🤷‍♂️ Reject or tag surveys that may contain PII or sensitive information

[JamesPHoughton]

Almost all data we collect can be released (anonymously) without any risk of re-identification or harm to the participant. Examples include multiple-choice questions, ranking/rating questions, and also open-response questions such as attention checks (e.g. "please summarize what was in the video...") or task-related activities (e.g. "how could this experience be improved?").

However, when a survey includes open-response questions about a participant's lived experience (e.g. "Describe a time when you felt ashamed"), there is a chance that participants might submit information that could identify them and link them to other sensitive data.

One way to deal with this would be to only include surveys here that can not contain PII. Another strategy would be to include a tag in the data extract to indicate that the survey should be treated as PII.

    {
      "surveyName": "experienceOfShame",
      "pii": true,
      // ...
      "responses": {
        "sensitiveOpenResponse": "When I lived at the Podunk Home for Troubled Youth...",
        // ... 
      },
    }

@markwhiting, what are your thoughts here?

[markwhiting]

OK, do we want this on the level of the survey or question? I could see us having surveys with mostly benign stuff and one sensitive question. Do we then flag the entire survey, or do we need some custom decision making to decide how to include those data in any public releases?

I think I'd lean toward a question (or response) level flag.

Otherwise I think this sounds good!

[JamesPHoughton]

Having the flag at the individual question level would be more flexible, I agree. I'm not sure how to implement it at the moment, let me think about that.