Privacy and data security

Schottler Consulting adopts Australian best practice in the management of

confidentiality and data security in social and market research through the following methods:

 

  • Adherence to Australian research and security standards and principles

 

  • Adoption of research practices which manage consent and confidentially

 

Social and market research CATI survey data collection is accredited to the ISO20252 Market, Opinion and Social Research Standard.

 

Approaches to quality management include:

 

  • Development and approval processes for key elements in research design and services, including in proposals, quotations and survey questionnaires

 

  • Adherence to quality standards for recruitment, appraisal and training of staff

 

  • Verification and checking of field work

  • Independent checking of data analysis and interpretation

  • Back-up, retention and security of data and research records

Data is stored off site in a Tier IV data centre as part of a daily back up schedule. A further encrypted copy of company project data is also stored off site to ensure full redundancy of project data and files.

 

Historical back up records are typically available for around 6-9 months and are automatically replaced.

 

Security updates for file server systems are also updated regularly based on security risks identified by the original equipment manufacturer. This ensures that data is protected at all times. 

All work conducted by Schottler Consulting is designed to comply with the

Privacy Act 1998 and the Australian Privacy Principles under Schedule 1 of the Act.

All surveys and interviews conducted clearly explain how information is collected and stored for the purpose of research to respondents.

This includes explicit identification of the company collecting the information, the purpose of the research, how information will be used and how and approximately when identifiable information will be de-identified.

Respondents are also offered a contact email and/or number for further questions about the research.

Information sheets on research conducted are also made available on request. This outlines the above and identifies how a participant can make a complaint about the research, if desired. 

Australian Privacy Principle 1 - Open and transparent management of personal information

Respondents have the option of not identifying themselves in surveys.

 

For instance, in a children's survey, parents may identify their child by an initial or gender.

 

All surveys are reported at a group level to protect the anonymity of

respondents.

 

In addition, if results are based on only a small sample, we conduct checks or impute values to ensure that results remain anonymous and do not identify respondents.

Australian Privacy

Principle 2 -

Anonymity and

pseudonymity

Only information that is required for research is collected.

Information is not collected unless that information is core to the purpose of the research.

In some cases, demographic or other sensitive data core to the purpose of the research may need to be collected.

 

However, this may be used to better understand the research issue.

 

For children under 18, we seek parental consent to interview children if there is a need to ask questions of a personal or sensitive nature.

Australian Privacy

Principle 3 -

Collection of

solicited personal

information

If we receive information or lists containing personal data that we did not request or agree to receive, we conduct checks with the sender to ascertain if the information has been collected with informed consent.

 

We also ask list suppliers to ensure that reasonable processes have been undertaken to establish that informed consent has been sought to use the person’s information, or if that were not appropriate, we ask for a passive consent process to be performed.

Australian Privacy Principle 4 - Dealing with unsolicited personal information

All survey respondents are notified that their first name and telephone number are temporarily stored to support research conduct, until a de-identification process occurs.

 

This process is approximately 6 weeks after research conclusion.

 

From that point, no identifiable information is stored about the respondent.

 

We will also disclose to respondents on request the source of any lists our company may use for conduct of research, along with the identity of the client, for which the research is being undertaken.

Australian Privacy Principle 5 - notification of the collection of personal information

We do not use information collected from surveys for any other purposes other than conduct of the survey. All information shared with clients who commission projects is de-identified to prevent the identification of individuals.

 

 

All reports are also checked prior to release to clients to minimise the risk of identification of individuals. This includes checking of verbatims and survey data to remove content, as needed, to ensure de-identification.

 

In relation to re-contacting of participants, these are only conducted to improve data integrity – such as through the conduct of soft refusal conversions.

 

Soft refusal conversions are important when research must be conducted in line with scientific guidelines (where a high percentage of the total sample must participate in a survey to ensure data accuracy – e.g., in epidemiological or health surveys).

Australian Privacy Principle 6 -  Use or disclosure of personal information

We do not use any information, contact details or lists for any purpose other than the originally agreed research purpose.

Australian Privacy Principle 7 - Direct marketing

All  project data is stored on password protected servers and computers within Australia.

 

The company has an offsite backup service located in Brisbane data centre and a further backup site, also located in a second physical location.

No project data is located on overseas servers.

Australian Privacy Principle 8 - Cross‑border disclosure of personal information

No identifiers are used. If this occurred in the future, informed consent of respondents would be sought.

Australian Privacy Principle 9 - adoption, use or disclosure of government related identifiers

In surveys, care is taken to ensure that any information gathered is accurate.

 

This is achieved through validation calls to check a random sample of surveys.

 

In addition, interviewers are trained about the need to collect data accurately during interviewer training.

Australian Privacy Principle 10 - Quality of personal information

All servers are only accessible through VPNs, with strictly controlled file and folder permissions.

Access is only available from computers with biometric identification and/or password use and in the case of services, computers must be connected via a password-controlled VPN to access files and folders.

 

If a staff member leaves the company, all access permissions are immediately revoked.

Australian Privacy Principle 11 - Security of personal information

In surveys, respondents are read a statement on survey conclusion that permits respondents the opportunity to call back and have their data changed or removed, as gathered.

 

This also allows respondents to withdraw from the survey, in spite of data already being collected. In such a circumstance, their data is deleted.

 

This however depends on the call being placed prior to data de-identification. The latter takes place around 6 weeks after project completion and is a permanent and irreversible process.

Australian Privacy Principle 12 - Access to personal information

and

Australian Privacy Principle 13 - Correction of personal information

For free tools, tips and social and
market research Q&A visit:
Schottler
Consulting 
Social and Market Research
Knowledge Centre 

Screen Shot 2019-09-11 at 12.48.09 pm.pn
  • Twitter

Schottler Consulting Pty Ltd 2019