1 / 12

IQCS Data Protection Workshop Scenarios / Answers 12 th November 2009

IQCS Data Protection Workshop Scenarios / Answers 12 th November 2009. Scenario 1. Energy UK has commissioned ABC Research to undertake a quantitative face-to-face survey Sample – customers and lapsed customers

risa
Download Presentation

IQCS Data Protection Workshop Scenarios / Answers 12 th November 2009

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IQCS Data Protection Workshop Scenarios / Answers 12th November 2009

  2. Scenario 1 • Energy UK has commissioned ABC Research to undertake a quantitative face-to-face survey • Sample – customers and lapsed customers • ABC Research has commissioned Fieldwork Unlimited to conduct the in-home interviews • Results will be shared with Mobiles Connect, a third party partner of Energy UK • Pre-screen sample file against Mobiles Connect customer database • Paper-based survey • ABC has commissioned Coding & Analysis Services in the UK and Mumbai to do the data processing

  3. Scenario 1 Points to Consider • What does the contract from Energy UK require (have you got one?) in terms of use of data, security, transfer, etc • Details on destruction and return of sample should be understood • Has Energy UK notified Research as a purpose with ICO • Does Energy UK have permission from customers to disclose personal data to Mobiles Connect • How does the transfer take place • Is there any agreement to prevent the personal information being used for purposes other than screening by Mobiles Connect • What contracts are in place with the fieldwork and data processing agencies • Results shared by Energy UK should be limited to de-personalised data unless consent has been obtained • What else…………….

  4. Scenario 1 Points to Consider • There needs to be a written contract with Fieldwork Unlimited and Coding & Analysis Services as data processors – including any possible processing by C&AS in Mumbai. • Data security is a key issue, plus ensuring that interviewers do not use the client’s customer details for other purposes. • If asked, interviewers must provide respondents with the source of the contact details. • Feedback on “goneaways” must not include new addresses. • Complaints can be fed back – but the client must not use this information for any purpose other than resolving complaints. • The client needs to provide a contact that will deal with these issues. • Outcome of calls can only identify numbers used, not whether they are refusals or not, unless you have consent.

  5. Scenario 2 • Freelance qualitative research recruiter • Holding completed requirement questionnaires at home • Holding details of respondents – notebooks, index cards, database

  6. Scenario 2 Some Points to Consider • If recruiters develop lists of potential respondents, then they will become data controllers and need to adhere to all the principles of the 1998 Act (including Notification and identifying purposes). • Recruiters need to be fully trained in data privacy issues. • Each project briefing needs to include coverage of any DP related factors. • Contracts throughout the research process need to include specific references to handling client owned data – responsibilities for security (and what is necessary); not using the information for other purposes (list building, etc); destruction or return of samples. • Interviewers need to keep personal data secure (to specified standards – the client may be responsible for any breaches) and need advice and guidance on this.

  7. Scenario 3 • US based international client • Commissioned Research The Globe Ltd based in London to do customer satisfaction with PC owners across same and large companies across Europe • Client provided sample (individuals and business, but not always clear which) • Client wants to re-interview some key respondents • Client wants dissatisfied customer identified and traced back to the European service database holding their details – specifically UK, Germany and France. • All interviewing will be conducted from the UK • Client wants to remotely monitor some of the interviews

  8. Scenario 3 Some Points to Consider • USA based company needs to adhere to European legislation (Directive and at national levels) when dealing with EU domiciled customers. • Ensuring that the clients’ European databases are notified, and include market research as a purpose. • The legislation only covers living individuals. Interviews if solely concerned with role rather than person will not be covered (except in Italy). • The client’s identity must be disclosed at some point in the interview if a respondent asks. • If personal data drawn from the survey is to be used for other purposes, such as enhancing a database, then it will be a regulations for non-research categories must be considered. • If this does become a “mixed” project, then the sample files must be screened firstly to exclude all opt-outs for marketing on the customer file, and secondly against Preference Service files (TPS in the UK). • Can’t re-interview for German market unless it’s carried out as a on-research activity. • What else………

  9. Scenario 3 – Some Points to Consider • Transfer of personal data to the USA must conform to one of the required mechanisms – this may need the respondents’ permission within the interview (and for each purposes). • If re-interviews are likely, then this needs to be built into the first interview. It would be better to ask all respondents. • Dissatisfactions could be passed back to the client, but any transfers of data outside of the EEA (e.g., to the USA) must conform to the necessary mechanisms, and may require consent. The client must only use the data for that specific purpose and no other. • The link with Phoenix for monitoring interviews needs to be for confidential survey research purposes only and these conversations should not be recorded in any way. Respondents would need to be advised first and have consented.

  10. Scenario 4 • Central Bank briefed QMR and Co to undertake programme of group discussions about internet banking • QMR want to commission another company to recruit respondents and hold groups in centralised viewing facilities. • Groups recruited from customer list. • Client will attend group. • Client requesting recordings. • Client wants to remain anonymous.

  11. Scenario 4 – Some Points to Consider • Advising respondents about any recording of the proceedings when recruiting, and about the presence of observers. • Normally, bank customers have been asked to opt-in or out of activities such as marketing under the banking code of practice. Whilst there is no requirement to screen out these customers (apart from Category 6 projects), in certain types of research it might be beneficial in terms of customer goodwill to screen out such customers. • Recruiters must be clearly briefed about returning/destroying sample data, and about not miss-using the information for other purposes (list building). • The name of the client company must be disclosed at some point in the research process (recruitment or group discussion) if respondents request the source of the contact details. • What else…….

  12. Information sources • Information Commissioner’s Office • http://www.ico.gov.uk/ • MRS Frequently Asked Questions / Codeline • http://www.mrs.org.uk/standards/faqs.htm • DataGuidance, email alerts and a global data protection and privacy compliance platform. • http://www.dataguidance.com/ • Privacy and Data Protection (PDP) – journal and email • http://www.pdpjournals.com/privacy_data_protection/ • Dechert Legal Update - email http://www.dechert.com/practiceareas/practiceareas.jsp?pg=legal_update&pa_id=39&pn=1

More Related