24-30 August 2008 is Privacy Awareness Week in Australia and other parts of the Asia Pacific Region, including Canada and Hong Kong. It therefore seemed like an apt time to outline some important considerations regarding privacy and the collection of personal information on forms.
What information is personal?
The term personal information can mean different things in different contexts. For our purposes, however, it's probably sufficient to define it as anything that an individual may not want available to the general public because it is — for them — private and/or sensitive.
Examples of topics that people may consider personal include:
- identifying information (e.g. date of birth or address);
- health and physical characteristics (e.g. weight);
- relationships, marital status and sexual preference;
- political persuasion and views on the government;
- income and socio-economic status;
- cultural background; and
- educational attainment.
Furthermore, whether a topic is considered personal will depend on a number of factors such as the pervading culture, who the information is being shared with and the context in which the information is being shared. For example, a person may feel perfectly comfortable telling a doctor their weight but rather disinclined to share the same information at a dinner party. Similarly, religion is discussed openly in some parts of the world but not others.
Implications of collecting personal information
The inclusion of questions collecting personal information is likely to impact on:
- response rates (will probably go down);
- data quality (will also probably go down);
- collection methodology (e.g. may need to switch from paper form to face-to-face interviewing); and
- legal requirements (e.g. privacy laws will become applicable).
In this article we're going to focus on the legal implications.
Privacy laws differ from country to country and even from one part of a country to another. In Australia any private organisation collecting personal information must abide by a set of National Privacy Principles, or NPPs. The equivalent for government agencies are the Information Privacy Principles, or IPPs (although the recent Australian Law Reform Commission review into the Privacy Act recommends that these two sets of principles be unified).
As Formulate sees it — and keep in mind that we're not lawyers — the Australian Privacy Principles have two main underlying themes:
- Individuals have the right to ownership of, and knowledge about, their personal information.
- Organisations that collect personal information, for whatever purpose, have a responsibility to care for this information and ensure it proper maintenance and use.
We will use these themes to illustrate a number of considerations that often slip through the data collection net.
Traps for young players
Estimating required resources
Organisations that do not have tight information management practices in place often incur an additional cost when implementing privacy provisions.
For example, part 2 of the fourth National Privacy Principle states:
"4.2 An organisation must take reasonable steps to destroy or permanently de-identify personal information if it is no longer needed for any purpose for which the information may be used or disclosed under National Privacy Principle 2."
That is, once an organisation has finished using the data, it should be destroyed.
This in turn means that someone has to be continuously monitoring which forms are in use and arranging for their secure destruction. The process of monitoring and destruction can be managed well if there's a system in place for it, as there often is in larger organisations. For many businesses, however, information management is about not much more than having a file server where everything lives and keeping tax documents for 7 years. In these organisations, there is likely to be a cost associated with meeting the requirements of this clause. Given that there are 9 other National Privacy Principles, each with multiple parts, it's easy to see how costs can add up.
Managing the electronic element
Regardless of how your form is distributed (e.g. on paper or via the web), at some point you're likely to transfer the resulting data into an electronic medium. Paper forms are scanned or data entered — rarely is the physical copy of the form the only place in which the data exists.
The electronic storage of data creates a significant challenge with respect to privacy. This is because electronic data is so readily replicated and stored in different places. Perhaps someone copies the data file so they can work on it at home. Maybe different parts of the organisation use data from different parts of the form. At the very least, it is likely that the data has been duplicated as part of a backup process. The need to appropriate manage personal information is consistent, regardless of where that information is and how many copies or versions there are.
Where is the data?
Another tricky aspect of electronic data is pinning down where exactly it is and thus what laws apply to it. What if your business is in the United Kingdom, with offices in Australia and New Zealand, an Internet Service Provider in the United States and offsite data storage in India?
The lack of clear national borders on the Internet poses many challenges of this nature. At this stage, there are no easy answers but we know that many minds are working on the problem. Watch this space!
When thinking about forms and privacy, it is necessary to critically examine what happens to the form when it is returned to your organisation. But is this the only place that personal information is stored, even temporarily? Think about intermediaries like:
- database and list suppliers;
- mail houses/postal services;
- temporary administrative staff;
- data processing services;
- offsite backup and data storage; and
- software providers.
An intermediary that poses a significant risk — a risk which is often completely overlooked — is the online survey provider. Online survey providers are companies like QuestionPro, MicroPoll and SurveyMonkey.
To run surveys using these web-based tools you will need to provide email addresses for your sample, and maybe other information as well. The online survey provider also collects and stores the data supplied by your respondents. But how much do you know about the privacy practices of these organisations? Is the data kept in a secure location? Does it get destroyed after a period of time? And how secure is the data in transmission between the respondent and the survey provider, and between the survey provider and you?
Don't get us wrong: we think web-based surveys are a great idea. We're also not trying to single out any particular service providers—we only named the three companies above because they are well-known. What we do want to stress is the importance of thinking critically about every point the data passes on its way from the form-filler to you.
Be careful how you use it
The final aspect of the privacy legislation that often trips up newcomers is the first part of the second National Privacy Principle:
"2.1 An organisation must not use or disclose personal information about an individual for a purpose (the secondary purpose) other than the primary purpose of collection…"
Many people do not realise that you cannot collect information for one purpose and then use it for another, entirely different purpose. A common example is a company using customer information to market new products or services. Privacy law is usually the main reason that, in Australia at least, you should be asked to give your consent before any such marketing takes place.
Having said that, a number of exceptions are given (which is why the above quote ended in ellipsis). These exceptions could possibly be interpreted to allow for the use of customer contact information, for example, in customer satisfaction surveys.
Interpretation is the key word here, as often the case when the law is involved. We know of a government agency that, after conducting a customer satisfaction survey, would not pass on positive comments about individual staff that respondents made. The agency's interpretation was that the primary purpose of the survey was obtaining general measures of satisfaction, rather than review of staff performance. As such, the comments about specific staff were secondary and could not be disclosed.
That's it, I'm never going to send out a form again!
The purpose of this article was not to scare you or give the impression that ensuring privacy has to be painful at the organisational and/or individual level. Rather, we hoped to convey that ensuring privacy can be complex and deserves dedicated resources.
It can seem so easy to punch out a quick form and collect some information, especially with the proliferation of low cost (often free) tools to do so on the web. However, we feel it is important to reinforce that there are obligations that come hand-in-hand with the collection of information.
If you are feeling totally lost, we suggest consulting the website of the Australian Privacy Commissioner. It has some great information, much of it in layperson's terms rather than legal jargon. Furthermore, there are special tailored sections for businesses and government agencies.