When It Comes to Marketing Research Privacy and Data Protection, We’ve Got You Covered

In our last blog, we discussed the importance of including ‘data protection’ as part of your vetting process when considering marketing research vendors. Especially now, as data breaches and security hacks continue to increase in frequency and complexity. While we previously provided considerations and key questions to ask potential marketing research vendors, in this blog we’re bringing you the vendor perspective by sharing our best practices in keeping your data secure.

The Basics

First, we implement measures to ensure the data security through hosting, security checks, network firewalls, application firewalls, anti-virus, restricted access on public internet, userbase password protected access, and anti-cyber threat software. IRB’s database is secured through SSL encryption by Symantec (now known as Digicert).

IRB has also implemented a structure to minimize the threat of data leak and misuse internally. Access to the database is limited to authorized team members only and there is a formal approval process in place to grant, update, or remove accesses of the individuals based on job roles. Third-party providers are expected to comply with data protection guidelines and have a strong security program in place to avoid any kind of threat against data protection.

For Survey Participants, Too

The IRB privacy policy shares why data is being gathered, how is it going to be used and with whom it will be shared. Whenever IRB updates our privacy policy, we notify all members through email and dashboard notifications in their Opinion Bureau account. It’s up to the individual to either agree or disagree with the new policy.

IRB seeks consent from panelists/survey participants before allowing them to join a survey panel and participate in online surveys/votes. What’s more, we ask for each individual’s consent every time they participate in surveys that demand personally identifiable information (PII) collection and sharing with a third-party.

The individuals who join IRB panel are the primary owner of their personal identifiable information and related data. They can access, rectify, delete, and unsubscribe with easy steps. Individuals can withdraw their membership at any time by opting out of IRB’s panel. The data is fully deleted once the panelist unsubscribes and we do not make any contact with the person unless they register and go through the signup procedure again. IRB also provides 24/7 help desk support to panel members.

We’re Always Watching

We analyze server logs every 12 hours. That tells us how many successful login attempts were made to a server or access provided through a service as well as if there are any bad attempts and whether the system blocked the or allowed the access. In addition to the review of server logs, we have a firewall in place which automatically sends an alert in case of any brute-force attack to direct or ftp bad login attempts with the source information. While a breach is unlikely, if it occurs, we start corrective action immediately.

And We’ve Got the Paperwork to Prove It

IRB has appointed a Data Protection Officer (DPO) internally to ensure compliance and we practice thorough internal audits regularly in addition to procuring audit services from TRUSTe since 2013 to review our practices. TRUSTe issues a certificate to IRB once their audits and rectifications are completed.

Bottom Line: We’re Committed 100%

IRB is firmly committed to protecting the privacy of survey participants in accordance with international regulations including, but not limited to The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, GDPR (EU) and ISO. At the Industry level, we follow the guidelines of Insight Association, ESOMAR, and MRSI.

IRB’s panel recruitment, data collection, data handling, and data sharing model is designed to ensure the application of privacy and data protection principles in all corporate functions, IT, network infrastructure, and business practices. Our employees are also are trained to follow the framework of privacy and data protection in daily activities and we work to develop new and improved processes, products, and procedures on an ongoing basis.

For more information on our data protection and privacy practices, contact us today.