10 Privacy Tips for Market Researchers
This week one of our sample suppliers said “no” when we asked if we could re-contact respondents for a purpose other than our original request. Good thing I asked, and you know what? I’m glad they said no. I want suppliers to think carefully about seemingly simple requests, and to point out ways in which our actions might violate agreements they (and we) have with our research respondents.
The Facebook and Cambridge Analytica scandal is a reminder that we in the market research industry need to refresh our thinking about data privacy obligations. And we need to re-emphasize within our teams and among our colleagues how important data privacy is. Most importantly, there are specific things we need to do, and processes we need in place.
Not sure where to begin, or how to amp up efforts to ensure the privacy of your research respondents? Here are ten things you can and should be doing right now:
1. Do not ask for PII (personally identifiable information) unless you absolutely need it.
2. Have a privacy policy that spells out your commitment to clients and research respondents, with information about whom to contact with concerns.
3. Do not share data unless respondents give consent and unless privacy agreements with others are in place.
4. Avoid email to transmit PII even for simple information like names; set up a simple protocol for encrypted transfers instead.
5. Obtain consent from research respondents for everything you will do with data, including how it will be used, for what purposes, and with whom it will be shared.
6. Never FRUG or SUG or otherwise misrepresent the real purpose of research and how it will be used, no matter how much your sales managers beg for it.
7. Read the IA Code of Standards and Ethics for Market Research and Data Analytics, and the AAPOR Code of Ethics, as well.
8. Restrict access to data on a project-by-project basis so that only specific staff with need-to-know job responsibilities have access to PII.
9. Strip out identifiers in working datasets, with PII-only data held in separate (secured) data files that are keyed to your working datasets.
10. Ask permission of managers, colleagues, and vendors if ever in doubt about what you are doing with respondents or their data.