Confidentiality is the protection of personal information and data. In a research setting, this means safeguarding the identity of research participants and any sensitive data they provide. It includes controlling access to identifiable information, limiting its use to agreed purposes, and using secure procedures for collection, storage, analysis, and sharing

Confidentiality is grounded in the prima facie duty of researchers and health professionals not to reveal information entrusted to them by participants or patients without their permission. It arises from an implicit or explicit agreement to safeguard confidential or secret information and is central to maintaining trust in the researcher–participant and patient–physician relationship. Confidentiality is more specific than privacy: while privacy concerns a person’s general interest in controlling access to themselves and their data, confidentiality refers to the obligation of those who receive information to keep it from unauthorized disclosure. In research, strong promises of confidentiality are often essential to recruit participants, especially when topics are sensitive or potentially stigmatizing. Breaches of confidentiality can cause direct harm to participants, damage trust in researchers and institutions, and undermine public confidence in research.

Doctoral StudentResearcher

- Research participants, whose safety, dignity, and trust depend on secure handling of their data.

- Undergraduate and graduate students, doctoral students, and early-career researchers who design and conduct studies and must learn good data-handling practices.

- Senior researchers and supervisors, who set standards, mentor junior colleagues, and are accountable for research integrity.

- Research ethics committees and institutions, which must provide frameworks, training, and infrastructure that support confidentiality.

Good practice in confidentiality in research involves a combination of ethical, legal, and technical measures.

- Informed consent: Clearly explain what data will be collected, how it will be used, who will have access, how long it will be stored, and under what conditions it might be shared or disclosed. Obtain explicit consent for audio/video recording, data linkage, or secondary use where relevant.

- Data minimization and de-identification: Collect only the personal data that are necessary for the research aims, and remove or code direct identifiers as early as possible (e.g., names, addresses, ID numbers). Use pseudonymization or anonymization to reduce re-identification risk, especially before data sharing.

- Secure storage and access control: Store identifiable data on secure, password-protected systems or encrypted devices, with access limited to authorized team members who need the data for their role. Avoid using personal email or unsecured cloud services for identifiable information.

- Clear confidentiality limits: Explain any legal or ethical limits to confidentiality (e.g., mandatory reporting of imminent harm, child abuse, or serious crime) in participant information materials, so that participants have realistic expectations.

- Data management planning: Develop and follow a data management plan that specifies retention periods, conditions for archiving or sharing data, and procedures for secure destruction of identifiers when no longer needed.

- Training and institutional support: Institutions should provide policies, training, and technical support to help researchers comply with data protection laws and good practice in confidentiality.

Examples can be found on The Embassy of Good Science, where theme pages and cases illustrate how researchers handle confidentiality challenges in practice, such as working with vulnerable groups, online data, or highly sensitive topics.