Today’s talk on Big Privacy and Privacy By Design by Ann Cavoukian was my favourite of the day. She spoke mainly in relation to big data but everything she had to say relates to completely to all aspects of marketing research. She is responsible for the Privacy By Design concept which has seven foundation principles. Here are the principles along with my thoughts on how they relate to traditional research methods.
- 1. Be proactive not reactive: In a research business, many employees have access to personal information. This includes the database team that is responsible for housing information like names, email addresses, and data about children and income. A proactive survey team is one that identifies technical weaknesses that might make the databases susceptible to hacking. A proactive team also includes the project management folks who are there to ensure that survey authors don’t ask questions that could reveal private information or, at least, ensures that if private information must be asked, that responders are aware and this information will be handled with the utmost in care. Everyone is responsible for ensuring that any potential privacy problems are identified and dealt with before they actually become problems.
- 2. Privacy is the default setting. In this area, survey responders should never have to check with a research company to find out if their privacy will be maintained. Their data should be automatically encrypted and stored behind lock and key, as well as anonymized at every possible opportunity. Without asking. Ever.
- 3. Privacy is embedded into the design. Privacy features should never be part of agile programming. It should be planned. If you’re going to build a brand new mobile survey app or website tracking system, privacy features should be planned and built in from day one. Programmers will always tell you that add-on features are far less stable and reliable than planned systems so do it right from the beginning.
- 4. Full functionality such that it is positive sum not zero sum. Marketing research is founded in the trust that our research participants have in us. The more we can prove to them, demonstrate to them, that we are doing our utmost best to maintain their privacy, the better it will be for us and for them. They retain their privacy and are assured that the opinions they share with us will always be confidential. We, on the other hand, make our responders happy thereby retaining them as responders, happy responders, for much longer. Privacy truly is a win win situation.
- 5. End-to-end security. Have you ever tried to unsubscribe from a newsletter, only to have to jump through hoops to find an unsubscribe button and then still try to figure out which email address to type into the unsubscribe box? Well, that is a perfect example of poor design for a departing client. When research participants want to join a panel, leave a panel, see their information, or delete their information, it should be easy and it should be complete. And of course, these processes should be planned and built into the system to avoid bothersome hoops.
- 7. Respect for user privacy. Remember that you would not have a business without the people who answer your surveys or participate in your focus groups. Treat them well. Treat them as you’d wish to be treated. If there are things that you wish you knew about the research process, chances are that your research participants also want to know. So tell them. And tell them nicely.
And on a completely unrelated note, did you know that Ann’s brother is Raffi, a very popular children’s entertainer? When I was a babysitter, putting on a Raffi 'record' was a great way to quiet kids down and get them to bed. The Cavoukian family is certainly accomplished!
Annie Pettit, PhD is the Chief Research Officer at Peanut Labs, a company specializing in self-serve panel sample Annie is a methodologist focused on data quality, listening research, and survey methods. She won Best Methodological Paper at Esomar 2013, and the 2011 AMA David K. Hardin Award. Annie tweets at @LoveStats and can be reached at email@example.com.