Confidentiality

Do I have to take the survey?

• Participation in the survey is completely voluntary. Additionally, participants do not have to answer every question and can skip any questions they consider to be uncomfortable.

How is a respondent’s confidentiality protected?

• Confidentiality is vital to the success of campus climate research; particularly as sensitive and personal topics are discussed. While the survey cannot guarantee complete confidentiality because of the nature of multiple demographic questions, the consultant will take multiple precautionary measures to enhance individual confidentiality and the de-identification of data. No data already protected through regulation or policy (e.g., Social Security number, campus identification number, medical information) is obtained through the survey. In the event of any publication or presentation resulting from the assessment, no personally identifiable information will be shared.
• Confidentiality in participating will be maintained to the highest degree permitted by the technology used (e.g., IP addresses will be stripped when the survey is submitted). The survey is run  by RC via Qualtrics, whose servers are protected by high-end firewall systems and scans are performed regularly to ensure that any vulnerabilities are quickly found and patched. Qualtrics uses Transport Layer Security (TLS) encryption (also known as HTTPS) to protect transmitted data. Access to RC surveys is restricted and audited for compliance. In addition, the external consultant (RC) will not report any group data for groups of fewer than five individuals, which may be small enough to compromise confidentiality. Instead, RC will combine the groups to eliminate any potential identifiable demographic information. Additionally, any comments submitted in response to the survey will be separated at the time of submission to the consultant so they are not attributed to any individual demographic characteristics. Identifiable information submitted in qualitative comments will be redacted and the college will only receive these redacted comments.
• Participation in the survey is completely voluntary, and participants do not have to answer any question and can skip any other questions they consider to be uncomfortable.
• Information in the introductory section of the survey will describe the manner in which confidentiality will be guaranteed, and additional communication to participants will provide expanded information on the nature of confidentiality, possible threats to confidentiality and procedures developed to ensure de-identification of data.

What protections are in place for storage of sensitive data, including for future secondary use?

• Rankin Climate uses a research data security description and protocol, which includes specific information on data encryption, the handling of personally identifiable information, physical security and a protocol for handling unlikely breaches of data security. The data from online participants will be submitted to a secure server hosted by the consultant. All Rankin Climate analysts have CITI (Human Subjects) training and approval and have worked on similar projects for other institutions.
• The consultant has conducted more than 300 institutional surveys and maintains an aggregate merged database. The data from the Kent State project will be merged with all other existing campus data stored indefinitely on the consultant’s secure server. No institutional identifiers are included in the full merged data set held by the consultant. The raw unit-level data with institutional identifiers is kept on the server for six months and then destroyed. The consultant will notify the committee chairs of any breach or suspected breach of data security of the consultant’s server.
• The consultant will provide the primary investigator with a data file at the completion of the project.