14
possible actions. This can include the REB requiring a halt to research activities. For the same
reasons that benefit is hard to calculate in ICTR, determining what could constitute a “serious
adverse event” in the ICTR context is unclear.
In anticipation, researchers should consider preempting the escalation of realized harms by
notifying affected parties or otherwise engaging mitigation actions. To that end, researchers
should develop mitigation procedures and checklists, such as a contact list of parties to notify,
if such unintended consequences ensue. Other potential harms that are reasonably foreseeable
may have a low probability of occurring, but have a high impact. Researchers should anticipate
such worst-case scenarios and make appropriate preparations to respond in a manner and scope
that shows due diligence on the part of the researcher. It may be necessary and prudent to
involve the researchers’ own institutional risk management and oversight authorities and media
relations in addition to the REB.
ICTR may involve records containing sensitive data about individuals, evidence of crim-
inal activity, or that could potentially cause disruption to millions of computers around the
world. ICT researchers must be aware of these harms as not only primary risks, but also sec-
ondary, collateral risks (e.g., to customers of primary data subjects or computer owners) and
be prepared to responsibly inform affected stakeholders. In many cases, it is impracticable to
notify all affected individuals, but it may be feasible to notify service providers or other enti-
ties who have the authority and capability – derived from their relationship with the affected
stakeholders – to mitigate harm. A mitigation strategy should admit the variance in capacity
and/or willingness of the notified entity to understand and act on the notification.
Research records that identify individuals pose a risk of disclosure as long as those records
exist, and may fall under REB oversight because of the risk posed. Researchers should be
prepared to continually protect these records for as long as those records exist and are under
researchers’ control. Upon completion or termination of approved research activities (allowing
for a reasonable retention period approved by REBs in order to satisfy obligations of scientific
reproducibility), the risky data should be destroyed. If records are maintained, the data should
continue to be protected at the same level as was implemented during research under the same
REB-approved mechanisms.
C.4 Justice: Fairness and Equity
In the Belmont Report, the principle of Justice is applied through fairness in the selection of
research subjects, and equitable distribution of the burdens and benefits of research according
to individual need, effort, societal contribution, and merit. Fairness should guide the initial
selection of the subjects, as well as the apportionment of burdens to those who will most likely
benefit from the research. Research design and implementation should consider all stake-
holders’ interests, although conflicting interests may render equal treatment impracticable. In
the ICTR context, this principle implies that research should not arbitrarily target persons or
groups based on attributes including (but not limited to): religion, political affiliation, sexual
orientation, health, age, technical competency, national origin, race, or socioeconomic status.
Neither should ICTR target specific populations for the sake of convenience or expediency.
It is important to distinguish between purposefully excluding groups based on prejudice or
bias versus purposefully including entities who are willing to cooperate and consent, or who are
better able to understand the technical issues raised by the researcher. The former raises Justice
concerns, while the latter demonstrates efforts to apply the principles of Respect for Persons
and Beneficence and still conduct meaningful research. All researchers have an obligation
to not exclude/include individuals or groups from participation for reasons unrelated to the