Research data, particularly when containing information about human subjects such as protected health information, may have to be anonymized or safeguarded in very specific ways, such as using best practices for data security, in order to maintain privacy restrictions.
The Family Educational Rights and Privacy Act (FERPA) and the Health Insurance Portability and Accountability Act (HIPAA) are the most commonly used federally mandated privacy policies. FERPA is a Federal law that protects the privacy of student education records; HIPAA is responsible for protecting the privacy of individually identifiable health information. Institutional Review Boards (IRBs) must approve any research activities involving human subjects, in part to ensure that these privacy policies are being adhered to.
The use of data deidentification by removing all protected health information, as specified under HIPAA, is a way to ensure data privacy.
Chapter 3 (The Protection of Human Subjects) from the Office of Science Integrity’s Introduction to the Responsible Conduct of Research provides an overview of many of the policies and regulatory bodies related to data privacy.