When It Comes to Marketing Research Privacy and Data Protection, We’ve Got You Covered
When It Comes to Marketing Research Privacy and Data Protection, We’ve Got You Covered
In our last blog, we discussed the importance of including ‘data protection’ as part of your vetting process when considering marketing research vendors.
With the increase in complex data breaches and security hacks, this blog shares our best practices for keeping your data secure, following our earlier guidance on questions for marketing research vendors.
The Basics
- Regularly update and patch all systems to protect against vulnerabilities.
- Implement multi-factor authentication to enhance user access security.
- Conduct routine security audits and vulnerability assessments.
- Establish a clear incident response plan for potential data breaches.
First, we believe it’s essential to implement measures to ensure the data security throughout all process levels, including hosting, security checks, network firewalls, application firewalls, anti-virus, restricted access on public internet, userbase password protected access, and anti-cyber threat software.
IRB’s database is secured through SSL encryption by Symantec (now known as Digicert). IRB has also implemented a structure to minimize the threat of data leak and misuse internally. Access to the database is limited to authorized team members only and there is a formal approval process in place to grant, update, or remove accesses of the individuals based on job roles. Third-party providers are expected to comply with data protection guidelines and have a strong security program in place to avoid any kind of threat against data protection.
Stay on Top of Survey Participant Data Protection
Safeguarding survey participant data is more critical than ever. The trust between market researchers and participants hinges on the assurance that personal information is handled with care and security. Protecting participant data not only maintains the integrity of the research but also upholds the ethical standards essential to our industry.
At IRB, our privacy policy includes survey participants, sharing why data is being gathered, how is it going to be used and with whom it will be shared. Whenever IRB updates our privacy policy, we notify all members through email and dashboard notifications in their Opinion Bureau account. It’s up to the individual to either agree or disagree with the new policy.
IRB seeks consent from panelists and survey participants before allowing them to join a survey panel and participate in online surveys/votes. What’s more, we ask for each individual’s consent every time they participate in surveys that demand personally identifiable information (PII) collection and sharing with a third-party.
The individuals who join IRB panel are the primary owner of their personal identifiable information and related data. They can access, rectify, delete, and unsubscribe with easy steps. Individuals can withdraw their membership at any time by opting out of IRB’s panel. The data is fully deleted once the panelist unsubscribes and we do not make any contact with the person unless they register and go through the signup procedure again.
24/7 Server Log Analysis and Threat Detection
We analyze server logs every 12 hours. Our logs record the number of login attempts to a server, detailing successful logins and the access provided, as well as recording any failed login attempts and whether the system blocked these unauthorized access attempts. In addition to the review of server logs, we have a firewall in place which automatically sends an alert in case of any brute-force attack to direct or ftp bad login attempts with the source information. While a breach is unlikely, if it occurs, we start corrective action immediately.
Get Approved
IRB has appointed a Data Protection Officer (DPO) internally to ensure compliance and we practice thorough internal audits regularly in addition to procuring audit services from TRUSTe [LINK] since 2013 to review our practices. TRUSTe issues a certificate to IRB once their audits and rectifications are completed.
Be Committed 100%
Maintaining a steadfast commitment to data protection is not just a legal requirement but a cornerstone of ethical business practice. As technology continues to advance, so too do the challenges and risks associated with data privacy in market research. Organizations that prioritize data protection demonstrate integrity, earn trust, and safeguard the rights of survey participants worldwide.
IRB is firmly committed to protecting the privacy of survey participants in accordance with international regulations including, but not limited to: The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, GDPR (EU), and ISO. Additionally, we are ISO 27001 certified for our information security management system. At the Industry level, we follow the guidelines of Insight Association, ESOMAR, and MRSI.
IRB’s panel recruitment, data collection, data handling, and data sharing model is designed to ensure the application of privacy and data protection principles in all corporate functions, IT, network infrastructure, and business practices. Our employees are also trained to follow the framework of privacy and data protection in daily activities and we work to develop new and improved processes, products, and procedures on an ongoing basis.
For more information on our data protection and privacy practices, contact us today.