The following information will help you understand the difference between these frequently misunderstood terms and how better to protect participants' private information.
You do not collect any identifiers (e.g., name, address, telephone number) that link responses to a specific individual. Even you, the researcher, do not know the identity of the respondent.
Data you collect in person (e.g., interviews, video-recording, etc.) can never be "anonymous." If you record a list of codes associated with identifiers (e.g., names), those data are not anonymous.
If a combination of indirect identifiers (e.g., gender, race, age, etc.) could identify a specific individual, particularly with small samples, you should not call your study data anonymous.
When data are not anonymous, participants may experience risk if a breach of confidentiality occurs and their identifiable information is released without their permission.
Direct Identifiers: See here for the 18 personal identifiers designated by HIPAA, as well as a definition of PHI (Personal Health Information).
Indirect Identifiers: Even when you do not collect direct identifiers (see above), a combination other data could reveal an individual's identify, especially with small sample sizes: gender, age, race/ethnicity; size of town, community character (e.g., industrial, agricultural center, suburban, education community, etc.), and general location; characteristics of family structure (size, sex distribution of children, ages, marital evolution); details of personal characteristics or expressions of individuality.
Confidentiality represents an agreement (via informed consent) between you and potential participants that their individual responses and identities will not be disclosed beyond the research team unless they have agreed otherwise (preferably in writing).
You cannot guarantee absolute confidentiality, however, and must inform subjects of this. For example, you cannot control whether members of a focus group share others' information. Or, in the case of a participant complaint, the IRB may need to review data and possibly consult with appropriate University officials (e.g., University Legal counsel). You also must comply with applicable mandatory reporting laws, such as if a participant expresses the intent to harm self or others. Seattle University faculty and staff must also follow FAQ on Updated Title IX Guidance.
Finally, if you transmit data via the internet (e.g., online or email surveys, Skype interviews, etc.), a low risk of a breach of confidentiality exists. You can minimize this risk by encrypting data transmission.
"Privacy" refers to an individual’s control over the extent, timing, and circumstances of sharing personal information (physical, behavioral, or intellectual). You must protect subjects’ privacy during study recruitment and data collection. You also must store data securely to prevent, where possible, identification of individuals.
Privacy pertains to people whereas confidentiality pertains to data; privacy is a right that can be violated whereas confidentiality is an agreement that can be broken.
You may not collect data (words, behavioral observations) without permission if an individual has an "expectation of privacy" (the reasonable expectation that no observation or recording is taking place). An individual would not have an expectation of privacy if engaging in loud conversations or actions on public transit; however, in a classroom or church setting, for example, a person would not expect someone to record notes for research purposes.
Study data: Never gather more data than necessary to answer your research question(s).
Recruitment: With "snowball sampling," provide potential subjects with study information that they can forward to others who may be interested in the study. Potential or actual participants should never give you names/contact information of other potential subjects without their permission.
Informed consent process: Clarify to subjects how their data will be kept confidential, including:
Web-based surveys: (e.g., Qualtrics) Such online surveys can allow for anonymous data collection, but you must disable the feature collecting IP (internet protocol) addresses, in addition to not collecting enough indirect identifiers (gender, age, race, work‐site, etc.) to identify specific individuals, particularly with small, unique populations.
Reporting results: (e.g., in a research article/paper, report, presentation, news release, etc.). No time limit exists on the confidentiality of subject information. You cannot identify subjects without explicit permission, and direct quotes/descriptive information could reveal an individual's identity.