Navigating the Data Protection Minefield

About This Presentation

Title:

Navigating the Data Protection Minefield

Description:

How the Act affects market research. Data Protection Checklist. Questions ... Came into force in October 2001 ... No IID or Freephone must be used ... – PowerPoint PPT presentation

Number of Views:91

Avg rating:3.0/5.0

Slides: 36

Provided by: debrahh

Category:

more less

Transcript and Presenter's Notes

Title: Navigating the Data Protection Minefield

1
Navigating the Data Protection Minefield

Debrah Harding
MRS Director, Standards Policy

2
Agenda

Introduction to the Act
How the Act affects market research
Data Protection Checklist
Questions

3
Introduction to the DPA

Came into force in October 2001
Covers all data collection and processing methods
including audio video computers CATI CCTV
etc.
Awareness required for all processing personal
data

4
Key Definitions

Personal Data any information relating to an
identifiable, living person
Processing obtaining, recording, holding,
transferring, altering,retrieval etc
A living, individual, natural person about whom
data is held

5
Key Definitions

Data Controller a legal or living person that
determines the purposes for which, and the manner
in which, personal data will be processed
Notification requirement for data controllers to
register with the Information Commissioner about
the classes of personal data held

6
Data Controllers

Data controllers have prime responsibility
Clients with customer databases Data controllers

7
Data Controllers

Market research data controllers when
acquire rights to list
create databases from scratch
merge client-supplied lists with survey results
retain data that is linked to an individual
data collected in the name of the agency

8
Key Principles

Must be processed fairly lawfully
Can only be used for the specified and lawful
purposes for which it was collected
Shall be adequate, relevant and not excessive
Shall be accurate and up to date

9
Key Principles

Must not be kept beyond fulfilling the purpose
for which it was collected
Shall be processed in accordance with the rights
of the data subject
Must be kept secure
Shall not be transferred outside the EEA unless
adequate precautions are in place

10
Transferring data

Transferring includes electronic access from
outside the UK to data held in the UK
EEA (EU Norway, Iceland and Liechtenstein) is
okay

11
Transferring data

Other areas must
adequate safeguards - contractually
respondents consent
special arrangements in place (US Safe Harbor)
approval from the EU
Hungary, Switzerland, Canada and Argentina
Australia, Japan and Guernsey - pending

12
Informed Consent

Transparency ensuring individuals have a clear
and unambiguous understanding of the purpose for
collecting data and how it will be used
Consent individual consent to data being
collected and given the opportunity to opt out of
any subsequent uses of the data

13
Informed Consent

Ensuring that it is clearly spelt out to
respondents at the beginning of the interview
that the information collected will only be used
for confidential survey research purposes

14
Informed Consent - Implications

Permission to re-interview must be gained at the
initial interview
If they ask, respondents must be told at an
appropriate point in the interview the source
of their details and/or the name of the data
controller
Web-site privacy notice
Prior permission (opt-in) must be gained before
data is transferred to another agency

15
Informed Consent - Primary Data

Researchers must get respondent permission before
transferring to a third party including
to whom it will be passed
who will see it
what it will be used for

16
The Benefits

Gives weight to the MRS Code
Lends authority and professionalism
Establishes respondent rights as paramount
Informed consent should improve the quality of
the data

17
Market Research Categories
18
Category 1

Classic confidential survey/market research
feedback only to those involved in a specific
project all agree to be covered by the Code
data only used for research purposes

19
Category 2

Classic research with samples drawn from client
databases/other lists notify where individual
has died or is no longer at this address
(without supplying the new address)

20
Category 3

Classic research with client databases used for
sampling feedback by agency to clients of names
of those contacted solely for setting do not
select for research markers on their customer
database

21
Category 4

Classic research with feedback on
complaints/dissatisfaction respondent consents
to complaint details and name to be feedback
(all other responses remain anonymous)

22
Category 5

Classic research with client findings at an
individual level to only be used for research
purposes

23
Category 6

Attributable data collection projects client
receives some or all of the data at an individual
level the data is used for purpose in addition
to or instead of research

24
Category 6 conditions

Respondents must give informed consent and given
opportunity to opt out of any follow-up
activities
Client notification must include addition purpose
Data must be screened (TPS, FPS etc)
No IID or Freephone must be used

25
Data Protection Checklist
26
Notification

Do I need to notify? Probably!
Notification helpline - 01625 545 740
35 a year
Notify purpose data subjects data classes
recipients of the data
Check the notification register - www.dpr.gov.uk

27
Data Protection Checklist

Everyone
Do I have someone responsible for data
protection?
Do my contracts or terms of business cover data
protection?
Does everyone else in the organisation and among
my clients and suppliers know what they are doing?

28
Data Protection Checklist

Agencies
Have I notified and have I notified in full?
How is my data security?
Are my invitations, introductions, consent
wordings, re-interview questions and so on
adequate?

29
Data Protection Checklist