Data management must be done in accordance with the Tri-Council Policy Statement: Ethical Conduct for Research Involving Humans – TCPS 2 (2022). The Statement provides guidance with regard to aspects of research data management that involve humans, such as consent, privacy, and confidentiality; Indigenous rights; use of secondary data; and data linkage.
Any identifiable information—including a combination of information—about a person, or information that could allow a person to be identified, must be treated as confidential and may not be disclosed without the person's consent. In addition, information that is sensitive to security, commercial, or strategic issues may be declared confidential. Ideally, such information should not be stored on the cloud!
Designing a participant consent form
Anonymization and access control procedures
Controlling access to confidential information
Confidentiality