What must a researcher do if sensitive data is compromised through theft?

When sensitive data is compromised through theft, it is essential for the researcher to report the incident to the Institutional Review Board (IRB) promptly. This action is correct because the protection of participant data is a fundamental ethical obligation in research involving human subjects. Reporting the incident allows the IRB to assess the situation, provide guidance on how to mitigate any potential harm to participants, and ensure that appropriate measures are taken in response to the breach.

The IRB plays a crucial role in overseeing the ethical conduct of research, including the safeguarding of sensitive data. Prompt reporting helps maintain trust in the research process and protects the rights and welfare of participants, which is a primary responsibility of the researcher. Additionally, it allows the board to determine if further actions or modifications to the study are necessary to prevent future breaches.

In contrast, ignoring the incident or delaying the report undermines the ethical standards of research and could lead to greater risks for affected individuals. Performing a risk assessment before reporting may delay necessary actions that should be taken immediately to protect participants. Waiting for the next scheduled IRB meeting to report could be inappropriate, especially if the breach poses urgent risks to participant confidentiality and well-being.