Privacy and data security
Schottler Consulting adopts Australian best practice in the management of
confidentiality and data security in social and market research through the following methods:
Adherence to Australian research and security standards and principles
Adoption of research practices which manage consent and confidentially
Social and market research CATI survey data collection is accredited to the ISO20252 Market, Opinion and Social Research Standard.
Approaches to quality management include:
Development and approval processes for key elements in research design and services, including in proposals, quotations and survey questionnaires
Adherence to quality standards for recruitment, appraisal and training of staff
Verification and checking of field work
Independent checking of data analysis and interpretation
Back-up, retention and security of data and research records
Data is stored off site in a Tier IV data centre as part of a daily back up schedule. A further encrypted copy of company project data is also stored off site to ensure full redundancy of project data and files.
Historical back up records are typically available for around 6-9 months and are automatically replaced.
Security updates for file server systems are also updated regularly based on security risks identified by the original equipment manufacturer. This ensures that data is protected at all times.
All work conducted by Schottler Consulting is designed to comply with the
Privacy Act 1998 and the Australian Privacy Principles under Schedule 1 of the Act.
Australian Privacy Principle 1 - Open and transparent management of personal information
All surveys and interviews conducted clearly explain how information is collected and stored for the purpose of research to respondents.
This includes explicit identification of the company collecting the information, the purpose of the research, how information will be used and how and approximately when identifiable information will be de-identified.
Respondents are also offered a contact email and/or number for further questions about the research.
Information sheets on research conducted are also made available on request. This outlines the above and identifies how a participant can make a complaint about the research, if desired.
Principle 2 -
Respondents have the option of not identifying themselves in surveys.
For instance, in a children's survey, parents may identify their child by an initial or gender.
All surveys are reported at a group level to protect the anonymity of
In addition, if results are based on only a small sample, we conduct checks or impute values to ensure that results remain anonymous and do not identify respondents.
Principle 3 -
Only information that is required for research is collected.
Information is not collected unless that information is core to the purpose of the research.
In some cases, demographic or other sensitive data core to the purpose of the research may need to be collected.
However, this may be used to better understand the research issue.
For children under 18, we seek parental consent to interview children if there is a need to ask questions of a personal or sensitive nature.
Australian Privacy Principle 4 - Dealing with unsolicited personal information
If we receive information or lists containing personal data that we did not request or agree to receive, we conduct checks with the sender to ascertain if the information has been collected with informed consent.
We also ask list suppliers to ensure that reasonable processes have been undertaken to establish that informed consent has been sought to use the person’s information, or if that were not appropriate, we ask for a passive consent process to be performed.
Australian Privacy Principle 5 - notification of the collection of personal information
All survey respondents are notified that their first name and telephone number are temporarily stored to support research conduct, until a de-identification process occurs.
This process is approximately 6 weeks after research conclusion.
From that point, no identifiable information is stored about the respondent.
We will also disclose to respondents on request the source of any lists our company may use for conduct of research, along with the identity of the client, for which the research is being undertaken.
Australian Privacy Principle 6 - Use or disclosure of personal information
We do not use information collected from surveys for any other purposes other than conduct of the survey. All information shared with clients who commission projects is de-identified to prevent the identification of individuals.
All reports are also checked prior to release to clients to minimise the risk of identification of individuals. This includes checking of verbatims and survey data to remove content, as needed, to ensure de-identification.
In relation to re-contacting of participants, these are only conducted to improve data integrity – such as through the conduct of soft refusal conversions.
Soft refusal conversions are important when research must be conducted in line with scientific guidelines (where a high percentage of the total sample must participate in a survey to ensure data accuracy – e.g., in epidemiological or health surveys).
Australian Privacy Principle 7 - Direct marketing
We do not use any information, contact details or lists for any purpose other than the originally agreed research purpose.
Australian Privacy Principle 8 - Cross‑border disclosure of personal information
All project data is stored on password protected servers and computers within Australia.
The company has an offsite backup service located in Brisbane data centre and a further backup site, also located in a second physical location.
No project data is located on overseas servers.
Australian Privacy Principle 9 - adoption, use or disclosure of government related identifiers
No identifiers are used. If this occurred in the future, informed consent of respondents would be sought.
Australian Privacy Principle 10 - Quality of personal information
In surveys, care is taken to ensure that any information gathered is accurate.
This is achieved through validation calls to check a random sample of surveys.
In addition, interviewers are trained about the need to collect data accurately during interviewer training.
Australian Privacy Principle 11 - Security of personal information
All servers are only accessible through VPNs, with strictly controlled file and folder permissions.
Access is only available from computers with biometric identification and/or password use and in the case of services, computers must be connected via a password-controlled VPN to access files and folders.
If a staff member leaves the company, all access permissions are immediately revoked.
Australian Privacy Principle 12 - Access to personal information
Australian Privacy Principle 13 - Correction of personal information
In surveys, respondents are read a statement on survey conclusion that permits respondents the opportunity to call back and have their data changed or removed, as gathered.
This also allows respondents to withdraw from the survey, in spite of data already being collected. In such a circumstance, their data is deleted.
This however depends on the call being placed prior to data de-identification. The latter takes place around 6 weeks after project completion and is a permanent and irreversible process.