Privacy

For some groups and some subjects privacy will not be an issue. But because story projects often delve into deeper and more emotional areas than surveys about favorite fast foods, chances are you will need to think about how you will reassure people that their privacy will be respected.

For most story projects it is important to think carefully about the privacy policy you will create, to communicate the policy with the people you are asking to contribute, and importantly, not to change your policy after story collection has started. Usually you will be able to summarize your policy in a few sentences, and you should place these sentences in every communication with respondents to head off questions and problems.

There are four essential aspects to privacy in a story project: collection, identification, distribution, and review.

What will be collected?

In a typical story project you collect stories and answers to questions about them. It is possible, however, if the topic is so sensitive that you won't be able to get results in any other way, to collect information about stories without collecting the stories themselves. There are two ways to do this:

1. Ask people to tell stories to an interviewer or group and answer some questions about them, but record only the answers and not the stories. The stories will exist only in the memory of the interviewer or group, but the answers to the questions will remain, and patterns in these may be helpful to your project.
2. Ask people to think of a story but not tell it, then answer some questions about it. This method protects the storyteller completely since nobody hears the story at all. It is slightly dangerous however in that the resulting answers may not be truthful, if for example your storytellers are not very enthused about participating. If you are conducting interviews in person it may be possible to discern whether people are answering truthfully or not.

Will storytellers be identified and if so how?

There are two ways for stories to be dangerous: dangerous for you to hear, and dangerous for other people to hear.

If telling the story you need to hear will get people in trouble with you (i.e., you are in the government or you are their employer), you have three choices:

1. retain all identifying information (and get much less than the truth)
2. ask a third party to retain identifying information and only allow you access under particular circumstances and with particular safeguards in place to protect privacy (and get some of the truth)
3. retain no identifying information (and get the most truth you can get)

By giving up information useful for one purpose (like finding people who did things) you can often get information useful for another purpose (like understanding why people do things). For example, if you wanted to know why people stole things from store shelves you might ask people to tell stories about times they'd stolen and gotten away with it. Obviously if you asked them to give your their name and address you wouldn't get much of value, so you might have to give up the ability to track down admissions of guilt in order to better understand motivations and prevent thefts in the future.

If telling the story you need to hear will get people in trouble with other people (i.e., the stories are about people who may not be happy to have the story told), you have more choices:

1. retain and publicize all identifying information (and get much less than the truth)
2. retain but don't publicize identifying information (and get some of the truth)
3. ask a third party to retain identifying information and only allow you access under particular circumstances and with particular safeguards in place to protect privacy (and get more of the truth)
4. retain no identifying information (and get the most truth you can get)

Which of these levels of protection you give people depends on the goals of your project, what you want people to talk about (your focus) and whom you will be asking to speak.

If you don't collect identifying information, how will you make sure people will not be able to be identified as individuals? If you invite specific people to group sessions or send emails to specific people, you can't very well forget who they are, but you can disassociate any stories they tell and questions they answer from identifying details. For example, if you hold a group session, you can record the session but destroy the tapes after anonymous transcripts have been created. If you elicit responding emails, you can copy the information from the emails, paste it into a text file or spreadsheet, remove any identifying details, and delete the original emails. In this way you can reassure your storytellers that nothing they say will be connected to their name.

Related to this issue is that of web security. If you are asking for information through email or on a web form, how will you assure people that the email or web communication will not be intercepted? Some online survey taking services offer secure connections, which can help (though people may still have misgivings). Email cannot easily be made secure, so I don't recommend using it if your topic is especially sensitive or your group of people is especially wary. Phone or in-person meetings and interviews avoid this problem.

How much non-identifying (but still personal) information will you need to gather about the people who tell stories? Typically age and gender is important, but you may need to know other things like ethnic background, nationality, location, and other things. It's usually best to keep the list as short as possible. Try making the case for why you need each piece of information, and if you can't make a convincing case, don't collect it. Also, it is usually best to offer a "Decline to answer" option for all such information.

To whom will solicited information be distributed?

For some projects you will only need to have a few people read contributed stories and answers to questions. For others you will be distributing collected stories very widely, perhaps to the whole web. In general the more widely you will be distributing stories the more carefully you should review each piece of information you gather about the storyteller to think about who should have access to it. There are many partial solutions; for example, you might know the ages and genders and nationalities of storytellers, but you may post only the stories on a community site.

Will storytellers be able to review and change their information?

Another way to reassure storytellers, if you plan to incorporate their stories into a resource that is shown to other people, is to allow them to review and change their contributions after the initial storytelling session or interview. Giving people a chance to go back and review their statements, and possibly to remove things they feel they should not have revealed on later reflection (no questions asked), will help them to open up in the first place. Of course, offering such an option may be technologically difficult, and it will require that you hold on to information about individuals (so that you can show them what they said again). But often people who will not be willing to participate under any other conditions will agree to contribute if they have the right to review, edit and delete entries.

For further reading

I've found guidelines for oral history projects to be very useful in understanding the issue of privacy in listening to people telling stories. Type "oral history privacy guidelines" into a search engine and you'll find lots of good information on this topic.