Question

A researcher wants to do a web-based survey of college students to collect information about their sexual behavior and drug use. Direct identifiers will not be collected; however, IP addresses may be present in the data set. Risk of harm should be evaluated by:

Solely by the probability of expected harm.


Both the magnitude (or severity) and the probability (or likelihood) of harm.


Solely by the magnitude or severity of expected harm.


Neither the magnitude or probability of harm.

Answer 1

The correct answer is: "Both the magnitude (or severity) and the probability (or likelihood) of harm."

When evaluating a particular risk, it is important to consider 2 factors:

• The probability of the occurrence of the event.

• The magnitude of the effects produced by the occurrence of the event.

In this case, the probability of a person's identity to be leaked in the survey, regardless of the absence of direct identifiers, should be analyzed and determined. As well as the potential impact of the harm produced to the individual if the information regarding his or her identity were to be leaked.