Privacy Procedures

Following these procedures ensures a systematic approach to meet privacy and regulatory compliance requirements for the university.

Sending An Email on the Behalf of a Team or Individual

Before sending an email on the behalf of an individual or a team using an application (such as Maestro or Salesforce), please reference the following checklist.

  • Who will the email appear to come from (individual, team)?
  • Who is the target audience? 
  • How many recipients?
  • What is the context of the email?
  • When will the email be sent?
  • Did you notify the individual or team the email will appear to come from?
    • If so, how were they notified?
    • Did the individual or team document their acknowledgement?
  • After collecting the information listed above, did senior management (or their approved delegate) give and document their approval?
    • How was the approval documented?

Only after securing senior management’s (or their approved delegate’s) approval may the email be sent.

Privacy and Research ISCRa Question Guidance

Question:  Has the organization implemented privacy guidance for research practices within the past year?

Guidance: Research and Privacy at Ohio State

At Ohio State, protecting the privacy of research subjects is driven by regulatory requirements, Ohio State security and privacy frameworks, and the Ohio State Privacy Principles.  Protecting privacy in research at Ohio State includes attention to:

  • Considering research subject privacy in study design;
    • For example, the Ohio State University IRB review application asks researchers to explain aspects of protecting research subject privacy in recruitment, has entire sections devoted to the description of protecting research subject privacy and confidentiality during the study, and ensuring proper HIPAA privacy research processes are followed when needed.
  • Regulatory requirements related to protecting privacy and research;
    • Researchers collecting data from European Citizens need to consider whether the General Data Protection Regulation (GDPR) applies to their research and take steps to comply if needed;
    • Ohio State has information regarding Ohio State and the GDPR as well as template consent language and FAQs related to GDPR and research that researchers can utilize. 
  • Consent form requirements as described in Ohio State’s model consent form;
    • Ohio State’s model consent form for various types of research studies describes consent language needed for privacy and confidentiality. 
    • Researchers should be sure to describe details related to research subject privacy so that the research subject understands how the data will be used, who will see their data, and how their data will be kept secure and confidential.
  • Applying the Ohio State Privacy Principles to all stages of the research overall.
    • Ohio State has developed privacy principles to help guide faculty, staff, and students on the collection, use, and sharing of data.
    • Researchers should be aware of these principles and apply them throughout the process of designing and conducting research.

Research and Privacy in General

Protecting privacy in research is a nuanced topic that is growing and changing and involves several topics:

  • Big data ethics;
  • Proper de-identification;
  • Research subject notice;
  • And more.


There are several resources available regarding protecting privacy, specifically in human subjects research. 

Last updated: May 12, 2022