privacy issues in market research duane l. berlin, esq. general counsel, casro principal, lev &...
TRANSCRIPT
Privacy Issues In Market Research
Duane L. Berlin, Esq.
General Counsel, CASRO
Principal, Lev & Berlin, P.C.
PL&B Annual
ConferenceCambridge, MA
22 August 2007
Lev & Berlin, P.C.
We’re the people who ring you at dinnertime
Quantitative – surveys
Qualitative – focus groups
Data collection methods
In-person — door-to-door; mall intercept; focus group facility
Telephone
Fax
Internet
Anonymous random samples
Third-party lists
Anonymity is a fundamental principle
Industry standards and ethical codes of conduct predate most privacy laws
Anonymity and data quality go hand in hand
Personal information stripped from data files
Responses reported in aggregate to research sponsor
Anonymity is a fundamental principle
Respondents’ personal data may be disclosed to research client or third parties when:
Respondents consent
Information is used only for research purposes (e.g. no direct marketing)
Telephone response rates falling precipitously
Consumers bombarded with unsolicited calls to their homes
In response, Do Not Call laws and registries established in several countries
Most of them do not apply to survey research, but public often does not make distinction between survey research and telemarketing
Telephone research becoming more expensive to conduct
Internet-based research growing rapidly
Fast and inexpensive compared to other methods
Most online research conducted with “access panels”
Consumers opt-in to receiving periodic emails from research firm, inviting them to complete surveys
Panel members rewarded for their time (e.g. cash, points, prize draws)
Example of panel research recruitment website
Link to Privacy Policy should be on every page.
Site should use SSL encryption
Panels and privacy
Panel research firms collect and retain personal data (e.g. contact details and profile information)
Recruiting new panel members may be challenging in the future
Spam, phishing, spyware and online identity theft are causing consumers to be wary about submitting personal data at websites
Panels and privacy
To counter the threats posed by Internet scams, panel research firms must demonstrate their trustworthiness to current and prospective panellists
Participation rates in online surveys can be quite high if panel is managed well, including attending to privacy concerns
Client-supplied lists
Customer or employee satisfaction research often conducted using lists provided by client
Does your organisation’s privacy policy permit disclosures of personal data to service providers for market research purposes?
Excerpt from Telus Privacy Code
We may disclose a customer's personal information to:
A company or individual employed by TELUS to perform functions on its behalf, such as research or data processing;
Any such disclosure of a customer's personal information outside of TELUS is made on a confidential basis with the information to be used only for the purpose for which it was disclosed.
Client-supplied lists
Some respondents ask, “how did you get my name and number?”
Discuss with your research partner how these requests will be handled
Respondents may have a legal right to know, but revealing the name of the survey sponsor at the start of the interview could introduce bias
Client-supplied lists
Most clients rely on opt-out consent for sharing their customers’ personal data with research suppliers
Opt-in consent strongly recommended for sharing customers’ email addresses, owing to spam complaints
Even better, if possible, clients should issue the survey invitation emails to their customers
Good example of client obtaining opt-in for research
In this example, TNS is sending survey invitations from its domain to a client-provided list of email addresses
From: TNS on behalf of CLIENT <[email protected]>
To: Rebecca Smith <[email protected]>
Subject: Complete CLIENT’s survey and receive a reward for your time
Date: Wed, 6 Jun 2007 10:51:10 -0500
Sending survey invitation emails
In this example, Research Firm X is sending survey invitations from its domain, but spoofs the From address
From: CLIENT <[email protected]>
To: Rebecca Smith <[email protected]>
Subject: Complete CLIENT’s survey and receive a reward for your time
Date: Wed, 6 Jun 2007 10:51:10 -0500
Sending survey invitation emails
Spoofing is not in anyone’s interest
• Major ISPs all use authentication systems to combat spamming and phishing
• Sizeable proportion of spoofed emails are routed to users’ junk mail folders, or carry warning messages, or are not delivered at all
Questions to ask your research vendors
Which industry trade associations they belong to
If they participate in privacy certification programs (e.g. TRUSTe, IAPP’s CIPP) and privacy audits
The URL of their panel recruitment website — review the privacy policy
Whether they are on ISPs’ whitelists and adhere to industry best practices for sending emails
In addition to the standard privacy compliance questions that you ask your market research vendors, find out from them:
Further Information:
Duane L. Berlin, Esq.Lev & Berlin, P.C.
Phone: (203) 838-8500Fax: (203) 854-1652
Email: [email protected]