Key Updates to the IPC s Survey Research Guidelines

Similar documents
PRIVACY POLICY Last Updated May, 2018

Spectrum Wellness Privacy Statement

CEM Benchmarking Privacy Policy

One Sector Community Limited ACN ( OSC ) Privacy Policy

TABLE OF CONTENTS. Page

Throughout this Data Use Notice, we use plain English summaries which are intended to give you guidance about what each section is about.

DATA PROTECTION POLICY THE HOLST GROUP

Radionomy Privacy Policy

Shoutcast Privacy Policy

Privacy notice. Last updated: 25 May 2018

NYSVMS WEBSITE PRIVACY POLICY

Breach Notification Assessment Tool

We may change the privacy notice from time to time by amending this page.

Chess Entries 4 All Website Privacy Policy

Privacy and Cookies Policy

Mobile Application Privacy Policy

Data Processing Clauses

Information Resources, Inc. ( IRI ) Global Privacy Policy Part I. May 25, 2018 Version 0.1 Chief Privacy Officer / Data Protection Steering Committee

We may change the privacy notice from time to time by amending this page.

HF Markets SA (Pty) Ltd Protection of Personal Information Policy

1 About GfK and the Survey What are personal data? Use of personal data How we share personal data... 3

What information do we collect online and how is it used?

Checklist and guidance for a Data Management Plan, v1.0

CURTIS BANKS LIMITED. Privacy Information Notice. curtisbanks.co.uk

ATHLETICS WORLD CUP PRIVACY NOTICE

Registrants must agree to their personal information being used by 3P Learning in accordance with this Privacy Policy before they may register.

Ambition Training. Privacy Policy

GENERAL PRIVACY POLICY

Online Ad-hoc Privacy Notice

Upcoming PIPEDA Changes What is changing and what to do about it

PORTICO PRIVACY NOTICE

Website Privacy Statement

Michael Robinson Associates Limited is committed to protecting your personal information. This policy

The information we collect

Best Practices for Online Privacy Protection

CANADA S ANTI-SPAM LEGISLATION AND REGULATIONS

ADMA Briefing Summary March

Shaw Privacy Policy. 1- Our commitment to you

Deloitte Audit and Assurance Tools

What is cloud computing? The enterprise is liable as data controller. Various forms of cloud computing. Data controller

1.3 Please follow the links below for further information. Where relevant, we have made a distinction between different categories of data subjects:

African Theatre Association (AfTA) PRIVACY POLICY

Whitepaper on EU Data Protection October 2014

Privacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information

Starflow Token Sale Privacy Policy

Our Data Protection Officer is Andrew Garrett, Operations Manager

You may contact The Translation Network by at You may also call The Translation Network at

MASTERCARD PRICELESS SPECIALS INDIA PRIVACY POLICY

Our Privacy Policy. Last modified: December 12th Summary of changes can be consulted at the bottom of this Privacy Policy.

This policy also applies to personal information about you that the Federation collects from any other third party.

It applies to personal information for individuals that are external to us such as donors, clients and suppliers (you, your).

SCALA FUND ADVISORY PRIVACY POLICY

Newsletters We may send out newsletters to our customers providing them with articles and information which we believe may be of interest to you.

PRIVACY POLICY. 1. What Information We Collect

Token Sale Privacy Policy

DATA PROTECTION AND PRIVACY POLICY

Kohelet Policy Forum R.A. Site Legal Terms. What personal data we collect and why we collect it. Comments. Media. Contact forms and newsletter

Attachment B Newtopia Wellness Program and Genetic Testing. The Health Risk Assessment also invites individuals to undergo genetic testing.

What kind of information do you collect, when and how?

About the information we collect We collect and process personal data including but not limited to:-

VISTRA (CYPRUS) LTD. PRIVACY NOTICE

OnlineNIC PRIVACY Policy

Fritztile is a brand of The Stonhard Group THE STONHARD GROUP Privacy Notice The Stonhard Group" Notice Whose Personal Data do we collect?

Registrants must agree to their personal information being used by 3P Learning in accordance with this Privacy Policy before they may register.

WIT Diverse Campus Services Ltd. Data Protection Policy

Personal Data & Privacy Policy Statement

Privacy Policy of the products of Ilves Solutions Ltd and Ilves Valmisohjelmistot Ltd / Ilveshaku

Privacy Policy. Revisions to this Policy. What Information we collect. How do we collect Information?

PRIVACY POLICY OF THE WEB SITE

Jefferies EMEA Privacy Notice

Rowing Canada Aviron. Online Registration System - Protection of Personal Privacy. Policy Statement

CANADA S ANTI-SPAM LEGISLATION: Getting ready for July 1 st, 2014

Checklist: Credit Union Information Security and Privacy Policies

PRIVACY POLICY. Personal Information We Collect

PRIVACY NOTICE Olenex Sarl

Barrie Baydogs Triathlon Club Inc (Baydogs) Privacy Policy

Just-Property Ltd GDPR Client Data Register

It s still very important that you take some steps to help keep up security when you re online:

Data Protection Policy

Data Protection Policy

Plus500UK Limited. Website and Platform Privacy Policy

Argyll Self Catering Privacy Statement 2018

MARKIT LOAN RECONCILIATION USER AGREEMENT

2. What is Personal Information and Non-Personally Identifiable Information?

Proposal for a model to address the General Data Protection Regulation (GDPR)

Social Security Number Protection Policy.

Privacy Policy Effective May 25 th 2018

This Questionnaire contains the Privacy Policy Statement; Part A: General Information of Respondents; and Part B: Consultation Questions.

Privacy Policy of

Embedding GDPR into the SDLC. Sebastien Deleersnyder Siebe De Roovere

NHS R&D Forum Privacy Policy: FINAL v0.1 May 25 th 2018

Disruptive Technologies Legal and Regulatory Aspects. 16 May 2017 Investment Summit - Swiss Gobal Enterprise

NWQ Capital Management Pty Ltd. Privacy Policy. March 2017 v2

We will not transfer your personal data to others except for the specific classes of data transferees as listed in paragraph 3 below.

BIOEVENTS PRIVACY POLICY

Privacy Policy. Full name and contact details (including your contact number, and postal address).

Odyssey Entertainment Marketing, LLC Privacy Policy

Individual Agreement. commissioned processing

As set out in the Hong Kong ID card, or any relevant identification document referred to in 1(g) above.

2. Which personal data is processed by SF Studios and from which source does the personal data originate?

Transcription:

Key Updates to the IPC s Survey Research Guidelines David Weinkauf Policy and Information Technology Officer Office of the Information and Privacy Commissioner of Ontario (IPC) Privacy Professionals Community of Practice May 13, 2015

Outline Background on the survey research guidelines Key updates to the guidelines: Online survey providers Self-hosting Metadata

Background Full title is: Best Practices for Protecting Individual Privacy in Conducting Survey Research Available at: https://www.ipc.on.ca/images/resources/conducting-surveyresearch.pdf Originally published in 1999 Structured according to eight steps involved in conducting survey research Now contains a checklist tool of 45 best practices Updated to address privacy issues raised by the use of new information and communications technologies

Online Survey Providers Offer web-based services and tools for conducting survey research online Afford researchers many conveniences and efficiencies, especially in comparison to their offline alternatives Many provide tiered versions of their services, with different functionality available at different costs Oftentimes this includes a basic version free of charge

Privacy Concerns While convenient and efficient, and oftentimes cost effective, the use of online survey providers raises some privacy concerns In general, there are three privacy issues to consider: 1. online survey providers may allow third parties to track survey participants 2. online survey providers control the terms of service and privacy policy 3. the survey data may be stored outside of Canada

Third-party Tracking Mix of first-party and third-party content in websites has given providers of third-party content or services the ability to track individuals across the Web, e.g., through cookies As a general rule, third-party tracking of survey participants will not be in compliance with the Acts because this collection will have been done on behalf of the institution but without legal justification (i.e., not necessary re s. 38(2)/28(2)) This holds true even in the case where the survey data itself does not involve personal information Accordingly, you should not use an online survey provider that allows third parties to track survey participants

Loss of Control over TOU Most online survey providers offer their services on a take-it-orleave-it basis This does not absolve institutions of their responsibility to ensure compliance with the Acts Also, the online survey provider may decide to update TOU Accordingly, if survey research involves personal information, you should ensure that the TOU is not subject to change without the express written consent of the institution If your survey research does not involve personal information, you should regularly review the provider s TOU to ensure that it has not changed or continues to comply with the Acts

Storage of Data Outside of Canada Although accessed from within Ontario, personal information may be stored outside of Ontario / Canada No legislative prohibition against storing personal information outside of Ontario / Canada However, reasonable measures must be in place to protect the privacy and security of personal information (s. 4 of Reg. 460) Accordingly, you should evaluate the risk of any extraterritorial storage of personal information, taking into consideration: the sensitivity of the information; the laws of the jurisdiction; and available safeguards, including contractual provisions

Self-hosting Self-hosting is when the program that runs the online survey is installed and hosted on your own organization s web servers Option for when you want to conduct survey research online but do not wish to use an online survey provider Advantage is that it avoids the use of online survey providers and so can mitigate privacy concerns associated with their use Disadvantage is that you must have the necessary technical resources to securely install, operate and maintain the survey software and data

Metadata When a survey participant s device or computer connects to an online survey, additional information is automatically passed to the hosting system, e.g., Internet Protocol (IP) address Uniform resource locater (URL) of the resource that referred the participant to the survey any invite codes generated by the survey system This metadata may be used in combination with other information to identify a survey participant Accordingly, when conducting an anonymous survey online, you should ensure that the hosting system does not link or associate metadata with the survey data

Questions?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback