Frequently asked questions relating to the Fair Data scheme and data management.
Fair Data is a quality process standard developed by the Market Research Society (MRS) which is awarded to organisations that meet the Fair Data principles.
The Fair Data mark may only be used by signatories to the Fair Data principles, and only with the permission of MRS.
The Fair Data mark is a consumer facing mark which appears on corporate materials as a guarantee that an organisation meets the Fair Data principles.
The Fair Data principles are based upon the concept of T.R.U.S.T. You can Trust that Fair Data organisations will manage and treat customer data with Respect; that they will use it in an Unbiased and Secure way and will always be Transparent about what they collect about customers and how they use customer data.
Respecting these principles ensures that an organisation's use of personal data is fully compliant with current regulations and codes - and reflects public opinion. The principles support and complement the Data Protection Act, and other standards schemes such as ISOs, the US 'Safe Harbor' Framework and the Data Seal initiative.
All applicants for the Fair Data scheme receive advice from MRS regarding the Fair Data requirements. MRS Company Partners or MRS Client Partners, as organisations that have already signed up corporately to the MRS Code of Conduct and are therefore committed to the Fair Data principles, can automatically become accredited as a Fair Data organisation.
For all other organisations an initial advisory visit by MRS is required. Only if an advisory visit has a satisfactory outcome, can organisations undertake first party assessment to the Fair Data principles. Within the first year such organisations must also undertake an independent third party audit to verify adherence to the principles. The audit must be undertaken by MRS's approved audit and assessment body. Only those organisations that pass the audit may continue to use the Fair Data mark.
All Fair Data organisations will be listed on the Fair Data website: www.fairdata.org.uk
By engaging with organisations that carry the Fair Data mark, customers can be assured that their personal data will be treated with respect, only used for purposes which customers agree to and will be collected and retained in a transparent, legal and ethical manner.
Fair Data is a voluntary accreditation scheme that has been established by MRS to encourage organisations to improve best practice in the collection, use and retention of customer and personal data.
Some organisations may claim that they meet all consumer and personal data requirements, but only those organisations that have achieved the Fair Data accreditation can provide consumers independent verification that they meet their legal and ethical requirements.
The Fair Data principles are set by the MRS Market Research Standards Board (MRSB), the regulator for market, social and opinion research. The MRSB and MRS have consulted widely on the creation of the Fair Data principles including government, other regulators, and business and consumer groups.
The MRS Code of Conduct was established in 1954 with a focus on protecting research respondents and their data. MRS's extensive experience in regulating its Code and advising its members on data issues meant it was ideally placed to create the Fair Data scheme.
The MRS Code of Conduct contains principles and rules which mirror the Fair Data requirements. However, the MRS Code of Conduct is much more extensive as it relates to all aspects of the research process not just data collection and use.
What about areas that the Fair Data principles do not cover that are within the MRS Code of Conduct? How do these relate to Fair Data organisations?
The MRS Code of Conduct not only regulates researchers when collecting customer data it also sets rules on issues such as research design and research reporting. These are essential for researchers but not necessarily for all those that have customer databases. The Fair Data principles concentrate on the issues that are essential for all organisations that own, collect, use and store customer and personal data.
Do organisations have to be either an MRS Company Partner or have MRS members in order to become a Fair Data organisation?
For research organisations it is essential that as there is at least one MRS member within the organisation. For non-research organisations such as clients, organisations without members may sign up to the Fair Data scheme. However for non-member organisations a pre-accreditation advisory visit by MRS is mandatory. Following such visits MRS will produce a report of the outcome of an advisory visit, and only if satisfactory processes, training and procedures are in place will an organisation be awarded the Fair Data mark.
If a complaint is received that indicates the Fair Data principles have been breached, the organisation is obliged to either submit to an investigation or a third party audit. If an organisation has links to MRS the normal MRS complaint and disciplinary procedures will apply, if an organisation has no links to MRS the audit process will apply.
The audit would usually take place within one month of a complaint having been received and organisations must bear the cost of undertaking the audits.
The results of the audit will be used to determine if a breach has occurred and whether the organisation can continue to be accredited as a Fair Data organisation. The result of the audit assessment will be shared with complainants and details of any breaches will be summarised on the Fair Data website.
If an organisation is Fair Data accredited, it can put the Fair Data mark on corporate websites and promotion materials in accordance with the brand guidelines detailed in the Fair Data Promotional Materials Guidelines (currently under development).
MRS produces a number of free resources such as leaflets and brochures, which can be downloaded from the Fair Data website www.fairdata.org.uk
Fair Data is a trademark of MRS. The Fair Data mark may only be used with the express permission of MRS. The MRS brand can only be used by MRS, although variations on it, e.g. the MRS Company Partner mark, are available for use.
The Fair Data mark should be used in communications with consumers and respondents, whereas the MRS brands such as Company Partner are more likely to be used in business to business and corporate brand communications.
My organisation is an MRS Company Partner and a Fair Data organisation, which brand should I be using?
On research materials, training of staff, questionnaire preambles, etc reference must be made to the MRS Code of Conduct and your corporate status as a Company Partner. Supplementary to this, in communications focused on respondents and customers of your clients, your organisation may use the Fair Data brand to inform potential respondents that your organisation also adheres to the Fair Data principles.
Neither. Your data protection obligations include the secure destruction of person data when the purposes for which it has been collected have been fulfilled.
Paper records should be securely shredded on your premises. You should choose a shredder with an appropriate level of security according to the DIN 32757-1 standard.
Alternatively, where you have a high volume of confidential waste you should sub-contract your waste disposal to a specialised company accredited to the BS 8470 standard.
A customer has called wanting to know some information from their customer record. What can I tell them?
You need to be alert at all times to the possibility of "blagging" or "pretexting" - the attempt to obtain personal data through deception, usually by posing as that individual.
Personal data should not be disclosed to callers without first establishing their identity. Even small pieces of information such as the date of direct debits can be leveraged to establish identities, allowing access to further and more sensitive information.
Email marketing is regulated by both the Data Protection Act and the Privacy and Electronic Communications (PEC) Regulations.
Generally, individuals must be given the opportunity to prevent their data being used for direct marketing (direct marketing is a very broad term which encompasses promoting the aims and ideals of an organisation). In regard to email marketing, the basic rule is that you are not permitted to carry out electronic direct marketing unless you received specific consent from the recipient ("opt-in"). This will be the case, for example, where a customer views your website and signs up to receive further information from you.
In addition to an express opt-in, the PEC Regulations also permit a so-called "soft opt-in". This occurs where (a) you have obtained the recipient's details from having previously sold them (or negotiated to sell them) a product or service; (b) your email marketing only relates to the same or similar products or services; and (c) they are given a simple opportunity to opt-out of receiving further information at the time you first collect their details and in all subsequent communications.
Accordingly, you customer data base records will need to be marked or flagged with the relevant marketing preference. If there is no positive agreement to receive marketing information, nor a previous similar customer relationship, then you may to not email them for this purpose.
Our new website can log visitors using cookies and deliver our advertising to them on other sites they visit. Any problems with this?
Since May 2011, the placing or reading or information (such as a cookie) on a users' device requires the permission of the user. You are required to inform the user of the information to be placed on or read from the device and the purposes for which this will be used. The permission (consent) of the user must be indicated by a statement or action, e.g. ticking a box, or continuing to use the site in full knowledge of the consequences of that action. Purely passive consent or offering the ability to refuse in a policy on another page is not sufficient.
Website owners should be clear with users about targeted advertising. Site owners should ensure that trusted third parties (e.g. ad tech businesses) are participating in the EU self-regulatory initiative to enhance transparency and control. At the heart of this initiative is an icon in ads on websites which - when clicked - provides the user with more information and control over targeted advertising. A website owner can also use the icon on its web pages. For further information on this please visit: www.edaa.eu/european-principles
Information for consumers is available from http://www.youronlinechoices.com
A reputable research agency or sample provider will be able to provide you with detailed information on how they recruit their panels and obtain sample. MRS members and Company Partners are required to comply with all relevant national and international legislation and must not use personal data collected illegally by third parties.
I've got some great case studies from recent market research. Can I use them in my marketing materials?
Information from market research reports may be used for other purposes, so long as they do not contain information about identifiable individuals (personal data). Personal data is protected by the Data Protection Act and may only used for the purpose specified at the time of collection. If it is planned or envisaged that case studies containing personal data may be used for marketing, the informed consent of the individuals concerned should be obtained at the time of collection.
The use of information from social media will be limited by a number of legal parameters, including data protection, copyright and the terms and conditions of the platforms themselves. Researchers and marketers should consider carefully the need to obtain consent for use of personal data or permission to use copyright works such as video clips and photographs before the start of data collection, noting that there is no classification "public data" in the Data Protection Act 1998 and literary works, photographs, and video/sound recordings are protected by copyright unless otherwise stated by the author (i.e. are not in the public domain).
I've been called by a company doing a survey about the car I own. How do I know how they will use my information?
Under the MRS Code of Conduct, the general subject and purpose of the survey must be stated at the beginning of the interview. Your responses will be anonymous unless you agree otherwise. Where you are asked for permission to disclose your identity you will be clearly informed about what information will be passed on, to whom and for what purpose(s).
I've spent time answering a survey from one of the brands I buy - then they tried to sell me an upgraded product. What can I do about it?
This is called "sugging" - selling under the guise of research. It is a breach of the MRS Code of Conduct and is also an offence under the Distance Selling Regulations and the Unfair Commercial Practices Directive. If the company in question is an MRS Company Partner or employs MRS members you may complain to MRS. You may also complain to the Office of Fair Trading and Trading Standards.