Confidentiality refers to maintenance of the investigator's agreement with the participant about how the participant's identifiable private information will be handled, managed, and disseminated. Privacy refers to persons and their interest in controlling access to themselves. Confidentiality refers to data; privacy refers to persons.

• Describe how will the data be collected, stored, used and shared. What kind of data--include specific descriptions (even include a list of database fields, when conducting research involving secondary analysis of existing datasets). How will the data be collected--via paper forms, or electronic forms over the internet, or by phone? Where will the data be stored--in locked cabinets, or on encrypted hard drives behind locked doors? With whom will data be shared? If you think you might want to share data in the future, have you included a request for permission for future use and sharing with others in the informed consent? If the data may be inspected by government agencies, like the FDA, have you included that information in the consent process?
• How is the data protected? (for example, through encryption, limitations on who can access, legal agreements such as data use agreements, and physical security like storing data behind locked doors and in locked cabinets)?
• Is there significant risk of harm to participants (like criminal penalties) if the data were released? If so, have considered seeking a certificate of confidentiality?
• Sometimes the only identifier linking a participant and the data (like in a survey) is the written informed consent document. If so, is an alteration or waiver of consent indicated to protect confidentiality?