DataQ Logo
A collaborative platform for answering research data questions in academic libraries

If a student assistant signs a confidentiality agreement but does not stick to it and causes leakage of sensitive data, who is formally responsible for the data leakage, the researcher or the student?

Erica.Johns's picture
Responsibility for such an occurrence would depend on the policies and documentation present at the institution. In general, a confidentiality agreement specifies the authority of the signatories and should articulate the ramifications of any breach of contract. A few suggestions for local institutional contacts would be the IRB office (if data are being collected) and the research compliance or information security office; another option is to review the data use contract (if the data are being provided by an external entity, the initial contract with the provider should say who's ultimately responsible). DataQ is not able to provide any more specific information due to the wide variety of policies and practices across institutions.