For example, if I. is performing a survey on the web and does not collect identifying information in the on-line questionnaire, does not retain the IP addresses of the client machines in the log files, nor use cookies, then one can make the case that data is being collected anonymously. [...] There are a number of situations where permanent anonymization of data in the research database would create practical difficulties, for example: • If each S. needs to come back to the study site for multiple visits, then it is important to match the S. with their record in the research database at each visit. [...] A code is attached to the research database and the same code is used to link with the identifying database. [...] This is most suitable if a third party will hold the linking database to ensure that the records in the research database cannot be re-identified by any of the participants in the study. [...] It should be noted that in none of the cases that were covered during the interviews was it reported that the data was encrypted in the research database.