supra note 1.