There are multiple ways in which study participant privacy and confidentiality should be protected throughout the life of a project. Protective measures can be described in the Data Management and Sharing Plan (DMSP), including informed consent procedures, data de-identification procedures, and plans to respect applicable federal, Tribal, state, and local laws, regulations, and policies.
For data involving human subjects, DO NOT deposit or share data that contains personal identifiers, or that can be re-identified based on triangulation or other methods. If you plan to share a subset of data that originally contained PII (personally identifiable information), outline how you will undertake to de-identify the data and prevent re-identification in your Data Management and Sharing Plan (DMSP). Data de-identification plans are ultimately the responsibility of the Primary Investigator (PI).
This image, based on DataONE's Data Lifecycle, shows the data confidentiality, de-identification, and legal and regulatory considerations surrounding research data sharing and re-use, and the key points in research projects when these considerations should be addressed.